Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

68f83ada2d...3N.exe

windows7-x64

9

68f83ada2d...3N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68f83ada2d1a3dc479fce02323b167fd6d92f7822e40c7b837300852c3778043N.exe

  • Size

    80KB

  • MD5

    e1795997bfcee5c61ef9af8e383b25b0

  • SHA1

    dc46f0760e6c0efe2e450a4328af85e0ffbef952

  • SHA256

    68f83ada2d1a3dc479fce02323b167fd6d92f7822e40c7b837300852c3778043

  • SHA512

    34b1167baf71f418601aad320fd309113c1dc0c2bbcea55502e81f4948eed2ef3c94cf84061b4765e913bb38072469d31ad65965aebc5d770a119e897dc92eac

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBYMsV:/7ZQpApze+eJfFpsJOfFpsJ5DecO

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3158) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\68f83ada2d1a3dc479fce02323b167fd6d92f7822e40c7b837300852c3778043N.exe
    "C:\Users\Admin\AppData\Local\Temp\68f83ada2d1a3dc479fce02323b167fd6d92f7822e40c7b837300852c3778043N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    80KB

    MD5

    669e8ef55ebf69831bd5249c5457d6d3

    SHA1

    2e03f62dfe699ae60c90273d51162ed907674fea

    SHA256

    9db87a0aabe80b6daac1213169f29edd5a75a352957d9a45989c810cf586564a

    SHA512

    237889e48bf9bdfb0ba0da75002717d9c324f6ae2e2cffe46f18bd70d173eb51dd1ce2423e35f249d43b1a9d2385634503ce4260a72c7a03cb6ac3a6dffc7b68

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    89KB

    MD5

    3a2fa09a900480d578f6c244adea2f6f

    SHA1

    b88661e40afe26080a8e595761e2d449df81d8ba

    SHA256

    1fd99ce2c624487e9f1b765de387a2b36279399fa7a4be43e5cb594d3931b226

    SHA512

    1386082fe81797bb7557661a72d16a6edf14d6e46e711a585a11de04c50ffbd38e5e083eb325f695b1ee7273ee0834b08308b2eb70f9ef3c5977463c7b6bb6e6

    Download Submit

  • memory/2032-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2032-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download