Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 03:17

General

  • Target

    06f7892ea6bea5be615ed9454f5beadff6526648486615117c4a0b7377f56c28N.exe

  • Size

    61KB

  • MD5

    ce7356ca32b462082067b74c220102f0

  • SHA1

    a62a4dbd4343b4c76aed07c510d3a586566cd94b

  • SHA256

    06f7892ea6bea5be615ed9454f5beadff6526648486615117c4a0b7377f56c28

  • SHA512

    d97bb779ad69a5a148baf386e51753b8afd7e63b8e92b5bb9b814d326dcb42338128ef6e9eb2986311fb92dfb354bedef52e1c32a50e83c527aa4f9de95e0d20

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Hx3R9pi1xOR9pi1xNXVA:V7Zf/FAxTWoJJ7Th9ko9khFw

Malware Config

Signatures

  • Renames multiple (4615) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\06f7892ea6bea5be615ed9454f5beadff6526648486615117c4a0b7377f56c28N.exe
    "C:\Users\Admin\AppData\Local\Temp\06f7892ea6bea5be615ed9454f5beadff6526648486615117c4a0b7377f56c28N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    e319177bef1b9b39fddfba151d37ed09

    SHA1

    5c2aa81dd944575a3f3f1e30c80e7eb014ef4bb3

    SHA256

    b330180f8a49244f1d3492584a2772bd14c2314ac6198302c7fafac18c2bf98f

    SHA512

    2d016e0b971a559c119a8d21451788fe1abd9c9c2a2d38fe9697844efee5f33c6b38f40a68479145858c7bc39aa23e522d9586d0fb14be649b4bf95d90c0cd69

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    24f0dba07ce96a60592e77c9e5f3387b

    SHA1

    cf455c6f4bae280e88e8cd5381bb28127b7e5824

    SHA256

    1888e0ed1e448a1a8643091cb68fb24718cd6a1caee018b0b696cf4680e9feb2

    SHA512

    516c4364363d2044b0bdda73ed8c5f1119fed911e35e8c40b13c06ee2df53f37357eae8bfbf791764ce58bbaf30390cc0c430b8ba5e5f865dc227d1beb35a8f9

  • memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1964-716-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB