Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

b8d0f64bc9...0N.exe

windows7-x64

9

b8d0f64bc9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d0f64bc98553db3d61605769c80359f546661a5d8c7ac8029c1d63e735de70N.exe

  • Size

    44KB

  • MD5

    7a3770eb9620a0bb2989536e38ca94d0

  • SHA1

    e9bc9ace1a13230fadb61cbe52e728334cc5f1af

  • SHA256

    b8d0f64bc98553db3d61605769c80359f546661a5d8c7ac8029c1d63e735de70

  • SHA512

    608e8e0afff5941a37e71e6f3e0759d26b353a5ba1c6289584098075a5c7030b6bb5929f3f20704be7d35743949735fc153ea6e30692621aee6e6b218652a05d

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0IS:/7BlpQpARFbhNIiJwsJwwnZS

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (481) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d0f64bc98553db3d61605769c80359f546661a5d8c7ac8029c1d63e735de70N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d0f64bc98553db3d61605769c80359f546661a5d8c7ac8029c1d63e735de70N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    8fb4829c288be86c6f426eaa4791ab85

    SHA1

    821703d584ab8920db8ae647212aaed36b7061d9

    SHA256

    582d5fb9bdc9dbe074bee556de7b2e3bf657cca7394b07d2f3babed93baa6463

    SHA512

    ded092799c3d1ad51f924da5131517f610eec4e8e8da9bff5113c7a7b38dd181198fb55be5ef8e2a22a7a14f0c9fec405c462ca29fa777ccf845d499d161fcc3

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    54KB

    MD5

    aef7fb1e76eba10452355c2b1e678f2a

    SHA1

    db8078fe356db454867bcff32a69f6a0496cc024

    SHA256

    61d748bac5b9b4bb22b2aecc1279a79db874b4a02c8236745b9bdc8ca3edff62

    SHA512

    6ed68624af90aa5d06f9bfde15b74f5bfcdfa978a6c9f693c34fac010926ef0a3f9faa41861e41dcb16507f487e0b9741823f84f87bb143f3f4ed6436bef645b

    Download Submit

  • memory/2108-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2108-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download