Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

00ee25ca13...fN.exe

windows7-x64

9

00ee25ca13...fN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 13:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00ee25ca13b52fed82f9d8cbd3f40b9f0db7026092cf5f7ecf7c64e049a09a7fN.exe

  • Size

    70KB

  • MD5

    baa579e6e1bae7ccb0ede66078651180

  • SHA1

    4aeac75a9d2129523130393d5983b1d1df503c1b

  • SHA256

    00ee25ca13b52fed82f9d8cbd3f40b9f0db7026092cf5f7ecf7c64e049a09a7f

  • SHA512

    a708e30d20755b39680466dd73d5e65d5972cdaa3b54e4020be51c14dca2bbb2df08273e285cdabac727ef76aedbd966942248e1e63810666e55cec7a98c3e72

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti97o1LDdu:V7Zf/FAxTWoJJ7TTQoQ2Ls

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3740) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\00ee25ca13b52fed82f9d8cbd3f40b9f0db7026092cf5f7ecf7c64e049a09a7fN.exe
    "C:\Users\Admin\AppData\Local\Temp\00ee25ca13b52fed82f9d8cbd3f40b9f0db7026092cf5f7ecf7c64e049a09a7fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    70KB

    MD5

    47c008c76b788a7376facaab0eddda85

    SHA1

    dd419e6b32d7bbdbe599c9258621212c3f350b50

    SHA256

    3d0b75b9768b2999b1793aed41ddd1912ba87833fe766db1d737ccd73e75e63e

    SHA512

    0272983bd15d7f81cb9ba414a99b243595322f1c84cfd56c9a7207ccf2915444370ac4a57322053065c116f94260162e18bb5f765d1b78539d93faeae6c9b723

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    79KB

    MD5

    8bf78fa0d96f341b84c08aa398048e24

    SHA1

    2ce8175f7330032caca2aea98edaefde2151cefd

    SHA256

    28279f5b3d86f83b3b066c271a487c04da00f13b4ae9e4f0b96acddd8e21f664

    SHA512

    1f4bbf78cad109cef4004361536d6e41a52725a742c9510672e84b8ac82b9ca62852587702ad90f7f41bc6be6395dda45087d1c64cf68c0a241206e0924de3e1

    Download Submit

  • memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2776-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download