Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

a4f3bd7a29...8N.exe

windows7-x64

9

a4f3bd7a29...8N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4f3bd7a2900cfaf2652923d5d72bd101c3116dda2fb9801ada1251b451f2118N.exe

  • Size

    38KB

  • MD5

    904f02cf7a94c9aa73ea66150ab376b0

  • SHA1

    118e72d9f86c996f4b8eda20cc86659f85ddd4b4

  • SHA256

    a4f3bd7a2900cfaf2652923d5d72bd101c3116dda2fb9801ada1251b451f2118

  • SHA512

    8893a47a2ec6230824d9936f2ef563e44528829695a1d4812261ef00b81d4277b838239b332fe0b2b977bcde2afb92803d778c16b66b4dbfa9399f0154da3959

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lt4V0IhAFV2RuH22V0IhAFV2RuH2Q:W7ZhA7pApM21LOA1LOl6AE0IhAFV2RuQ

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3122) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4f3bd7a2900cfaf2652923d5d72bd101c3116dda2fb9801ada1251b451f2118N.exe
    "C:\Users\Admin\AppData\Local\Temp\a4f3bd7a2900cfaf2652923d5d72bd101c3116dda2fb9801ada1251b451f2118N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    38KB

    MD5

    b1a45a60bf06c2a0a5edd41b97e12d3a

    SHA1

    af2c3798b413650c7c1634d768e946489395faa1

    SHA256

    b8bb4f7507346774e11c46d6437c628c7644f46768d966f15f32d74d64c0594b

    SHA512

    3e8405f4f431ef3ebdfc80cefcf573126764768df6bb2229f37a47b27dad50569b44d50c9435f3b5e10f5d0acdd0bb5d70a27f513b4306db5cc65bf4260b0a20

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    47KB

    MD5

    8cb78b8d2c1abdd003a13e0dca815e2d

    SHA1

    5bd761d3a1f751dded81f40c2a127724e0d195b2

    SHA256

    f860646fb72b749ccfd8c2f32e7681186cc8f39ff8fd2580ce00b8a9a0835031

    SHA512

    af56caf3be486f6bd70abc9dddf06706ca3564974d90a33de177bbc075249480ce5d466d983db6597b1c22c3e72e27d9b2157960104d02c7b7ecda309b21b88d

    Download Submit