Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 22:07

General

  • Target

    6578b16d8626939a87c846f585f8f6718e6e19848f70b94d69a1a74670a6a1b6.exe

  • Size

    54KB

  • MD5

    479ee7515d94af8d5cb72e02f46f2b2f

  • SHA1

    be6fc444e5b2c39a5ec12e2ccff3f31c83b46129

  • SHA256

    6578b16d8626939a87c846f585f8f6718e6e19848f70b94d69a1a74670a6a1b6

  • SHA512

    a06c5fc92b67e45e95bbf26da0191d759f0921b28e566dc4add0982557d753f1496f1393f2438f00a8a5fbef7a5a748961bc8ed4c19aab51e0cd9d815457a552

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PU+:V7Zf/FAxTWoJJZENTBHfiPU+

Malware Config

Signatures

  • Renames multiple (5037) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6578b16d8626939a87c846f585f8f6718e6e19848f70b94d69a1a74670a6a1b6.exe
    "C:\Users\Admin\AppData\Local\Temp\6578b16d8626939a87c846f585f8f6718e6e19848f70b94d69a1a74670a6a1b6.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2664
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4264,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
    1⤵
      PID:224

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      55KB

      MD5

      4bf84d8a4d7a13717bf3f0858b56bf4d

      SHA1

      06843383f22da6b0d8aac4fdaaf2343880ab92f2

      SHA256

      de961fb0ee8051f6f6d7d3772c6c62da5ee2fd8512363b916e08c2114eb25c3a

      SHA512

      362f152b3418386e3f286dc5e1bbaa2c1216d1bb097fbe43ab829efd030cf226a0fc351a59ec128ec0822b08df21017e58ba41d01345c9560bf373c9ddb3e88a

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      167KB

      MD5

      59139bdf3bd4d1938aee7af9922f10a5

      SHA1

      f744db402a3dcbdf2e4417da06fd733b50627987

      SHA256

      639b183248d0f98c14609b59c7a6b3a5f337e836817b9be44907e44c5314d9e2

      SHA512

      9f3fa776f64d2e253f428327fcd267adc538d85a53419474769ac5f09b47967a6879069a5d75ec6eca4c61bd9ac2c9e81c4b0597de3870b7f54719c9c7743bbd

    • memory/2664-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/2664-914-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB