Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

61f020ec24...2N.exe

windows7-x64

9

61f020ec24...2N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61f020ec24fabff4cc57b743b44c5e476a66450fd6fc41a57ca400e367fe2ce2N.exe

  • Size

    45KB

  • MD5

    541b3baa4bc78c3d115694e6b24fff20

  • SHA1

    b86c828ef7410eae13ccf655430034f1400d6b6b

  • SHA256

    61f020ec24fabff4cc57b743b44c5e476a66450fd6fc41a57ca400e367fe2ce2

  • SHA512

    480ad597c2b9ad1ea1c71f659281e4cce0230cf5e39d0ed1689658fe16e0d78b08329534c75ebea19eb531583ed0132ba7f969f3fff98c88d5ff6c92e5781e8c

  • SSDEEP

    768:kBT37CPKKdJJBZBZaOAOIB3jM2jMO/7OSoEXBwzEXBwzm5u5H:CTW7JJB7LD2I2IbStsh

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3799) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\61f020ec24fabff4cc57b743b44c5e476a66450fd6fc41a57ca400e367fe2ce2N.exe
    "C:\Users\Admin\AppData\Local\Temp\61f020ec24fabff4cc57b743b44c5e476a66450fd6fc41a57ca400e367fe2ce2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    0abc595bd7aaed22a30b61b92834df2f

    SHA1

    82a8ba9ae03e595a6253ad90ea9064b0572c9746

    SHA256

    36f442127a93a50184c179018a54214ec9f3d001060f85a55b70d3983fb37b1f

    SHA512

    faff52285385fc575c1a033a891c29a4ba1a7df3dc4cdef1eebbf9e4e5517341a02b7361ac8d52247eb8fd00bcdd79eb9edab469686cba0f657d333cabcbdcce

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    54KB

    MD5

    8f5a683419a8c8251e5ab26eb156a145

    SHA1

    c710fe0a0504ecf56cddf586f233beea83e56abf

    SHA256

    bc7f9acaad075aebf3f7f68b00281f882949516fb25db4be24020d2a6fa21e76

    SHA512

    0eaecb899e3d7f7d251ccbba035267a21b13885120bd68c684d65fa09d8046e4db97c94f0e7c579f1efb62c2800da4c54ffa531ba3268825076ab78c1cdfa599

    Download Submit

  • memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2480-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download