Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

f6e0608532...bN.exe

windows7-x64

9

f6e0608532...bN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6e06085327ec8def82ff3b26fc344810bf7d0f7bedccff6feca654839036f1bN.exe

  • Size

    61KB

  • MD5

    0d2d208cd8865bebb4dfc777e34c7c10

  • SHA1

    af9ec8406771bf61e637cf63388b651f2518ffb3

  • SHA256

    f6e06085327ec8def82ff3b26fc344810bf7d0f7bedccff6feca654839036f1b

  • SHA512

    7a8709e7d14296e407f127e0c29dc9dbd025241a3b0f577e9f425f4386ccb33189162a1fba9129c43ff003b8bc269db62f6b77ae11473a4e4548503d884cc858

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0Iap3gyaHq9nwK8gvgyaHq9nA:/7BlpQpARFbhNIiJwsJwwnZap9QKQD

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4667) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6e06085327ec8def82ff3b26fc344810bf7d0f7bedccff6feca654839036f1bN.exe
    "C:\Users\Admin\AppData\Local\Temp\f6e06085327ec8def82ff3b26fc344810bf7d0f7bedccff6feca654839036f1bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    61KB

    MD5

    e206870c93a152ae1fe3591a86f300dc

    SHA1

    049fe772be7b79a2f5c3d55b807fd2249e758d59

    SHA256

    785e400d387c0fe1d20e466e917a3f6515461621fc1738fc7e38c401d4cc52f9

    SHA512

    58beddf3225c2830e5653b70f0d0548d449931e7ba867cf79365f3e6a27b9bf5dd3988414bceff526c5565d7aa218768855fb2769da3c0a70676fde6b5cc201d

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    160KB

    MD5

    efec71f6ea7350e8e5f36a23b7c7e56f

    SHA1

    a816d008504f2fc4c1e03f08f51fd3068acb38f0

    SHA256

    b05f66deede11be4d45cf3b205236f62ffe85d193f7d1e24f7ef9e119679bf9b

    SHA512

    a3b0285efc75543f5ffce366e95c8df596c0cfdf2c4b8fe2479bfc26e22a087ac7a5d426e3029f6257a85b900d5a447b178700beab1f535df0189b9fb4127211

    Download Submit

  • memory/4260-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4260-908-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download