Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 21:41

General

  • Target

    517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe

  • Size

    66KB

  • MD5

    8feaf9341313bc1808ab32f7e111e910

  • SHA1

    3fcb28bc538a3ab1b773285ffbf15efac76561a4

  • SHA256

    517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908

  • SHA512

    0b8dd3847364812c1951e69e641c42d7aaa6564c6e5ce6afcc4a0112e6abee1aa2ce72dab00ac5195cbc99b71cffefb7b60e7826b365f6786404a73f9827ff2f

  • SSDEEP

    768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7u595QUhUB:/7ZQpApHou595QUhUB

Score
9/10

Malware Config

Signatures

  • Renames multiple (3205) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe
    "C:\Users\Admin\AppData\Local\Temp\517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    67KB

    MD5

    d745c818891b134e07c1b656b6fa7bd5

    SHA1

    80f55e8793bfbab4275a73f8025243efa2087b20

    SHA256

    7760076042bd276427ee66751c9a65bdb001eb59186a893ea3e6d4d5eb265928

    SHA512

    b21f2cebe23e83615515bfd30d4fe80b87f742d48aef3df0107e4c08aacd233a38df3d2c07753dcaf074c7d107d3adc9086c2d12343ae31b2c30cd619459befd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    75KB

    MD5

    c85d48c5de7725636d6c9b0739049b25

    SHA1

    60d2160785b3494bdf663c00ddb4f27b1f42ebae

    SHA256

    2e5c82d93fbb028c8d7c81d776da3a8c671a0488a07f0070c034c3b39d6ea0fc

    SHA512

    5abce5af6f59b70fb3971cf11e94873c795219b298c79c8151f7146d12b6e6ea64f48445049797eea1ed6590e980779dd1909e0d52a6d993837b6922e8791f58

  • memory/2400-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2400-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB