Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

c3d0671db6...8N.exe

windows7-x64

9

c3d0671db6...8N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3d0671db61ff069424f05d5cfaf511a3659dd257405ae09c6d9ac57b6cb9428N.exe

  • Size

    76KB

  • MD5

    86122796e7f00b59bd5114bb6472e9f0

  • SHA1

    e776d4fb739ed7a3c2dbaa06d1d4ab7debfc05c9

  • SHA256

    c3d0671db61ff069424f05d5cfaf511a3659dd257405ae09c6d9ac57b6cb9428

  • SHA512

    bf1a075a29ee953c0ee974fa1af258c411b2c7523530ed11c653b3998bb59524a02530a95ae0f1fb44426a4dfbc1cc0ed4f8895c1b277e18378045f8ac1105e3

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8wYeHNm5EvDxfIyKoIWbsHfySkT5GeCyi348oWGO:KQSodYeHNmkDxfIyKoIWbsHfySkT5Ges

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3156) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3d0671db61ff069424f05d5cfaf511a3659dd257405ae09c6d9ac57b6cb9428N.exe
    "C:\Users\Admin\AppData\Local\Temp\c3d0671db61ff069424f05d5cfaf511a3659dd257405ae09c6d9ac57b6cb9428N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    76KB

    MD5

    89a9ce52fe4c86fdefd5e61830b0b607

    SHA1

    867c392ba46fcee483884e77455e3d9cabe60f0e

    SHA256

    a4047e950a39930c940060ff908b9a13f203e3857a304ba9cd6a9b8f3776f27b

    SHA512

    fe9cda2dcba001e22908c7a0fbc728d36051ca49d439d6365a0fc594aa851ff95b64f4bfe8a6c12e94fb1cf72ea7d3ab0398514f611a8f402da32762fa5eb56e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    85KB

    MD5

    a9b32b7d7988ac0ca44a2482ccb93319

    SHA1

    53d8fecd01bc355f7df690ba032e4e03db4c5bb1

    SHA256

    490a41c9fcff24cad25d471ca0d9d466e534d06c7a75a21273478e0c2ba28e13

    SHA512

    0b26df676b752469a44e891b8a6eddcde77739055abe30434506f33c7e7eaf65e4b56bd8573c89e8bb707f2b1ff5e2c517f997a9a8c2aef82f9b1a53ccb966c9

    Download Submit

  • memory/1704-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1704-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download