Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 05:21

General

  • Target

    c8746016e0e5fee269d9a00d4de9b924b5a09281e6e4c1f12c7f579587c8274dN.exe

  • Size

    56KB

  • MD5

    9c3e7a737e45f3907ceaabca522b10d0

  • SHA1

    3c8ad9eb44378ad9464c0bd9939169194101077a

  • SHA256

    c8746016e0e5fee269d9a00d4de9b924b5a09281e6e4c1f12c7f579587c8274d

  • SHA512

    5f13af2bb000afb5429f6d1c3828e38011782a981e70d8d7c239f551409388c1270dee1f1437871df6ccf03bcf78e24aefe5c2f78dbae16aebc429a7c632f1b6

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PSqG:V7Zf/FAxTWoJJZENTBHfiPW

Malware Config

Signatures

  • Renames multiple (3458) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8746016e0e5fee269d9a00d4de9b924b5a09281e6e4c1f12c7f579587c8274dN.exe
    "C:\Users\Admin\AppData\Local\Temp\c8746016e0e5fee269d9a00d4de9b924b5a09281e6e4c1f12c7f579587c8274dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    56KB

    MD5

    dad863dd9b43f086b250a0d733fec66e

    SHA1

    d04cf9ab5ac87a87e841ce5e906daa6d62a801eb

    SHA256

    7f302127948cf4d7dadcab518cfd0a663895142fd6fc3614038b04da673a62fc

    SHA512

    830d027bf647d4280481017d5bf50598be6fa6ca6e8e146afd975e60f77b35c52034f68ac13b8bbcb3b76ac14c59b37958f7c6b51746b2058d481813e0d66814

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    65KB

    MD5

    16ae86f2fda2962e88d396d03ee884a3

    SHA1

    ecd957ffc35dc8d063f9cbc1c5e84ea2ecfe02d4

    SHA256

    80c9294b27992245b8f68e7db6b1dc52b39ccf0b16b4c7b89e8716391d24757e

    SHA512

    48fb5bda135972aa8c62c551a0581cdc860ce24db5c0dc5ad2270fd56db749905a9527db7d0353cbe797e2f71081dd7faa94b0685c31ec9f11aa5b594b1dccff

  • memory/2852-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2852-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB