Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

02ac6e0297...eN.exe

windows7-x64

9

02ac6e0297...eN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02ac6e0297db89722f6ff582359464039b834da460844cfc51390b0aed6b46aeN.exe

  • Size

    50KB

  • MD5

    9a2ab7a090398ec709cc2404006ac140

  • SHA1

    273b71c5afe275198a8e32fcc470ee7cfa11e12e

  • SHA256

    02ac6e0297db89722f6ff582359464039b834da460844cfc51390b0aed6b46ae

  • SHA512

    3ea8aa180a60300e7b2019755816d56a99d6ca5fb20c47f2aa676e1bbaef20cf634ed4677d9f806ce249d7c4f688020da91e678149b9d76cd467692b128318e1

  • SSDEEP

    768:W7Blp+pARFbhBgnKLMWK9WKD2N2LSarSaxLeoVERZLeoVERM:W7Z+pAp2nKLRKIKqoLSarSaeWM

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3775) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\02ac6e0297db89722f6ff582359464039b834da460844cfc51390b0aed6b46aeN.exe
    "C:\Users\Admin\AppData\Local\Temp\02ac6e0297db89722f6ff582359464039b834da460844cfc51390b0aed6b46aeN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    51KB

    MD5

    4d705f86a6b936fb9a1f7e259d2165db

    SHA1

    5f855bfd8e588410aab81dce3df7bf45ed76f4f4

    SHA256

    6e006f09ba5f27efa4e1f90345f4a0a664c81ca80e148be093c957a794f9b5f5

    SHA512

    bff760e65c21d242b8e91a68ffd038e57c16421b6844f620ac3bbf74339c25055806d7842756f5936f5e423cf1e9c0d6512585d8c03e57cd5a680252329eb06f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    59KB

    MD5

    e9c736d74885fe7e9d413efa5d865789

    SHA1

    7fa831a36f18a0492449b0d6fcfd08a41425b4bf

    SHA256

    da5960fd16eb10476c0b744cea6d312133a018b96f90f525438991381631916a

    SHA512

    812fba833cf203f1a813ac85970b92e55a6657b749c5e22e3c1cfa7d5f1e038380f6fbb60b323a1436d867f4193c4c55d94c0dfe92672030cd776363ef034b9f

    Download Submit