Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

c0232efaac...3N.exe

windows7-x64

9

c0232efaac...3N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0232efaacace1437e84deafcbe3bf1b2497e55c0deea4bc2142f12031f54cc3N.exe

  • Size

    86KB

  • MD5

    cb8ea5ad6eef4451205c7ba3eaae24e0

  • SHA1

    002bdd06e88093e31a0c46dbb827053493df3885

  • SHA256

    c0232efaacace1437e84deafcbe3bf1b2497e55c0deea4bc2142f12031f54cc3

  • SHA512

    424abe50c88476ef20aa01b8f6c9138a78f669bfb444177ad0d09df5d8e12f70755e2872ae8e9054f742bab930814af92cec9f21c0f65f861eba89b2c3d273c9

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggUCQCi:69WpQE0zxgq

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (5011) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0232efaacace1437e84deafcbe3bf1b2497e55c0deea4bc2142f12031f54cc3N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0232efaacace1437e84deafcbe3bf1b2497e55c0deea4bc2142f12031f54cc3N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
    Filesize

    86KB

    MD5

    57cb7fca3c7376ee143e2cd49de0ec21

    SHA1

    ee0b8eefa5dd88338a176552f8c7ca62ac574fa1

    SHA256

    af9ec4eb3bfec333d7fefd05f3d6bef0ce9be5d93d8d08a21cd6ee55a6798ff7

    SHA512

    0d00868fc87b28d14daaebd1327d5cd5014c2371fbf0dacb3c2dbcbfea0794a5f4934312a527a424d9c963abe600bd465498bc3b3d7f8e7d38cef08ab4b4ae76

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    185KB

    MD5

    be48396ede3457114a2693a8c567459f

    SHA1

    0ca0be78b2463aba1a91ad3f87633daddee77f73

    SHA256

    2762b7d15240790a97144cfcf180cc43cef4d1dfb09191fc31dd8e7b3c7d205d

    SHA512

    692ff4dcd277d03d67d33a6ceea66ff91a10a9618bdcdb0730c7312d57220f5de2ef34bf8ee87ea57ebd0e6ba8616e85813cf5e07a8c1f08a5859e651f8a3dfc

    Download Submit