Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:29

General

  • Target

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe

  • Size

    63KB

  • MD5

    7d64d8af10d2c3315074087f17317870

  • SHA1

    be7fefd19d3b04b9f1708743c9b5ec68a23b8d11

  • SHA256

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0a

  • SHA512

    b3a6dce90b590fc3cbdf4076e0e5dd933718fb62695c18200ab79c8c3f657488186b586390d08c5e3d7cfeb1bebae34536963ce8e8b108b367c4f6e56c877738

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4iz:V7Zf/FAxTWoJJ7TTQoQ/IXb7n

Malware Config

Signatures

  • Renames multiple (3552) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe
    "C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

    Filesize

    63KB

    MD5

    b07b42ca421f40ac34d7e112d651a003

    SHA1

    7dee8f040c5ef502eb63d69cc39889e0aa18ccf3

    SHA256

    c6e80961e2853fd075b94c8e337a8d511749912ba5b856976d5e9a377a8d0711

    SHA512

    5d63150283856a8423bce61fa0994c4b7ffd96b37ced951e22cbfc1b4dfd7b2371b606d011c851bb2cfa83951db5b3eaa9172eb2a8bdd76538df672195a32495

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    72KB

    MD5

    a441306e5bcc7669ed1f14f400f1041e

    SHA1

    815340571b5d40108c5272f7a0267272aa3b4498

    SHA256

    1e14bc1ec5e2362ef0f6a5fcf4a0103a8a884635e7f5f1361fdcdd438631dc50

    SHA512

    d4ac24169db1383072901dfb89fd6e3bcbb98a73ddcab1e235a78ffa8fd6e8eec2e47235e61e80768c6ab11f55b2a5f07427a359283cf53fa7a81b4be71225ca

  • memory/632-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/632-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB