Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 03:29

General

  • Target

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe

  • Size

    63KB

  • MD5

    7d64d8af10d2c3315074087f17317870

  • SHA1

    be7fefd19d3b04b9f1708743c9b5ec68a23b8d11

  • SHA256

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0a

  • SHA512

    b3a6dce90b590fc3cbdf4076e0e5dd933718fb62695c18200ab79c8c3f657488186b586390d08c5e3d7cfeb1bebae34536963ce8e8b108b367c4f6e56c877738

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4iz:V7Zf/FAxTWoJJ7TTQoQ/IXb7n

Malware Config

Signatures

  • Renames multiple (5168) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe
    "C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

    Filesize

    63KB

    MD5

    ff9eaff7569eca40fabf6a9a7220bfcc

    SHA1

    51e013ceaee13cc4c6c8d60cd81b52cb90357b49

    SHA256

    5ce1f25cfdafd6b87ed0e39e7e626c2a6408af2ea2fd9ac483cbfd6cdc82a6a2

    SHA512

    be8fecff3cd049408e61b2ab6da2c7205d54114fdcccd3453670d2d7dfb7970a21003463a22297ab7c652088f6107d73b9bbdc7ec5bc236a6cb131ca0b60ac8a

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    162KB

    MD5

    dd947deefe23c80fa59ede9b311faaad

    SHA1

    640fc04d031a93158102c1a3fc941dab40b26fd5

    SHA256

    d47155855d1b94a7f28b2ac6dc53070c46e12d1414081dbbcb68b5ce1aa990e7

    SHA512

    6d0f0b526a64895246fb024048b706f9d304bc54132bd267c0da728faba2468cc1440ae23a087fa3e8b057febad53a2458190b77fdba94346bbbce42b42c877d

  • memory/2796-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2796-718-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB