Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 02:56

General

  • Target

    e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe

  • Size

    70KB

  • MD5

    8271adfa6219573c5401d6f927c2a4d0

  • SHA1

    ecf7cf095d0e32d5e68bd66cd772f522be1b6308

  • SHA256

    e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2

  • SHA512

    9f3c04ee9b8ea9129e827609fa64a401bf26a380fa753d3baeee1839600759557966e22db96a3621bec4760bef86166692708fc033235219b7f37aec579b2dcf

  • SSDEEP

    768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7u595QUhUey5vhgCy5vhg4JB2JBE:/7ZQpApHou595QUhUBgtg4JB2JBE

Score
9/10

Malware Config

Signatures

  • Renames multiple (3151) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe
    "C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    70KB

    MD5

    b13ad3eb3737e36734831417a4d3b8b3

    SHA1

    9e9d7c3ee835ceca46c465fe623bd6464e0071d7

    SHA256

    ad9741891445e1fdc11ec8166d28e515e2c944d391665d1641877578f7497044

    SHA512

    8e52d87a5585639f0578b315eee8d7e1fdb7d0b2120baf8c255e840cd5e1d97afa1c259b1a95c4878916d989bd7221e44219d5a15b01c9ad358294652c480b46

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    79KB

    MD5

    2034ac91eab7dae5c9120dd321c11c4f

    SHA1

    161e53b3a2f4a273aff77952bd6888054d534773

    SHA256

    4b653ad04e5d50691b4eba8d8fa66b03b375c67c93ebb525875f16f780b2e6ad

    SHA512

    eb214e6cf2c16b145286ca50e683de217bc680ed07331822da19ad502f20f86c57639e227426c4be4e1e735a9257bbea519954fad3e1e6cc25e1eeb2216e4078

  • memory/1692-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1692-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB