Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:01

General

  • Target

    bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe

  • Size

    1.1MB

  • MD5

    91887e7852cdffe968fd529e3d47b4c0

  • SHA1

    aa0efe7f6326f49d7633535de28d154e8ad735fe

  • SHA256

    bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4

  • SHA512

    761a95014539baf0a5c94ca994fa4ef94f5515145bf66d339051ccd928a5890b03038af939899f9f212aefc663bedafba650c6fbe7704ba3c669c996df9f5fb3

  • SSDEEP

    6144:KbEQl/lLlHlKoJoEoV5oV0rlrgrgrtT8TBTSTQVCA2VCAMVCAmVCAbDu+6JmDu+T:doJoEo/o2rlrgrgrtT8TBTSTf

Malware Config

Signatures

  • Renames multiple (484) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    1.1MB

    MD5

    81755f61643ab19755cd06d5b3a18b27

    SHA1

    0d223e2417f5c0b40126b9d929d6340434908a3c

    SHA256

    bfa5c19a5c07821ffbe34082ef0ca28150fc684a86b1ee0ca7575ad29f3722c5

    SHA512

    66de5339eca832d0a8a51c547c8cb97d67b93bc49fd3f731cc5fdfbf1d1ae66eee01b2014e839abb79958078f2a807f8bad7f25740c521051b8c32cdfeced7dd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    1.1MB

    MD5

    e86d64f3e0cff205b865332a138fc3f0

    SHA1

    ab516da986d3ee2347e5ab8470b4d2c1f925207c

    SHA256

    6bf0c29f48d31e5ec0d775c664032fcdf1444ca2605bcba78d95fb973871768d

    SHA512

    c59aa870c51c3f903c87fe9be1e685dead14acbf4c17004d82a77da9aa27ebcfa957efefe91855e256ca9bd0dc72a7af33f4cfe422e3918b91355796ae8b36f6

  • memory/2440-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2440-62-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB