Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 03:01

General

  • Target

    bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe

  • Size

    1.1MB

  • MD5

    91887e7852cdffe968fd529e3d47b4c0

  • SHA1

    aa0efe7f6326f49d7633535de28d154e8ad735fe

  • SHA256

    bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4

  • SHA512

    761a95014539baf0a5c94ca994fa4ef94f5515145bf66d339051ccd928a5890b03038af939899f9f212aefc663bedafba650c6fbe7704ba3c669c996df9f5fb3

  • SSDEEP

    6144:KbEQl/lLlHlKoJoEoV5oV0rlrgrgrtT8TBTSTQVCA2VCAMVCAmVCAbDu+6JmDu+T:doJoEo/o2rlrgrgrtT8TBTSTf

Malware Config

Signatures

  • Renames multiple (1706) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

    Filesize

    1.1MB

    MD5

    506c8b2c351d1302b62020d71d8315ac

    SHA1

    b63dcdb9f6d633f9d12374b6cfcf77f2cbf2a1c5

    SHA256

    61ef1614979c6d4944b37dadab9df18d4fe7018c7be788687670d380c30f79c3

    SHA512

    def0c1297cede1fc34f3348b3a1f9bdeafa4dcb680bd67024a30d8f9e344741a20df07612bc5f9d21b759e7d3b940616b3360d3c6dff5946c2afd5cc8433a995

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    1.2MB

    MD5

    f9bfe0e0af7cc7a0361f43becf36bd9e

    SHA1

    95d3658e8e177ade6f2a3475918673f848bca6d3

    SHA256

    4807747e67eb9d96818bdc61ba2998694c98933ea73a157a5dc9486f8cc0c312

    SHA512

    806c4c686cf7c5f876aa2d399bb491be947e85e9e7930fc99d71bfd9f8a58109b864629e286e0929cfc3ae7d0f6cc7f64a27c556ca24fb39d992a8bc39eb1403

  • memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1720-372-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB