Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:22

General

  • Target

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe

  • Size

    63KB

  • MD5

    7d64d8af10d2c3315074087f17317870

  • SHA1

    be7fefd19d3b04b9f1708743c9b5ec68a23b8d11

  • SHA256

    ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0a

  • SHA512

    b3a6dce90b590fc3cbdf4076e0e5dd933718fb62695c18200ab79c8c3f657488186b586390d08c5e3d7cfeb1bebae34536963ce8e8b108b367c4f6e56c877738

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4iz:V7Zf/FAxTWoJJ7TTQoQ/IXb7n

Malware Config

Signatures

  • Renames multiple (305) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe
    "C:\Users\Admin\AppData\Local\Temp\ca8d30c167009f3c14f8a1657b63d993d19b47e4f78690096ea2f7683a0b5c0aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    63KB

    MD5

    1a2d599845acc71283275c925b077b2f

    SHA1

    299b36e0adc03eee32644a199d9f200f573d7778

    SHA256

    e1a4f39f861282de857e474eb6eb263bdbbbae24b4913d17f63862f112ba0da3

    SHA512

    4ca27a08607b59f2509a3f68e4fddced86d4a57642202ddb12048f09111633f5ab7253f0e5f456ea6d4832e96485026475f9ec9c7edca885b8e39cb918f7fbe2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    72KB

    MD5

    39d9fc9b1af0e53e547dfbf059d5d76e

    SHA1

    fadc8338b2fd87b41417725e51399323078f5fd1

    SHA256

    9664402186290c2c659b6f6d99cfbab27367e126924f8a1ebc9ca456216e8de7

    SHA512

    191cb9bf40ff5faae7c315cbc67cc4dee24897df2ecfe1ed1ac24bdab3e66633db582f95a23208734658bda9c27af21580025495a088367da49ae1db5a6ba2ea

  • memory/2808-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2808-20-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB