Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 03:46

General

  • Target

    f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe

  • Size

    238KB

  • MD5

    48283a908d6695618f0bd9db318f8790

  • SHA1

    ab13ffdad3378e8bb5ad461578abd5a0832b4fdc

  • SHA256

    f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73

  • SHA512

    a1c9170dae3d9de80c80174c7f5da47df9f8bdcefd5730f0d0229b72ef3caa86413047d58f464813867be1bf41743400be59b060bca0cfe488857806e0de3fc1

  • SSDEEP

    3072:fny1tE/sitCab47kATGB1HtE/sitCab47kATGB1o:KbEn/bNEn/bo

Malware Config

Signatures

  • Renames multiple (3379) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe
    "C:\Users\Admin\AppData\Local\Temp\f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    238KB

    MD5

    8a2619aebf896b37173e7f3fad25aa23

    SHA1

    95dc752797db7640adbedd9749a1af9851e86d4e

    SHA256

    f5de1035b26cd509da72a08b18e332501f8362939acd0096fe11829a276dbbb9

    SHA512

    23a108c3cce4d558b3a35851e8de42f5b392c004e29eb938b5201475e114d98455c560623a62533a3847e7894149f2e6371121b49785fdb27bd9c752c198d5c8

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    337KB

    MD5

    611b5fba281ca6dfbd337e6500c8751a

    SHA1

    371342cfe9cc537d8a9ddf906efebc8014a16502

    SHA256

    f9f012f1539d8eb14c9d75786d6f69dfcdf80ce240a834276e9fe81787daa9fb

    SHA512

    afd821d3c9f0349434f7f9ce26fd1d91a3c2ef977ae3f2aa229776a316a805a3a27ae10029040060780a94ab465a5847ec3a815f7dd067d22c2c26f1f633012f

  • memory/2128-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2128-638-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB