Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:58

General

  • Target

    d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe

  • Size

    44KB

  • MD5

    f0d2d068d786e861a6baa64725cde210

  • SHA1

    b531fc8f54f345a373ee8e41ff0a653310827ec4

  • SHA256

    d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7

  • SHA512

    8cfedef47c6ead54035fd645d4de829dea1a8df46f6d09c506593720f6ea20275a844ec9cb70e7730d9f78ce5656e32dd95075839afe8ab9596b3a8310c504a9

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4ixJIfoj1O4ixJIRgP:CTW7JJ7TTQoQ/IPgP

Malware Config

Signatures

  • Renames multiple (3410) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe
    "C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    44KB

    MD5

    9a2cac8c09453f5568f5da5f83a0aa70

    SHA1

    275f5f5955bdd696929941437973c3a6cfeb7a09

    SHA256

    fc731e254d4e151a10f3f1c1ef97ea486e00f4128cfa28edb82e88994d3aa3cc

    SHA512

    7aa54f1d5de5d5738b9633a9a415497666ea588323546dfbf2b3a461bafdbbc14407e34afde9afc2da02da20550facd1325b1a82ff9f313203d9c30546da08fd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    53KB

    MD5

    9e57538d4e16a6d9af8f5a287c1529e7

    SHA1

    f9f788588e20ff000df0ca6a03cff0f9160d1c17

    SHA256

    84b3f6f573a45cc524327678d7d3c07c53cbb670030d788c25dca7cfca511a92

    SHA512

    54b8e9c6d2a1d8076c9c2bb56f0e84b4efd14c62caa7fe7debf1f43d1272a68d7440fbf12fd4c7bcc7812d72d55eef9d6b5a4fbb52676d0590b0ef718bcf5e29

  • memory/1764-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1764-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB