Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:58

General

  • Target

    e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe

  • Size

    61KB

  • MD5

    7f24edd76b2b27d42a6271c64f5ae340

  • SHA1

    39c2b65c03bc0b63bbe4970921b1f559bd1ec387

  • SHA256

    e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865

  • SHA512

    5bd4da7fb0636619f1a2127e6c6ff34cc59c8df6d1a0612e82a4085318be34cae228f0fd5802524d1fcf4202e070f4730234be38048bd11b53821590e07b2783

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4iB:V7Zf/FAxTWoJJ7TTQoQ/IV

Malware Config

Signatures

  • Renames multiple (332) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe
    "C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    d120607bbf5974bd57e29be3d19e841a

    SHA1

    ff03be836f8633c7b2bb5e894d967771359b5d4e

    SHA256

    3ffed25c2eb6e190f66e973f55d707912bda32347184b8cfa83519b82634d891

    SHA512

    fb365ee9742442e930feeab955faba7c031ee685229134c2dfe0c84e2dba4157b2a17f511bf3e33655c08e5871eb4ea7314e03cc52b80756eab94abdde396187

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    70KB

    MD5

    db1656517577ba050d536a0ca927a502

    SHA1

    487af2cc1a31193fde135ef9e15d150e95351b8b

    SHA256

    16351cbf92a1dd679d4feb360a4ba2e3acf239844bb70779aca72e2c2aaaff5f

    SHA512

    12396ad770afa49fab85cc3955ca6e01b585b62c0c09e12b1211d0fa4f621f6891a694f0c94c95107aef586d022c96ea5482ba74412120b7bf74b717dbce2ead

  • memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1656-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB