Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:04

General

  • Target

    ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe

  • Size

    53KB

  • MD5

    880740c22dfe4bf33f150712f1a7b0db

  • SHA1

    300fb3138f837edcb60fbff674a4630af9d359f3

  • SHA256

    ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe

  • SHA512

    ef9d7f03df2bd3b399e37168b143c91a241b68f0c4f797877360c1b8ff25af4ddf09f45696ca0b452faa39cb52f3cc619fb30204e4d5453d6e7205ffc4f1ffa6

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9X:V7Zf/FAxTWoJJ7TJ

Malware Config

Signatures

  • Renames multiple (3760) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe
    "C:\Users\Admin\AppData\Local\Temp\ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    53KB

    MD5

    fa7c13aef2eac56afbdde3ec6944a70c

    SHA1

    dc212610fbee50628d3586e48dcb101bcbf00e29

    SHA256

    f5b108b95cdc169166ddc08154e9c9f6acfe0b9c5fba557a8ba7aaddcfba1c1e

    SHA512

    b3f9475b6283212cceb2612a89ab6127c6a64bfc60bb9beed8d6f7eab2887f491f18d540cc3db78823ebdb74b7e87ca17d73ce80767d33b798bcd3c672ffa5ee

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    62KB

    MD5

    1dc6c54c2b65619d1878617d0c1ace96

    SHA1

    ac0bf2621861d60c3c74bc298923d5e2862fc0db

    SHA256

    58cad1e774088f23e89d6d5414b09c4a6d7a754b97fc9494e2b8c4da60ad99a0

    SHA512

    abb5a023cc3d5816ba816eecc0c7f4876449dee83987968c2769a2fecaef0405259ec7de9fcf23c2e1fd3c199e77d06a942476fe8e02872f5f44b38222fdd1e1

  • memory/2536-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2536-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB