Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 04:04

General

  • Target

    ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe

  • Size

    53KB

  • MD5

    880740c22dfe4bf33f150712f1a7b0db

  • SHA1

    300fb3138f837edcb60fbff674a4630af9d359f3

  • SHA256

    ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe

  • SHA512

    ef9d7f03df2bd3b399e37168b143c91a241b68f0c4f797877360c1b8ff25af4ddf09f45696ca0b452faa39cb52f3cc619fb30204e4d5453d6e7205ffc4f1ffa6

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9X:V7Zf/FAxTWoJJ7TJ

Malware Config

Signatures

  • Renames multiple (5197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe
    "C:\Users\Admin\AppData\Local\Temp\ba9d952936e9de1ce4c4d9c9dd4a031bbb90b530e1ab6749d4cbaa2c8b46aabe.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

    Filesize

    53KB

    MD5

    d70735a3bd851f4bb719376292a3e28e

    SHA1

    898876c043589fd7428a4c4da629858e1c35683e

    SHA256

    4d6e0168e0b9ef74c86c78a6f68b3f8cb19554eb49573ce0bfc6efac7edc5520

    SHA512

    7a401b65295dfaa77bc1b1d8b3e70a55a56b465b87a33494bb16f04e360e9756e470917553d97b808bd91c2f0e562ad5229d7e3e4d6b7e172635cb7a67e2066f

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    152KB

    MD5

    4e33e83affc35114b0d90eb16af610c5

    SHA1

    1a94386ce5cf724d8e09ce8128429eff15dfe2e5

    SHA256

    e65ac7b3ecbec517b7aed23a2aa52428e6e9a325d9c2198c13ca0130e673326c

    SHA512

    b2c9e1febe7c72ec8ec52f1764a2b3a9aeeed7e762cc8ed3ce1bd8bd84d89576712ae182167a7ac5e2e02af2302d238fdc22503ac70e5de9e7fb78aec2d182ad

  • memory/1536-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1536-784-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB