Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:05

General

  • Target

    bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe

  • Size

    126KB

  • MD5

    fdf26c7c5a4dab29fde9a471e90a8895

  • SHA1

    b3b87a01e165b220d05949a6afe7e4a94ed4e292

  • SHA256

    bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38

  • SHA512

    33c579045180aedc0819ad7ec62352107cd69339d35d6163b95261acb55b6eb123acc009ba8c9e4ebfcd4f2eab8519f80ed91858ca4b7aff1e3ce269e965fc56

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PVMN1M:V7Zf/FAxTWoJJZENTBHfiPCNc8uO6z9

Malware Config

Signatures

  • Renames multiple (3445) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
    "C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

    Filesize

    126KB

    MD5

    27ecaa1470f0c360be6863b87db3adf5

    SHA1

    eed3a396dcb0a47a7c333f30ec01a55c9f1f3498

    SHA256

    5d6a9ce1bc468abe3b6454978914bf48bb479c08955bfed2a166b595bda9bf66

    SHA512

    88a01dcd00134a98724d6a619e63ab1d7fca89ffbd7546c2f28524f4eca810f450a85b12f1715bf33330a9c629a854dc3e5cb21990d35a812ea6828f96ef81bf

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    135KB

    MD5

    eefc3af04ed43890e523d9f6fb845456

    SHA1

    7407ade86c282df60545bba084fab93d148c0ac8

    SHA256

    8a0857dfa55966e8657736c10e646e7811dd1fd79550ed6fe7779e6a273d78d6

    SHA512

    07dfefd30286bb647ed1be0a9059e4a745ccb533f3ea5c8861e634983f1d9d8be081d4c920afbbec662cae14712e239e567abba354dfed1bfadf45e337826b7a

  • memory/3068-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3068-72-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB