Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 04:05

General

  • Target

    bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe

  • Size

    126KB

  • MD5

    fdf26c7c5a4dab29fde9a471e90a8895

  • SHA1

    b3b87a01e165b220d05949a6afe7e4a94ed4e292

  • SHA256

    bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38

  • SHA512

    33c579045180aedc0819ad7ec62352107cd69339d35d6163b95261acb55b6eb123acc009ba8c9e4ebfcd4f2eab8519f80ed91858ca4b7aff1e3ce269e965fc56

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PVMN1M:V7Zf/FAxTWoJJZENTBHfiPCNc8uO6z9

Malware Config

Signatures

  • Renames multiple (4851) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
    "C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

    Filesize

    126KB

    MD5

    074c60ca3c1c27dc029d9a1184f25ee3

    SHA1

    2b8b12cc29ff99042638c2d93707120a77b948a8

    SHA256

    d99ce82147b89f3d78f528924807fe793bb94a78523285862e123ff796c03bf2

    SHA512

    bb70d9ed188aa208b3d3a7add53dd4d516c0b049c211edca627ea5c78610bd79a27f23ea18c461ab085454cdb4ca0ad326369098d060f725817d1cac22f74ac7

  • C:\Program Files\7-Zip\7-zip.dll.exe

    Filesize

    225KB

    MD5

    2d7042168f45daf4341895b72a482f81

    SHA1

    896bb7851723064a19e7986309cd391bfd90383d

    SHA256

    d47578855b93589ae9e7fadcb796417619a119886bfa14dbb7f37931b99c222d

    SHA512

    f32b6b62768a303dd983e90b09695b46582125e23d17f1b43b6b8a2b26557519318aeaaa75e4a0d69bd5fa5ed042aa57f655859a5a184aa4608c9d9661aba72d

  • memory/4876-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4876-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB