Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:05

General

  • Target

    ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe

  • Size

    96KB

  • MD5

    8cac31afea290bd6a31bf7521b438660

  • SHA1

    d564facea5f4208dc01dbff02b4a16465d3c33ae

  • SHA256

    ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6

  • SHA512

    380ffcddd2fe5eba4a5d1ef1c1a103e9b1410f3062d75f3e88cb17aad1bd9efefd8fcdc3be586d9edf208bda45d2e73617fabc8d447600545cab4e34a4fd770d

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBHfiPDTW7JJZENTBHfiPdFT:fny1tE/tEAFT

Malware Config

Signatures

  • Renames multiple (3456) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe
    "C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    96KB

    MD5

    1669fed2c47259f06d0541503548d348

    SHA1

    bdd47e1fbff63497606b7201b6c11b016e0b9591

    SHA256

    c2c3dd267c6e8c9955c9b76e7560b66e0412dacbe5ecbec9bf6dc0a82f5e00ff

    SHA512

    3c45f2d4274655173afe652c7f61ac1a4fb4b6ed7f8d69eb79b463b31b0da7b1b6f4c9f567a577cf886d57d90cd4a4e89754948a513852d149accca716a8d749

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    105KB

    MD5

    1dfa2358c9a98027f8720c0791b7d802

    SHA1

    953004aef2ec2565801069888006d6d88ab600f6

    SHA256

    36a94862426e7015228735e9dc4765bed10018a4580d25cc75aa04254fd9a6f4

    SHA512

    745468eddbf84461007ce543facf337e4969d890739bb333a6f1764bc7f0b9b47878c45195243643486fa381f4e921d09df662a290e83d0533aae7135f70a5e7

  • memory/2848-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2848-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB