Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:17

General

  • Target

    be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe

  • Size

    61KB

  • MD5

    c6f67eae04b15acf980a62d33f71419b

  • SHA1

    735fc728f7d7bd65c11e084f6ad3c703e358e8cb

  • SHA256

    be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f

  • SHA512

    229e1ab94598e71993a19a29a9a1681772a3f8348094ca5d34eb3ffbf44491d97aea5fb2246b117b59151fa2e976939b0cbbd0ba2eadc7038f9febd6f72d0619

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4i/:V7Zf/FAxTWoJJ7TTQoQ/Ib

Malware Config

Signatures

  • Renames multiple (3743) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe
    "C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    4fde4b270a6be12ee115315ebd537e2d

    SHA1

    432cb5e97d8972e24dac96cebf323edcc860980c

    SHA256

    e2a063df7b5d0a8a401920ef34d0ff7a08a63bbd3209f36c90a50ce2ee796661

    SHA512

    e34dda0c2c4bd14e5eec4419ffb63d9133b1c5285b68040d144caa5802cf40f6722f5e0d7e721b7ee58dbe7889e22060e860fe303772f469fc1cd310000fe08b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    70KB

    MD5

    52203a3a306efc4cf0acdd2e88735c43

    SHA1

    d288113f980e17cc6c69ce6dc8a75bb8710089d7

    SHA256

    152d2932b49b9e7d7be8661c61f7610296a7db82a943d8663a44e9245dccd862

    SHA512

    3d10edabbdf5ff0e0f73406df5e3c59f2bd12d03b0f5318e7923d35e78bf286221759080c26da3f278814c917ea755cdd765ff18ac9a3de017d030c5f011372d

  • memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1708-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB