Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 04:17

General

  • Target

    be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe

  • Size

    61KB

  • MD5

    c6f67eae04b15acf980a62d33f71419b

  • SHA1

    735fc728f7d7bd65c11e084f6ad3c703e358e8cb

  • SHA256

    be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f

  • SHA512

    229e1ab94598e71993a19a29a9a1681772a3f8348094ca5d34eb3ffbf44491d97aea5fb2246b117b59151fa2e976939b0cbbd0ba2eadc7038f9febd6f72d0619

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4i/:V7Zf/FAxTWoJJ7TTQoQ/Ib

Malware Config

Signatures

  • Renames multiple (5129) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe
    "C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    fc4e0d19bcccb51a19879664509ae2ae

    SHA1

    5de4e7fc85098e417af64fbf57b69c9a065b39a2

    SHA256

    6985935c4f941283afb6e5d984b1f580985a6481a108fd27a14501f6ae01e17d

    SHA512

    d98b3c14a8fd6393b030e9dd119e8fe7c041300843eda88ca5ba699cf9786c180582e27cc4a9b9ec0a94cf9c8aa70c9dc689f8b3046845109dc4f798ba1a545c

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    7ce6469658ea38b7ea071c0f88a5503d

    SHA1

    debce42dc1865894614384514f2934a207bec6eb

    SHA256

    cce4b631f593d700e87d18b1a0b99169366d7c8ae10fb339bc66578c636a7c0c

    SHA512

    d021d77ee264a3331dde183d61dbfbba9a9e8bdb466d75bbd3b7eb080ea14f646863684b807dfb4db89897d3e6d98bee705e80f665b3c71adda63ffe7efa2f64

  • memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1624-756-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB