Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:18

General

  • Target

    b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe

  • Size

    59KB

  • MD5

    0180e5341d547a9f8c44e0ee1e1ef960

  • SHA1

    f7263447cb893b7c67605e932a9a3d879f56ba55

  • SHA256

    b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55b

  • SHA512

    e5148c5b90975d2908a074c4094761f9097e341afbfe3078c6b7e23db65e4b1f9c8f9f9da63fc6bb9c9c4a19589320291d7677980652e4ae7b9e9ed2c345fa07

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/3sY1YxwDwI1Q1P:W7ZppApyVyjVy7UO2P

Score
9/10

Malware Config

Signatures

  • Renames multiple (3858) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
    "C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    ffb1dde1767d815194babee88d89bf8f

    SHA1

    8032d5f29518511f831e99880755855fa8470d33

    SHA256

    2813d37d7b12607c905d41f3bda49809e21876fdd44772fc3616052d660f807f

    SHA512

    7bfe891a760f4e92e9a6cc138ca8fb8c71a971517b36aa50ba3589d6a9e4fa5a613f719ca2a4ff7831925c8d8b239b1991495c27a0d8bd7c66a9149a235a90a1

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    a93b040273437a66275af46b50b24862

    SHA1

    7c2fcd971193bb7f96fb3fa643ebe8d67387250c

    SHA256

    16d6adceb01cc21bb5139076123cf3500cda6482d5329fe30e76a59ddd335f84

    SHA512

    feb02fc2876b5a975ecf12fbaa88fcf0fa91ba001e62002523363b718de8bb9b066a4cc19390ce8949fd7442495cbdf72e327e38a1c4923b4f3482c82be3c61e