Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:23

General

  • Target

    07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe

  • Size

    40KB

  • MD5

    ee1257b67d36a774e718697014c7c730

  • SHA1

    c0743dc8e067afd019095c31bb4250682b2c420a

  • SHA256

    07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2

  • SHA512

    28e527eec81c774f488bd4cc5510c07a1be70045c70085577083ac72114ca94f1f679032db62bf3fed93f69c281c9fede966d02c40745168492f048273667a50

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeKiwle:CTWciVRRNRR/

Malware Config

Signatures

  • Renames multiple (3453) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe
    "C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    41KB

    MD5

    d74a9210c306ae32c419f51f34021a62

    SHA1

    68cac1f1278eed0dd2d7fb4bef25ffc4ebe84b08

    SHA256

    0bfdd3ed56d9011549bffe711535fe6068f1ce1db59e314365448404038c0594

    SHA512

    5369ba8622addffacf00b6dcce5964fb3f7f4173e3a18d159b98445cb7609486107aa163b555c2212090ce0edeb95657e3bf36f121350a9dcc7f85d90044ec50

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    50KB

    MD5

    50bd1e34d20cd19fe940a40c866dd4d4

    SHA1

    e0c5c821144cb68b79b5c1467b50396e30fa2601

    SHA256

    ceaeeff9f61aedea71e58a389a92c896a57bbcb6a3610dc704565e07aef2fe8e

    SHA512

    c7055e04daaa02988f2f2ccbb52d4c64f5c894c12efd85f1f9f38aa94489f3152216e40801062edae246c1263a4330891aca795b8672a70db39ecbbcda4ac60f

  • memory/2668-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2668-74-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB