Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 04:48

General

  • Target

    be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe

  • Size

    73KB

  • MD5

    8989d069cd157ed8b87d3c3e8a046c20

  • SHA1

    0d6cc9d02cb154cdc12ff6513e0b46bce960bcf2

  • SHA256

    be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1a

  • SHA512

    6eb6b25c6aef762f914362a125b7a9ba775f247eed04d9855f8a887a41d40d3c054c52fef6a695e6ec2161c49802209545a79596674ca1406a625bf0d91f2f6f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiJFEFuodm:V7Zf/FAxTWoJJ7TTQoQPyPhehv

Malware Config

Signatures

  • Renames multiple (4529) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe
    "C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    73KB

    MD5

    47bd8f5e2abe3d820016cd3127ae85ef

    SHA1

    6da48a2c8b44ed4e70b86b7279856a24e8370ae5

    SHA256

    2349d7f33a72afcbcdd0c44a472761a94ea02543abfdac5b96ac7a6416d1cd40

    SHA512

    b4135f8e606139b2d0f19d873c4f04ab644e58456fb0e840e035fae5e240231e14c165006c3c97ed24e75feee8162339407c2398839334c5cd31eb0cf4e07fee

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    172KB

    MD5

    e6d42b92ccf76f993269a1879acca5d3

    SHA1

    93a25dc64be4d21d8a5d425b10fbcc0dd0b48994

    SHA256

    5c23dd7a0286e548e9d27c8a209c183f7e7df975defdc38654b10003471ffad7

    SHA512

    dab8ae6ea1c9b001a373c1ae90cecb215f0fc84b0aa67f43503b74a3e4d283ae5e75efeaaa56aea466db551fd98a98ac2dda8b903b8b839a59ffe253aa66fad7

  • memory/4800-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4800-666-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB