Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 04:52

General

  • Target

    be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe

  • Size

    73KB

  • MD5

    8989d069cd157ed8b87d3c3e8a046c20

  • SHA1

    0d6cc9d02cb154cdc12ff6513e0b46bce960bcf2

  • SHA256

    be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1a

  • SHA512

    6eb6b25c6aef762f914362a125b7a9ba775f247eed04d9855f8a887a41d40d3c054c52fef6a695e6ec2161c49802209545a79596674ca1406a625bf0d91f2f6f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiJFEFuodm:V7Zf/FAxTWoJJ7TTQoQPyPhehv

Malware Config

Signatures

  • Renames multiple (3737) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe
    "C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    73KB

    MD5

    aff13782488f8dc307c01fbb1415f8d5

    SHA1

    e02c4354ea90609dc719e0aa1ac6c35596cabd1a

    SHA256

    96a904c776c8876384aa4475be40ad8873cb64503e3eb049c9eb4f965c0bbed0

    SHA512

    70a4cdc10931958fcdbe43993fca6ae86e499a1721b03507ba4ef92b1d7d613d63b447bd7bc36c671668fa9e2baad70e5f64442e6b27baf437418ad243900bcd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    82KB

    MD5

    01b023516cc7dc07a645f2197c8f733c

    SHA1

    63cbf673148d4b643f471ab5fcb1b9df9c19d64f

    SHA256

    feed7d8472cfd893c47dd9d444b5a01f1879a63e870450d7502fdff4315d5acd

    SHA512

    c02cfc8615f6fe883daf72c0eba97b20ef07a7d9099147fe029fb37f1791086c2e35ac8bb518ddce4fbd46e1396151caf48252be834566e0551ed6cb7beef5d7

  • memory/1908-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1908-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB