Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2024, 21:54

General

  • Target

    5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe

  • Size

    48KB

  • MD5

    ce612c08fbd73a2297549f2ec1bbb141

  • SHA1

    0d7b4d8e1a747ff488f2adb60afcd0291f63a125

  • SHA256

    5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8

  • SHA512

    4f0bc9621a852427bc5d0eb0d115a7c4271c48266bab98f239bf571d934b458ec9aeb77c4a7594b0646642aed836df2404b9da8f4e6eb33cabf291363054d2f4

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBmX7h0MpX7h0Ms:V7Zf/FAxTWoJJZENTBm9Rp9Rs

Malware Config

Signatures

  • Renames multiple (3459) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
    "C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    7d6976908a9be3135f22246a4185b73d

    SHA1

    b250df9cb651fbe2905d5c61aa21b5de26773a86

    SHA256

    f5c69dd0dd8bc12c29b71a5d3797d09ec7d5ee107972c49151ed4f90277ad5e8

    SHA512

    85f39e1523cdc8bc10268949d26691657a98694219afbd917b600d4e5886b3b7749715c8f642795297cd3562e8a55be1722ada1a1c10e49cefb4d911ac6c472e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    57KB

    MD5

    392d7cb606458a59fedb21284f6a139d

    SHA1

    7f9cbc6202e6eb1a5ed6828c9c6849ef32bcca85

    SHA256

    def11a50ca8d397cc48042e7a9eaf7eff5526915e9b250e5f556a91c8e712faa

    SHA512

    f708cd815cec12d781b87eddfe0231a748cef3d0800fe6d9015192f1e439505b93005c9fd2e077ced600bdb0725c54b43ce92567d6d7baa0d2a158e2df6e5c71

  • memory/2524-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2524-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB