Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2024, 21:54

General

  • Target

    5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe

  • Size

    48KB

  • MD5

    ce612c08fbd73a2297549f2ec1bbb141

  • SHA1

    0d7b4d8e1a747ff488f2adb60afcd0291f63a125

  • SHA256

    5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8

  • SHA512

    4f0bc9621a852427bc5d0eb0d115a7c4271c48266bab98f239bf571d934b458ec9aeb77c4a7594b0646642aed836df2404b9da8f4e6eb33cabf291363054d2f4

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBmX7h0MpX7h0Ms:V7Zf/FAxTWoJJZENTBm9Rp9Rs

Malware Config

Signatures

  • Renames multiple (4919) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
    "C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    03563989339ac488cd8f2cb5c15fe140

    SHA1

    18359b747c335a74f9763a1d2467e1a68f69fade

    SHA256

    af68ea28d67c7eb2ef1a9412ec5e8f7ad439a3929fcdbaecef7c20a48afe5b79

    SHA512

    d93739eca71e0fde119c78abaecc50ffca992b5dfcb07fafa752a7bd8c76f178cac234263190f9766e3ea67bda2b18b92145fddc4a0b4077a6677c9bd3566bd2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    147KB

    MD5

    3f2f16ccf7781bd430d2cd9d4455557e

    SHA1

    ccab6afb0f160496fa0fe5c973f69fc73ea3e52c

    SHA256

    a174fad7b51da0ea0bd7c995f442d875ccd4661f48d6faac4c776a1e0effd77a

    SHA512

    503a859c6dd5c36fefaae7c6d788e76b6dc04cdad5a47909d443fbc882258b7f57885ba825bcea841c12d3e147c6e728af77f18529bca5db56f4d8329b36571c

  • memory/1092-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1092-664-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB