Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2024, 23:29

General

  • Target

    7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe

  • Size

    31KB

  • MD5

    bfe08c2fb7c1bd874509fdf74d9e8d06

  • SHA1

    04068d5d000d06fb956afd2bb6cf6d5047211cb7

  • SHA256

    7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608

  • SHA512

    2d3aedc70dd2044d34d8ce9d4655044389f8728633f1565e558abb27fe067104933dc194b5e6e0ac93c552edffbda78e57a545e594c7e286ecd366143907984d

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Y9LlGlK:CTW7JJ7TQlGlK

Malware Config

Signatures

  • Renames multiple (4701) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe
    "C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

    Filesize

    32KB

    MD5

    1e149898828214627a0ffa4582d3735f

    SHA1

    082d621636648ec580c25a472d0dbf3b0ddbd560

    SHA256

    5cf110d69269c352a47681bd0ca0ef2272ea33663f9a335b2c30ae8af50d7084

    SHA512

    0aa1a2bec98b8c0b6ff783cacead7740099a7cb19358051465e513adf4d5dd828d252d448608c9f8a7a5536da938d54774915a257dfd0c9b4388049ae86c1ce9

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    130KB

    MD5

    1047b5b8d763dc40ba4887f7df376448

    SHA1

    12b3d86543dd167553392112dfaabab3992f272b

    SHA256

    74a3cb188901f4a82d8ed7314c73dba769bb2a1938f7576de0f1364e41f698f8

    SHA512

    2e0e778d396e10f0273961193afc84c9fe43badab54fbded1626445372c5e89ee02353681637c906b87b2452d031b222837bf4ad1113309db81a988dd7046027

  • memory/3420-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3420-655-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB