Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2024, 23:37

General

  • Target

    c687d0b4ab159a9f6350512288afa105b9e8ca37c1da5d20803c7069d2155a43N.exe

  • Size

    39KB

  • MD5

    edf7396b85137323ed9a373a6024adc0

  • SHA1

    97135bd8c118ee142effb321b675624548ab36ca

  • SHA256

    c687d0b4ab159a9f6350512288afa105b9e8ca37c1da5d20803c7069d2155a43

  • SHA512

    f162b902d6aa8d481010774679531a670fa9936297dadaa8cd7df3df53f6db70fef7c5365e1e46928212c17eb746f3fdecd6a17fc826bba124302373cf956f6f

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJEopodSox/6Sox/9j:CTW7JJ7TPUTE3

Malware Config

Signatures

  • Renames multiple (3372) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c687d0b4ab159a9f6350512288afa105b9e8ca37c1da5d20803c7069d2155a43N.exe
    "C:\Users\Admin\AppData\Local\Temp\c687d0b4ab159a9f6350512288afa105b9e8ca37c1da5d20803c7069d2155a43N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    cabaccb2338e1e5ad368c276971046c4

    SHA1

    24652f4e7245f51bb58239637aff01916fc3d317

    SHA256

    489037304028d547ce04c8e830c341f66bc8fe15d2249df9e80c876b48eea3c9

    SHA512

    820dd9f494e27d9b357343dbf2b6032cb167c539af29c2c1f548bbcb085911e71875accd800ce1f217a547001856c6b08e6a3ba8321f9199311d92c6932d388e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    49KB

    MD5

    60408560f114878bd66065f4ff9755f5

    SHA1

    4c30e5c4f5a93fc6369d0ff5557bd503eda68888

    SHA256

    3d6a28b82a229fbcea711c4a922347603d56cfd34359dcd9488636f6ef2d5089

    SHA512

    4ad4ffb2c2d2f60b65e227c5748f4cb9f9bb2020cd5aae361adb377dad874146255f62f056e8ebe4426c3f6bbad7f60220b90a76f1cd4ea5f1e25f087297433d

  • memory/2764-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2764-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB