Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2024, 23:57

General

  • Target

    7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe

  • Size

    43KB

  • MD5

    45921f5e7ecf484a37dd527df0cb161e

  • SHA1

    077b629e76030bb18563db3b502e9226cfe8040a

  • SHA256

    7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f

  • SHA512

    84c2b901403e8078b57504f0ba4a741408415df22d864a23aad8c0db6c54ddbec759a62273fb68350e5a7a29324fd6092b76920f3a2dd8c49ea5437d62acc458

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBv:V7Zf/FAxTWoJJZENTBv

Malware Config

Signatures

  • Renames multiple (3449) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe
    "C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    c5fe427f011e5bd5726b069a4ac20e1b

    SHA1

    04d8b06616cf89ad799bf2ecb7cb38e3b54359e2

    SHA256

    b118b8d7240181d0e94d606734ca0a7b0ba147adb7abac376dd1ed970ac421e4

    SHA512

    92e14d30ae5085e3bc69d887ea01f701559b3e71ea2b2c3765acf6c2be4358f66958ba89af89e904f76465b97bdcf2d689c57f2df6b64e111a7c0b5dbc7e9151

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    52KB

    MD5

    954e1e100d388be2a5e9f9f529a30fc0

    SHA1

    9cfbd32029d0657f09707c14e7562588edf55865

    SHA256

    32b70a0e63422aa810bc7f30142f3ab3d173b7dd4e933bd8aa92d7dc61ecb59c

    SHA512

    cc3b6577f753864f99d9242adeb46d76608ad0e0a2a2df0c2d99dfb43a32e015b62a8a9674cefb24644ee199176e63e13c4e4276f626dcede4620efb168b2e9c

  • memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2528-62-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB