Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2024, 23:57

General

  • Target

    7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe

  • Size

    43KB

  • MD5

    45921f5e7ecf484a37dd527df0cb161e

  • SHA1

    077b629e76030bb18563db3b502e9226cfe8040a

  • SHA256

    7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f

  • SHA512

    84c2b901403e8078b57504f0ba4a741408415df22d864a23aad8c0db6c54ddbec759a62273fb68350e5a7a29324fd6092b76920f3a2dd8c49ea5437d62acc458

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBv:V7Zf/FAxTWoJJZENTBv

Malware Config

Signatures

  • Renames multiple (5014) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe
    "C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    65a429538cdbd69b82f194a20e0390f0

    SHA1

    9c20ad135d9029f58f5023dfadff780fc250b934

    SHA256

    8a23731842bb495897f37ca114795f3c7c3079dd80c033aa7e87cc773986d169

    SHA512

    8e50c4b7a1d56a0d5053ed3f230bf7b5e1fb4166ffdb94db1ce38b266436a35983050ccc336853f4b8e34a5a59df9f3acd47452be0aec5e2243eb536387801ba

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    142KB

    MD5

    6dbe7f430786d384157e61f4533f71ca

    SHA1

    ee565840d41d57eacc02ceb3ffcc6e5d140966d5

    SHA256

    77f913f6b984df1d3f9a755adeed3bd6aa6fa330cb3174e4baeec0fb0bb4cb03

    SHA512

    29abdb6a0415b74d18e852a11c659560a9c3475b92bb9f8cfbb4f600d6b57931e56c91c5b7825d7e6774ba82d5255bec3e3f90063b4178989e639ed2932a77fb

  • memory/4660-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4660-678-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB