Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2024, 00:04

General

  • Target

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe

  • Size

    87KB

  • MD5

    d67a0e9b1d05aa869c422592185445e0

  • SHA1

    4167835d2e200f3f6ee7088958bfc5a06559531f

  • SHA256

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993

  • SHA512

    87ab48b762307f58646f18c12e5f608b9905074e524f0e068131dccc2b029635975a1b33d5b54da95e5e3019b04a0619ed9bc4b676b21d60d59b83bcc9809b73

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwW:fnyiQSox5KwW

Malware Config

Signatures

  • Renames multiple (2906) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    87KB

    MD5

    027d4b6127a062166ca59e81e25b321f

    SHA1

    6d2693587ac45885fff374befbd365b4bf80a5a7

    SHA256

    f0ff7aca426376663fda08fecc041fed6c536f6b600b35f9a8bd94559caa1dbe

    SHA512

    33f3a6e5b175fc34370132563c9bad8ac432cf686d68e90391b9b4a1d04993cec890f11992529e291e972345af31812d3a4cd864c96db8d94284f5c6f84ea39d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    96KB

    MD5

    e03d997ed931c867287b2817c2c6f7e7

    SHA1

    128ae1c3207ff5b0342acd6da2cfa74c98b8f437

    SHA256

    5c24077b463756200b4a67710f6346ead6d6aea04300bbb6c92bbd9f5d0b9d27

    SHA512

    a2e2520296507651b3f7d44b31ccc9f650e864fd43045bac5e24fb84110b85d7ab34e33b22b5e001c9f788c6d3228dfd72ba832f74bb8fdfdc2ca859dcc6a2d1

  • memory/2032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2032-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB