Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 00:04

General

  • Target

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe

  • Size

    87KB

  • MD5

    d67a0e9b1d05aa869c422592185445e0

  • SHA1

    4167835d2e200f3f6ee7088958bfc5a06559531f

  • SHA256

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993

  • SHA512

    87ab48b762307f58646f18c12e5f608b9905074e524f0e068131dccc2b029635975a1b33d5b54da95e5e3019b04a0619ed9bc4b676b21d60d59b83bcc9809b73

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwW:fnyiQSox5KwW

Malware Config

Signatures

  • Renames multiple (4311) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

    Filesize

    87KB

    MD5

    69731ff4bca08bdb18f55cd08aaaedc9

    SHA1

    cb3804c7d3bd43f04b21a9f4ca6eeefa105ffd5c

    SHA256

    ff0724649b214df215151a4abe47ccec4926d89d58c5b0e732e40c8471278773

    SHA512

    0e2047467bbddd3d82502e2d4125b2a7daa5bc2b7326749d64f66a1020140904be629a9633b8221a0911e38a28ea1f1139d4490623f022c420857551ccad58af

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    186KB

    MD5

    9ee72824b105c256c7016f65c95b1ebf

    SHA1

    f94341b50055e4ff421d727ee8aee164d1105af0

    SHA256

    2e53f6816c72ebc1881a4fe6f128eb49abaefacd219d8b1c3a02dd11e6f5495f

    SHA512

    f01e4dbdde172d9ab02398c06227e0975a5600784613fe9d67b4cc6f85e0705539b64a285277e88618bfc2ac96210dd8f59f6ab0346a2d705b1d6ca0d78b1c67

  • memory/3584-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3584-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB