Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2024, 00:07

General

  • Target

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe

  • Size

    87KB

  • MD5

    d67a0e9b1d05aa869c422592185445e0

  • SHA1

    4167835d2e200f3f6ee7088958bfc5a06559531f

  • SHA256

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993

  • SHA512

    87ab48b762307f58646f18c12e5f608b9905074e524f0e068131dccc2b029635975a1b33d5b54da95e5e3019b04a0619ed9bc4b676b21d60d59b83bcc9809b73

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwW:fnyiQSox5KwW

Malware Config

Signatures

  • Renames multiple (3459) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    87KB

    MD5

    e9483a43e2539678b64a16335d7add01

    SHA1

    b9409d03a68ba92855bd6d8c04ab5d8d2493be89

    SHA256

    6ad7f36b49a0019070da45e215e48f21609ad6e084d433b9e094192b5a0f1f2a

    SHA512

    8e460117381b1ade0077d8de689a25e6d546b8afc8f94424537ed115dd3b0a0757f67f435ec5137769f10e8b83cd14dd123a79b4cfeb55fe38d51e0bda599e0a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    96KB

    MD5

    83bccce0c7569274c34b8bbaf707c211

    SHA1

    d1d62b226bd2539823ea063658c02cb1d9fb6b2f

    SHA256

    d4ea0570b8339280e1443ee6f614f072b488b9785a034c05b74c9b66bc0097bd

    SHA512

    98977b2d7a378fddcee5aa98c57409094fadf3b893b8756be902890e7da8562896cd47a297fc990e60ed441497b6302a0d2fc6d2ea7f2fa1607a0d0c8505eb3a

  • memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2180-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB