Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 00:07

General

  • Target

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe

  • Size

    87KB

  • MD5

    d67a0e9b1d05aa869c422592185445e0

  • SHA1

    4167835d2e200f3f6ee7088958bfc5a06559531f

  • SHA256

    b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993

  • SHA512

    87ab48b762307f58646f18c12e5f608b9905074e524f0e068131dccc2b029635975a1b33d5b54da95e5e3019b04a0619ed9bc4b676b21d60d59b83bcc9809b73

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwW:fnyiQSox5KwW

Malware Config

Signatures

  • Renames multiple (4716) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4bf9b9ea545a4310fe50d9bafece13e98197d97e8abb2e3ff54cf9b83de2993N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

    Filesize

    87KB

    MD5

    c1a981fbec29604417dd176c50926b5e

    SHA1

    9c32b566bcf8b0c818e5f910130368e83605dbc7

    SHA256

    dbb0773cf8009768627f1e9ded230ef092a8cf5eaa4a84722469689138ed6b03

    SHA512

    5220bfd879dfc70a150e64ea0e7aa5c58553a22c5a6ecbec283c434d7ea64d5e437ce6b3a17eabd07932392514507295eed120f419ad8505b9abf45fd68426bd

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    186KB

    MD5

    79b9ca55f5d7eab23a666d5e50bbb2b3

    SHA1

    920dabf6cc829e4fc6cb1ee211f45eab2e1c81d9

    SHA256

    51f06f17c05afd57e153f05e5007b7e75118e6a0900d1072e35326f3ab7ca691

    SHA512

    a77dae3f42a8a73dc586d3ff30bca21d4b3ed68fac4c79dd0557077024664615bccb58212d7c60eb3ec941e1f1e31171605aed5626efe2c07a0ecd3b1a41a30f

  • memory/2280-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2280-652-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB