Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 00:31

General

  • Target

    78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe

  • Size

    64KB

  • MD5

    b0907e7f0d00fe6aa00e79d14fc040e0

  • SHA1

    b65a5a0560c1c7957f0dbd831ca9524b838e3273

  • SHA256

    78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315

  • SHA512

    9cc0f91a8d17ebbe62b87b7bfa40b1f6206740e8efdaf8409e90bbac478529b646f30bec1ad32a7a11efbbcad6ec6570eff257243c2f4c9e06e009aa5c772f16

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n05:V7Zf/FAxTWoJJ7TU3n0Wn05

Malware Config

Signatures

  • Renames multiple (4318) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
    "C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    64KB

    MD5

    49c998369bac04619ba43d7b711eb279

    SHA1

    70dd2290eb0b4bd46d21d442419b7401568d1e15

    SHA256

    d829c4d85e9ebcf57df701b9aea572a03cdefe45859095fcaab5155816a2ac28

    SHA512

    0f35592594d4e169fb0c5e1877c9a01eb24a7d72442bf3401460bdd2400f711770367616891e28b233fb6db897ede00d2d14f06e7fbc13e6b3136bf08ade8500

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    163KB

    MD5

    1b5ec9b3010d14e96869c1e1c184812e

    SHA1

    b97954d05bfefc3d83bc5ab51fe9ec29e0fe862d

    SHA256

    3ec28e6f395486f782f2028bd7d13179438eee980a5d993517a93688eb0b89b1

    SHA512

    4a62d8b8f06650b9f22f0ffd0fd9c0760ef8d0afd22c40b9e74bc911b4ea8e742b6fa8e679bb4c215e4777664094983c86e4ca091168500bb499b58312716786

  • memory/4840-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4840-656-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB