Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 00:34

General

  • Target

    78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe

  • Size

    64KB

  • MD5

    b0907e7f0d00fe6aa00e79d14fc040e0

  • SHA1

    b65a5a0560c1c7957f0dbd831ca9524b838e3273

  • SHA256

    78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315

  • SHA512

    9cc0f91a8d17ebbe62b87b7bfa40b1f6206740e8efdaf8409e90bbac478529b646f30bec1ad32a7a11efbbcad6ec6570eff257243c2f4c9e06e009aa5c772f16

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n05:V7Zf/FAxTWoJJ7TU3n0Wn05

Malware Config

Signatures

  • Renames multiple (4726) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
    "C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

    Filesize

    64KB

    MD5

    d72ca8e4c87185db577e9f7295292dc6

    SHA1

    e65249788babb7618d6a4ccea0a5c86167be4ac2

    SHA256

    537ca791b09cf72203cac5281d0a7c74ee95d9627cd1a93c37fb127e2c5e5955

    SHA512

    3a4ef89ba191ddf71b674fbebd964a3eed7cd9c5343840cba65e39e968ae8bbacf213e51264397587a609bca719a4b6a0160b58f5cb99fa6a4b63d9e3af25360

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    163KB

    MD5

    cd24bebc5601f317a1cea7ce1f2f6230

    SHA1

    a2aa24da06fc998acc8c3564c910edd3ec41e47c

    SHA256

    d7dc861e0b863a16a9cc822d94fdf71d2d72d2fdbeb42244dbbc9c98bd410e81

    SHA512

    ec96232bbd82669458ff06bc0a7f624c3e80f6c19704a6af33293807ebe73f4fde7845a22b2c0c6018f2d184dd597637e110108efebfe100423cb1eb9eb1cdc8

  • memory/3496-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3496-656-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB