Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

b2d6dd95e0...8N.exe

windows7-x64

9

b2d6dd95e0...8N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2025, 21:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe

  • Size

    189KB

  • MD5

    9974dc1446fa5741ae9cfabac86fc0d0

  • SHA1

    e09ec2a456a958c010d156afa0fe56899cc7c118

  • SHA256

    b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18

  • SHA512

    27927d6727491b5414dd13293b3097ddfe524be51a34bc7d9a3155f19bd4712b03195f2bb62fdb5774cf6cafff4017cccdcdfe0e450db29c0ad2fe02ee53c9fd

  • SSDEEP

    3072:htEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiP+:fEyyj2yAIJbIjNDv0bNXkbvLiP+

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4037) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
    "C:\Users\Admin\AppData\Local\Temp\b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3188

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    16.180.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.180.101.95.in-addr.arpa
    IN PTR
    Response
    16.180.101.95.in-addr.arpa
    IN PTR
    a95-101-180-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    20.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    132.122.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    132.122.16.96.in-addr.arpa
    IN PTR
    Response
    132.122.16.96.in-addr.arpa
    IN PTR
    a96-16-122-132deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    197.87.175.4.in-addr.arpa

    DNS Request

    197.87.175.4.in-addr.arpa

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    213 B
     145 B
     3
    1

    DNS Request

    241.42.69.40.in-addr.arpa

    DNS Request

    241.42.69.40.in-addr.arpa

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    16.180.101.95.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    16.180.101.95.in-addr.arpa

  • 8.8.8.8:53
    20.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    20.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    132.122.16.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    132.122.16.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp
    Filesize

    189KB

    MD5

    e5a07b1375eb2422b69a9517fc2c3651

    SHA1

    06b3ced4907929b0bff4be5133a06e496e520037

    SHA256

    3e041867202ad176fd0e4ec96180eba2d027d21dc5624f820d40ea551552c38b

    SHA512

    64c2c23a4ded06434d5fbd4a07691fd98b5a94a9f3515e332c088899fed4fab63f5fe25696727e1084b1df204a03d1221eb67382ad67d742b8ecae5f812c64c4

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    288KB

    MD5

    ff41d0685ea93eef5786e86affb563a7

    SHA1

    94a762562a13723893807df54b546ac0fca222f2

    SHA256

    2c9901102c15f76323de80bc23e0cdd38817d43b51f0a994237af7d17992ff67

    SHA512

    5e065b9ac6dc39f38c5a69bc0ec9a186556922f48b9222c18c32db2c12d5f9da9a3985e50f560d00ed1170d8071abea31ef912e44cf9f911b4facdb7f085b35d

    Download Submit

  • memory/3188-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3188-658-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.