Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-01-17...de.exe

windows7-x64

9

2025-01-17...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/01/2025, 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe

  • Size

    145KB

  • MD5

    30d2debba19325e4c07c147a538ef3fc

  • SHA1

    7d5a7965fe464b391daf0d36dfb862d7f53c7728

  • SHA256

    511d32b8ffcaca77f86601ae758adec70949b46441f383cd6ab3dc02cc898723

  • SHA512

    2c8b02593ea454da7e33eb453eada12525a33c501b217c11aa6dd88bf254df5c057a9b2f7deff2df74b27cd361c2e1c9b0abeae965552500c6a69791a5a8c7d1

  • SSDEEP

    3072:uqJogYkcSNm9V7DjE3JJIa+cg3jdaNUKT:uq2kc4m9tD4ZUJOU

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (353) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2984
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x14c
    1⤵
      PID:1648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\KKKKKKKKKKK
      Filesize

      129B

      MD5

      fc85f8ec53a6936416eb41b081215a75

      SHA1

      ee6d0e6c9b7b84760c10f60c6325fa2ef051fb58

      SHA256

      2654962fd26cfebe7d70c4c84f5f1f2b1f70782aa0f8afad26367de18dcff8ad

      SHA512

      22a1dc225dc4addb49e1cffcd9b70e1764af431fa0a6a2535d4750acb849b3f5972d0c07f171eb98994bf68e30aeaef70d86547cc0a0556dfa40a6559a1c02d3

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-3063565911-2056067323-3330884624-1000\EEEEEEEEEEE
      Filesize

      129B

      MD5

      87bb9b7c07a777eb812902b9ca8b4a10

      SHA1

      329e0179f74603cd019e732e753918ef64f59c71

      SHA256

      3c11be898b9c003a54c0201449003cea625527976d65f1823fd5f4b9b7fca053

      SHA512

      d05ce940f787290f3b7f7fddeed6f2b0e8573a9095c5911a3fa5517b6368dbd0aadb062f1624afb817402c6e5ce272c588f4b5337855964fbfa3c8c5784c978c

      Download Submit

    • memory/2984-0-0x00000000022C0000-0x0000000002300000-memory.dmp

      Filesize

      256KB

      Download