Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-01-17...de.exe

windows7-x64

9

2025-01-17...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2025, 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe

  • Size

    145KB

  • MD5

    30d2debba19325e4c07c147a538ef3fc

  • SHA1

    7d5a7965fe464b391daf0d36dfb862d7f53c7728

  • SHA256

    511d32b8ffcaca77f86601ae758adec70949b46441f383cd6ab3dc02cc898723

  • SHA512

    2c8b02593ea454da7e33eb453eada12525a33c501b217c11aa6dd88bf254df5c057a9b2f7deff2df74b27cd361c2e1c9b0abeae965552500c6a69791a5a8c7d1

  • SSDEEP

    3072:uqJogYkcSNm9V7DjE3JJIa+cg3jdaNUKT:uq2kc4m9tD4ZUJOU

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (617) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-17_30d2debba19325e4c07c147a538ef3fc_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\SSSSSSSSSSS
    Filesize

    129B

    MD5

    3358ff3a911c2a60f49bee2e9b593309

    SHA1

    32bb252b5a895572f459e47e87ab05628b49cc71

    SHA256

    d60f3c314ba46abad7bd194332fce2c5eb964a9099cd1e66c7347ecfd1f6d449

    SHA512

    a45a4bb9f6b541c9d3bcfb2dafcd9be520e68cea4c31b25321c206f2ba6dee51115805cb1f54fbc7d9025607ae122101a690e66a03d9b86b5e118cc2ba0fe03f

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3442511616-637977696-3186306149-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    d10186c1e98e99ae326387f2889c37b4

    SHA1

    22e3151c4c67315f25cf05133af19389bf18570e

    SHA256

    06429d96fa402db63831f5d6227e4c5ccfc3a1399d3f13d97d012afbf6ae5818

    SHA512

    0c524615f99aceb164a019f36616b863e7693f0bb538efc0e526689c2187c6e2dbc5e549f2095eb55abb132a74c46db06713225eb684f59ad7cd935bc86106bf

    Download Submit

  • memory/4080-0-0x0000000002B90000-0x0000000002BA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4080-1-0x0000000002B90000-0x0000000002BA0000-memory.dmp

    Filesize

    64KB

    Download