Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 18:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe
-
Size
110KB
-
MD5
53835e957c21e1a3709f09155e450a27
-
SHA1
492c47d27d9619e4b8f397907517c5bcd1841845
-
SHA256
0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694
-
SHA512
440d17a0f3a706a97b341d6e5f3699b8b2909899f05bb8e21d34e8da6bca464617aa163e5bb681bfd1d73b924bd337d848c0eb136fd3aef79513ee1f5ce9aba5
-
SSDEEP
3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVza:RqlIyFESWu0SWuGSu
Score
9/10
Malware Config
Signatures
-
Renames multiple (4864) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\7-Zip\Lang\lij.txt.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp 0047bf2bbfdf44d7b42e29dd16b4133aabc16599356d3b956371245d9ad0d694.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110KB
MD5558d67c9b29652956cbca6b6ff38f2c0
SHA13066da1cea6485f8ac5a61a7fc2646700ee5d252
SHA2569081c5199848fc36f277569e46d5e06e497d5618772939243fb77bea17fea52c
SHA512a9ad96f0b13785852f130d8b84d5b4f54597c08d6fae2c6d8e50ddd7bc29a902212a80371ad0c8d7b209d8033e15b493ecf39fe5edd06a74ae6a2d7fcde817e9
-
Filesize
209KB
MD5adffadd8c321f182b20c829a513ee367
SHA19083031a03dedacfba3b3a10e584096cdcaa2ec7
SHA256d3f7b056bbfe1be60ff52bca8f83979934c87df3e67325bfe4077a3bf5088f6f
SHA5123225f5edf786215cbd611e6bd7eb2244fd747e42ce433f5c71f106578ff475cc89d398971158d54ad42d8d9a0eaa3c012eb37ccc3f42c6546aa825b5cc8fd3b5