Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/04/2024, 22:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
-
Size
75KB
-
MD5
b48c470620a8c809871f830866da856b
-
SHA1
202ea7d7e4710babeffafe00a191d8788b3c63d3
-
SHA256
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912
-
SHA512
7847f614e54612d8c008c0c5d67bf53940fa838f1ddd973da51edb36e06916e09806bf5d6cfb7bb3ca11191a7d3f1f6f500ff73121d0332cd0ec65d95099e25d
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7th:6e7WpP9oVLQthbYY9oVLQthbUrt7th
Score
9/10
Malware Config
Signatures
-
Renames multiple (3662) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD5f34e1a5919cefe9c74b3181a3479d404
SHA1de5dad0dcfebfdf73ddff92f9a2e49ecab9bda0f
SHA2561be329d5e45ea249459936b3a6339604609f9e33a50b54aee21a7ed0793ca599
SHA5126f23c987ab97e6afb0d6f566b853f0087cf2d891503ed3cbf78e9595387036708931b7040b292368595ddca05e44d1cd468b79a16c669f4f94ef605ea4b32a33
-
Filesize
84KB
MD5ff2c4a28e4cd76980c74df576626aca4
SHA1c7ae3d53df8e3370209a1fd2186bde10d3a957fa
SHA256675c0927cf23ad1d3c3fa6f63bf0bfac9db51b8e9b039c2839f4f227cca0db23
SHA512649254aac182f7e75ef100698e66e5da5d0562bf1da71fc1214994b88e83279613b9edb3f08aeb6aa0e784d9c9cfb9c91b0bb76be3872573d92f2b4932fc4274