Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
29/04/2024, 22:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
-
Size
75KB
-
MD5
b48c470620a8c809871f830866da856b
-
SHA1
202ea7d7e4710babeffafe00a191d8788b3c63d3
-
SHA256
603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912
-
SHA512
7847f614e54612d8c008c0c5d67bf53940fa838f1ddd973da51edb36e06916e09806bf5d6cfb7bb3ca11191a7d3f1f6f500ff73121d0332cd0ec65d95099e25d
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7th:6e7WpP9oVLQthbYY9oVLQthbUrt7th
Score
9/10
Malware Config
Signatures
-
Renames multiple (5167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\7-Zip\Lang\ro.txt.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\7-Zip\Lang\io.txt.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ru.pak.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp 603f6f50b3344dd5b5a10347cefdbd7883ad5be4f3be4e5096b6a66048c5e912.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD5209036fdb270212ea18ee68309b2540f
SHA13d755e9b47b921f05320d8c8494deaf8d5e50f94
SHA256a0fec40d4ee13af32f6db958c5bf108d94404bacccaba9503a8ecbb7f168c92f
SHA5126b3c05b6854b4e8bcecec798276cf1a002bd080f6e513a80bcaa41961231fdfa8e50561221ac8f7da700bd36a9ac36eec1b6a3bfff35a5a87a0b3ccf90359740
-
Filesize
174KB
MD546f0627409ce598ca18c7bcdbdd2580e
SHA189f3df2935f053ada9717420c4a2bfdc5b7a8751
SHA256f6c45ca01c2876d239340b053260e41ba2e87ec4f24f02e20eff2ce651bc998f
SHA5127f0a9df0e3d2d546cf8a65e96765e6b62443fe5432f5709e0d442d1f4dc865ef8eebe4a427f5ff54a79c961db734c232c985462525081808e5c69c23b98afb23