Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01/05/2024, 14:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7952224e8b3fe2d35ac852a57aa980c4.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7952224e8b3fe2d35ac852a57aa980c4.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
7952224e8b3fe2d35ac852a57aa980c4.exe
-
Size
87KB
-
MD5
7952224e8b3fe2d35ac852a57aa980c4
-
SHA1
14378d86178cda2313e3495036a71e87a17de3a4
-
SHA256
729a1aa7dac9738bb572869785b5594863df0e11ba166f1aae837a718f709f45
-
SHA512
4f05bd796d7ba881298c971192b9c1be6674c3bf8d3c8444ad055cbc62a43299755e90630cb345e2ddca7ee5fce6d9aa7330662d32fb65c8e27a5e081542cde6
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNV:6rWpcOPxPke+e3fFpsJOfFpsJbgE3
Score
9/10
Malware Config
Signatures
-
Renames multiple (5043) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\7-Zip\7z.sfx.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp 7952224e8b3fe2d35ac852a57aa980c4.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD59a0f98d2dce8fc0b41ed49aa9ccbfff3
SHA1b936e2345e54a519131767052a89fa7c3e57d62b
SHA256cc2086b5850a604b0679d962450ffaa363be796b40398775c1b8f2f67803fa45
SHA5125ab18c5202c5c2354d233ab92b5d06868e7b50b7f8c60edcf92ae58694576475928c456b4cde1e3c755e013c5366f22e2d0c7cdc8463d3ca44ba23083a39b64f
-
Filesize
186KB
MD5555737c974efaf3c95137353591ff5b3
SHA1fa17209850b4a6bdcfa95bf201689c0dd1c139b2
SHA256574321e9cab1fc5031bd147d00ea429945536601cf37d8aede38a10153022c89
SHA5129af1deb8dcd9f2a7b03d5b20591f379f598be550d23deaab88f9c94f2cdbdb671f39c5571709aa783bc245a4dc8dbaa948434d567764cef520f947aa367ae34d