Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 20:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe
-
Size
96KB
-
MD5
fd9d98df8e0a4dbaafa9a8f8553d1033
-
SHA1
f4ea2535fcea280e5665f4aaa9b94e682143de29
-
SHA256
3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596
-
SHA512
721436ed6147a577c12ebf6eef89bb2359b790fe42c94d06f1f924f86d9cdb1ca7bf34522c9272ce1ebd949ac1162d8840d8e01d809a4b95b008cce11446c641
-
SSDEEP
1536:W7ZhA7pApH1IwVHykEElEa0NQn0NQie+ex:6e7WpnhkElEa0NQn0NQie+ex
Score
9/10
Malware Config
Signatures
-
Renames multiple (1064) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\af.txt.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-memory-l1-1-0.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClientSideProviders.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.Common.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Xaml.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Design.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationUI.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\D3DCompiler_47_cor3.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Controls.Ribbon.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Annotations.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Process.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Resources.Extensions.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\7-Zip\License.txt.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Sockets.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.IsolatedStorage.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.Editors.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.Win32.Primitives.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Quic.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsFormsIntegration.resources.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp 3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe"C:\Users\Admin\AppData\Local\Temp\3218c7a2f6e0575f328576df68288d151772e579b60a6dd1324297bb299da596.exe"1⤵
- Drops file in Program Files directory
PID:1588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:81⤵PID:3584
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
97KB
MD51407eac03311aacdcbe1604c7aa306b5
SHA15ef8b9a9f72186b1dfc19738a1bfb332dd7de907
SHA2565c0100a0606a04acf925c5b8c5143f11f96e76a398f1cb17c2af61c6eaff2c37
SHA512ac166945c73eb5f7d84b432ef2886a5d500f84d3adaf8fde784987f1243c74619170804d7c35597ff322501f847f2a13f947a924f7e121e5d9aadae178f3653a
-
Filesize
96KB
MD53ea7b856536ef0a0bfe1000d61dde7da
SHA18fdcd0072525c2aa7a5f78b5fe75a815b3bb1daa
SHA256f8dbb90cf85b9b5d1f3b48250fd8aa8e2c14a737a0a54c5d0642048216d89b1c
SHA512189ec5005b845a20ad8ef358cadd3401adff2e8423af81b22a765218391ebe790a1a0a7215ef338474a07fb8ffb2e609b782025ef2499bccbd7778b7e06ad8a2