Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 01:23
Behavioral task
behavioral1
Sample
8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe
Resource
win7-20240419-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe
-
Size
40KB
-
MD5
8a8150afa0511c7e6e72f63b01cdc2af
-
SHA1
f68ca1e7c729c938970ad1350af7f61aebbd8efb
-
SHA256
8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07
-
SHA512
d3ce04ad50003269ee5c8077aee1f4ced3bf92eba613964bc9b29729404542296f1ff4754a2c58dec08d79efce68dde3536f8d5ba80838981c325632302bc74d
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2bTgT6:CTWn1++PJHJXA/OsIZfzc3/QbUW
Score
9/10
Malware Config
Signatures
-
Renames multiple (5191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
resource yara_rule behavioral2/memory/4572-0-0x0000000000400000-0x000000000040A000-memory.dmp UPX behavioral2/files/0x0008000000023285-2.dat UPX behavioral2/files/0x000800000002295a-6.dat UPX behavioral2/memory/4572-1208-0x0000000000400000-0x000000000040A000-memory.dmp UPX -
resource yara_rule behavioral2/memory/4572-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral2/files/0x0008000000023285-2.dat upx behavioral2/files/0x000800000002295a-6.dat upx behavioral2/memory/4572-1208-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp 8e15967e6a6188319f4fd837115a8e1b1609f2b48e410ad039df9cb02dbfcc07.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41KB
MD587fa7aa78db0fd21b50126da6eb7444e
SHA159c555c912b6cbd08ab151070fd016c3fa065dd2
SHA2564f10a03b54189bb32567f1cef9302622400d64c515d0b0b5f197c9b5f66d4846
SHA512d97e4b2a7e21303fbdbe87753db82eb170bd0f0162945a5e511e746627c793a99430b9f8854d80c7de54fcc867d0776fa2b28a4853fc3a16af6195a05139b357
-
Filesize
139KB
MD55fe3d8caa14d258a636fd57c91c81613
SHA144420398f53275efd2da3177d2e18500d6e2d7f6
SHA256c80af00df056cdc716e1e7cc4386326cbb185258118fa6c413805a4a524cbd35
SHA5122a40b87d9f49cce96663197f676254e6daa078c554d8b64f8c0b5a40867e7f8d0a74f8abb269b1bfa5be68606c5414f3768a40da50b6627155d55e3a634e8138