Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 19:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
virussign.com_94108bf8801a2e696f0439d188c4d560.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
virussign.com_94108bf8801a2e696f0439d188c4d560.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
virussign.com_94108bf8801a2e696f0439d188c4d560.exe
-
Size
49KB
-
MD5
94108bf8801a2e696f0439d188c4d560
-
SHA1
7c96882806466870a8dae647a146ef0c1c2e27e4
-
SHA256
277ad99ee278732db17f4a79156b8870c29b323b16f7a8b846f9513ae597b170
-
SHA512
b47b2dfedea08cc2bc4d9a5ddfd43d4c01fce07e3e9d27c68022cec6f42a1f38c6d4bac10089474045f0b362c3f3737f3a199da7e689b14ff22924e171cc9094
-
SSDEEP
768:W7BlpNLpARFbhblkYlkuvIYFKKXPXnPoKXPXnPu:W7ZNLpApCZuvIYy
Score
9/10
Malware Config
Signatures
-
Renames multiple (3690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\deploy.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\7-Zip\7z.exe.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp virussign.com_94108bf8801a2e696f0439d188c4d560.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5964ce5c698fa1ea62cd84ddb34fb727b
SHA144e5bdef3d751ed5652756bd53d0778c602f8bf4
SHA2565f78d538ab5e269ad06b1c37a6dec69ebce8dd604f727a3424e27732829eb436
SHA51268fab07eb41341804e4e8a876842fcc1d0b7ee2b58f8dd7b73d7dff43f671d1baff00c3840dce798c08608a858050a219c191fcab556c11c10d1d47d69b6fa77
-
Filesize
58KB
MD53ee68860f5b468f62eda22bd5c87c200
SHA170113c21de4550f2bbb3bc89c131b84a43fe4704
SHA2567af1c2828d430cfde81194c29627a9ed696c53fde0c16266feed601fcc5e85db
SHA512307ae24bd0798589278c7c5cd64a65a4acfe7054d444fb35fbf88a2fd6f4d5cb5619b75a6c17be0c6c8fa4d7d4b9b26742f40483e2d16932554145e305d8f621