Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 01:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe
-
Size
69KB
-
MD5
a26c70bc2c4478f74e2be50f5be4c182
-
SHA1
9b889272dac81093fa29762ecc4c4a24faf3783d
-
SHA256
9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0
-
SHA512
beba857b473355b910b258e3b5181ff43ac403536126f3450ca70752c2718885a23c57a06b640128101fbd653402afd126e47cccb935e802d3700cff7612a413
-
SSDEEP
1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOMETHeR:6e7WpXYvnK
Score
9/10
Malware Config
Signatures
-
Renames multiple (5022) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\7-Zip\7-zip.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp 9eb3fa5e018d4f191d2edaa05c6afe841e115c8bbfa423e0722f4ee07bcfebc0.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD5398b539a46ac382c4c1a489d5a4dc856
SHA10e33b9b59cbe2a2378a2220dcccce3464ecec05c
SHA256d406ebd594b0667f86a0a83c391c5c9570352aec82dd251096330deb6e43ee00
SHA5129761280eed2ef0e0d2138314664243bd618cc3d73467185c8715d9af27e3239bfeb7bcb050318b2a9895b8a339bcf9bb0f86e48eef8fc3bdc2ba4584d875d984
-
Filesize
168KB
MD5b72c3e9ab943def32a98fafd938c86c6
SHA1f8da7525bd01e191747e93acd9e7552cbaeff06e
SHA256b25aa114586e8a963677ea1fb71794f5b84bed8e6af860fc1f636366e148913e
SHA51205b951092cbb22fd3473854ca3be88bf916eee3a1835d305094e970e277598f69b051be8d97c7236d71eaf29fa44a45b816e69ddbe47df497d23488e6104c8ff