Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 00:11
Behavioral task
behavioral1
Sample
8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
-
Size
48KB
-
MD5
1f7d21ff139fee73673b31841d9da526
-
SHA1
ab8e61d517092e7c755ab9c3830b273a4b9cb633
-
SHA256
8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d
-
SHA512
7be2d007521e7f9adb1ddfeee80d0f0e3cb37d1e6a63507704df2d2c57151f375b6062b923c5abed7b324ddf0720bd78a599804d8c0de793673f4c49caf864ef
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rk:V7Zf/FAxTWYXgXO
Score
9/10
Malware Config
Signatures
-
Renames multiple (4826) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/3468-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000a0000000230ed-2.dat upx behavioral2/files/0x001400000002298f-6.dat upx behavioral2/memory/3468-1738-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\7-Zip\Lang\th.txt.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\7-Zip\Lang\it.txt.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp 8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5c3bc577498203ce78bbf4b990f3a5f46
SHA1a8fd1f9e1f33e1b91e13d0abeb4c75fc0aad68ea
SHA25676775b41b10dfd82735a1bed0d5f6685855985bdcd208cefe2789240278abfdd
SHA512a2b6f74f5ad9ef8237f9964da90116d0e531c3f9f959dbaac03bb19f5947c88f4b9442eba9107e8a13baad585c6814c07031adba6dcac6338afd462f534ef21e
-
Filesize
147KB
MD5445e3a824e3300ff92d92891f95dd68a
SHA12855c4ea9f7f1e1934c2e7c4015da6c72408c4fe
SHA25648af3848cb15e9012c97acd4546d1828c63d3af0fd7a52007fac8781765d69dc
SHA512ec64efa2a35bb22b1a5bd9ca46d08f621b5face8abac04caf9b7badd343b7197abb543264bce626085b55a234e67647b7dfdad3e24025bcc31df3a45621c6c23