Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
70s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 01:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
Resource
win7-20240705-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
-
Size
326KB
-
MD5
2639ec5825ff4ff231b5c50cd50b9514
-
SHA1
9e13e135171f42bd466f26242b320763bbfcfba2
-
SHA256
3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545
-
SHA512
207f3fa4577326df71c21a5b871b2e4778c6486ca4f289495b8b391314b2c9fc507c883615870c3cd8c1fe832918f06e375ce16d04f213048312e7d70a8d5dda
-
SSDEEP
6144:PXqpsIPCYYNUBEP+abW67Dz4HFgnPOAzu0bD7P9YJJE:PqaIPbyUBWa5CPO0bPP9SJE
Score
10/10
Malware Config
Signatures
-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Renames multiple (1232) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\desktop.ini 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\U: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\Z: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\B: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\I: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\M: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\S: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\T: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\X: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\K: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\O: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\R: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\J: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\L: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\N: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\Q: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\V: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\A: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\G: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\H: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\W: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\Y: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\E: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened (read-only) \??\P: 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Lang\ast.txt 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoCanary.png 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\lv.pak 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\InitializeComplete.easmx 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\en-US.pak 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader_icd.json 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\charsets.jar 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD537dd2ce6a9351dc551f1899b45f0d8b0
SHA1d770039f0c92ef1c9ab3a01c62413e54c9494094
SHA2568d81cccdfb6a98908a90d928f102a17d4d05744a7e9d47fdbc7b2860dd5596d5
SHA512ceab602d0b345cf5f27821ec67530926047acea976432deb2b0b381913cb86227dbd7cbf2c5c810cc5eb94d949e0dcf71bec3d3432b74700a7944960b49550d7