Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
28/07/2024, 01:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
-
Size
52KB
-
MD5
30c6ed25a6f92aecd6dc2bac0c8bc4d0
-
SHA1
2eac7f5d2afd04298e2daa95d97aa7b97e041ac6
-
SHA256
5cfb439b8041a4e2df9c4fd667246a0a74f54d5efc925064f09c16c335888685
-
SHA512
8a0c560e19573c6e51b40b0408a6eab241bc2e7a499eac18b9593b2bea05eb3f0ab521caebe7d1f202c3b128cd0e526aed30a87a6fa25316c8a3fb72912aac9a
-
SSDEEP
384:GBt7Br5xjL9A7AgA71FbhvcOa5elAa5eluC5c5pYKYm:W7BlphA7pARFbh8QbC5c5p5j
Score
9/10
Malware Config
Signatures
-
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\7-Zip\Lang\bg.txt.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome.dll.sig.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\optimization_guide_internal.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoCanary.png.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\Internet Explorer\iexplore.exe.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5c673e8baf4cdf678e2409164c4245dd2
SHA19e705ddf7a3f24a4fc43c5001aaee9d5dd1db4b4
SHA256a50163dc8b9540fe7ca586ece19306b1d4272ceb6fac86b2c6db717319006adc
SHA512c3dffbcce549777ca314c471e304efadbd3487c65d2f5555551e442a948138b72c95686361b1e47f93d5a64010dc373608aa3032c5a584b7c2dd8eee83558012
-
Filesize
151KB
MD5451df9a88f3d232b8e0432c7a8f8aea3
SHA1adbf712b38f3a812196bf3224982dadb40da4b07
SHA256e2228a917d6e4b567b62ac57757db88ecca814fd5dd2deb9ae28204e8c5b59c9
SHA5123aff790a03e30f6af17ed94c45b8a47e948994ac866b7988b4dda296a2ec4c1afb730655a37e8148c7806b35e512d0798a3402b4189829da6c67248661f8586b