Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/08/2024, 00:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe
-
Size
195KB
-
MD5
ddc7c7b6cf88fdf9727e29bef841e694
-
SHA1
2936b6d8643df8eee5b7dfd7798114f2b144d4f0
-
SHA256
8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade
-
SHA512
f63f92e487f25e6483a0e76f6842a5a2286ff05f15cbd2bad573524ae7bd99a3e212ef15b0854fd0e8a862719fdedab0d4f0bd3bf206c518d11885451316f0d7
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkf:RqKB+tOkWKR0iJ0lTzkf
Score
9/10
Malware Config
Signatures
-
Renames multiple (4711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe"C:\Users\Admin\AppData\Local\Temp\8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD5ef4ada6fd40437ccaea964f2da54ae9c
SHA1fac561ed10565cd66438df5225bb93398f3f9a43
SHA256511b03276b5e22fd59750313b545a5eb3f30c29266c6712ee662b35a5966b387
SHA5123c6f5f653fa0c14cad0ff246c4dd35649eea2c3bcef4fd3b4a26be9df72363bacc16b2edd2bb5d71eaf8076df48a2dc975e9a47fa13f8f868190b5a592bda58e
-
Filesize
294KB
MD5635bf131d3b59545c967e9345d126cff
SHA10657367352b0b3f7d58226ee485663ba9195daa5
SHA256682d6df46b17d471d8803a0aa302264b7bb8cd26ef1edaf227b09b3d01b96c14
SHA512336cc6c7e36a95611358bd8e325b7a8f53ec01bf37da7d4a649ea1b787fc2eb90533733daa27abc27e38b5687d222f74d69985f8c261194959ac9d3bab429777