Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 09:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a3d7cee7f8723c4861d4e86242569c80N.exe
Resource
win7-20240729-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
a3d7cee7f8723c4861d4e86242569c80N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
a3d7cee7f8723c4861d4e86242569c80N.exe
-
Size
39KB
-
MD5
a3d7cee7f8723c4861d4e86242569c80
-
SHA1
acd49647fff37ed77c459b632dddc2ac1b9de523
-
SHA256
3c4d794ddb5a643f68d56b339480048a9d3c4d517797f25a6a3fcf949f6d1609
-
SHA512
883d24a4c0fdb916af66064012b9709f6876ec0a90782b995e114f8a7d66994ccd07f71164bd2cc3491d9c8d615ad46dd0db2254df763de222b0b28c10b24788
-
SSDEEP
768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k8Do72OiUJfo72OiUJt:W7ZppApkGpJwoB
Score
9/10
Malware Config
Signatures
-
Renames multiple (4656) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\kn.pak.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp a3d7cee7f8723c4861d4e86242569c80N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp a3d7cee7f8723c4861d4e86242569c80N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a3d7cee7f8723c4861d4e86242569c80N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD57858cd43ed3975affc25f23b69c7ee7f
SHA1e081854ca652a798b8eaea07382cb0f5918b903d
SHA256f235fcb685e34db6c12a00e939deb3196c11fa8bfdb70cd692cc5e1ae492e552
SHA512e754c2ec8199345548919c11447e0bed43a3f6ad8204bbfa58246896449d42e58b3f3840d50d58af39416b0f61c37176ed2c4009a949414cd51b29974402e89d
-
Filesize
138KB
MD5de74e28ca2504ae00e32564017325c8a
SHA14e6925d5c66aeb1125527e3ece2345292f961f20
SHA256bb723f97818e4020ba7ef4a94fdaf9a8d33c87a160c4c71a868369a7263f9c0d
SHA51208f93faa4656adac2414fd2b52940beef407f73ca96c8783c390e3326a74e824e3ce0e54c6f65346087dec980e18b4f7c59cec4db69b0d2bf0d28d74b81bb1ae