Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 20:47
Behavioral task
behavioral1
Sample
04531f8aa932d74b036eb5a8ba1c2240N.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
04531f8aa932d74b036eb5a8ba1c2240N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
04531f8aa932d74b036eb5a8ba1c2240N.exe
-
Size
47KB
-
MD5
04531f8aa932d74b036eb5a8ba1c2240
-
SHA1
15e26a797813eda44de8e6cba01b3ce856daf935
-
SHA256
445db8da09e7ca87ac6676e74df0607bf82f6d5decedb0b92e1205a5d4282888
-
SHA512
549b39e862418f4d0c4f688a1973a0c551a5bc2941323ac8fa3ebac0faee8984e097c472ae2fca4b9fb12397e9bb92a8df3d0e347f6aca8d0fb0c01a6adf1f30
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9NoN+OiJGfOiJfoN+OiJ5:V7Zf/FAxTWoJJ7TSbKby
Score
9/10
Malware Config
Signatures
-
Renames multiple (5204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/4720-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x00090000000233ed-2.dat upx behavioral2/files/0x000a000000023438-6.dat upx behavioral2/memory/4720-904-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Crashpad\metadata.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MISTRAL.TTF.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp 04531f8aa932d74b036eb5a8ba1c2240N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04531f8aa932d74b036eb5a8ba1c2240N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5284259e153e09553eaf2cab0444e9729
SHA1112ebf353abdb029f03cd76c576d88e9f969982c
SHA256520a86acbcba4b4fd79ec6771d624e3b05779cfa6a9cd3b0d0bbaccc8caaa65e
SHA512177247bc2a591453667742d589d7afeebeeaf6488393ca97acb6315368f992930b9f21547a1c163309ff3b587e2c7730c00f7cd9efee53d1d30b73926fd7482e
-
Filesize
146KB
MD5af6825a0d541c1648a67750ef3ca045a
SHA1f93cc58458da71d45b29cba57d4eeecb7328ec50
SHA256b0aaee983f48183d40aec90cdf7e21cda9acae3063e140fafd7715aaba93eb56
SHA5124011d169fe59cb81241054e95f6ef3fa48e55a5f9d4bbe7135a1f402711721d6f6c5339ad561dc6b5d119c37ae1496c57b3fc968bf9cc55c10088e7fc935159e