Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2024, 03:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
-
Size
51KB
-
MD5
2bc90ee16f31be953f23b1ff26b8345b
-
SHA1
dfd3dcd1c7f9830b251819952bc5d581439a1acf
-
SHA256
ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c
-
SHA512
36fd4ebfdf0d9f7dfdb5e75d44e41f895c75b9115d901de2038b8f835b3b91ceb87ac75766440cd9d26680aa60d58a1d58c9e63f2c4e7431f802bc7363e702f0
-
SSDEEP
768:W7BlpppARFbhbt7Y7wTCg0hcM0hc0C76QC76BwB:W7ZppApN0hcM0hc026Q26BwB
Score
9/10
Malware Config
Signatures
-
Renames multiple (5120) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hu.pak.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe"C:\Users\Admin\AppData\Local\Temp\ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD52c7d4773c2714aa5c506e9b437a76a8b
SHA16c4b10f6b87696c5ff921ea915151ac30bbc7675
SHA2566861a0550a2db2cba689a58e2c43fd783d9aec1167bdc798a434ff14e0199a45
SHA5122d53bef5b5dcbd2a3ef2a9aa5e0cb0eb3f535f6af4edf80a3e56e98e6e60c602cca01dc03c82cc0d967ac6d66621bdca5c3cac67d2d5f53c8c7bb0106d915ce2
-
Filesize
150KB
MD515f4b25e6508e16bab0f899dbca4e72f
SHA189e4c5b249a7b1823a0d471790ea43b9d361fbbd
SHA256baff568c33c26593bcd9ef1af453f8d9d36c7ada09ef87ec0d59239170024116
SHA512b8a94ef16ae5cb973142f254fb0c9fa7552df81423d8bf3e8c0193f26954a10a70553044464543215f919db2491b93d73015aeafde3272f773aa862c3d8242db