Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/09/2024, 04:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0cfaf9685f530f9b8882c4159275bb10N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
0cfaf9685f530f9b8882c4159275bb10N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
0cfaf9685f530f9b8882c4159275bb10N.exe
-
Size
194KB
-
MD5
0cfaf9685f530f9b8882c4159275bb10
-
SHA1
8ce3ff45b6a7ee4176815221b23cbf63c1ced6c1
-
SHA256
e7a2c67402720ea8874568a98e13d1b286139f4a1bdd7f9ea7c6d89f25f5cfe2
-
SHA512
65cad80357b50811569daab6261aed49788ce1e9085a4c0ea3f53633b6902a59792ee091c83ff149fea7599910d66f52b864f464a0ee71e1070d05185da16a37
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkz:RqKB+tOkWKR0iJ0lTzkz
Score
9/10
Malware Config
Signatures
-
Renames multiple (4182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp 0cfaf9685f530f9b8882c4159275bb10N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0cfaf9685f530f9b8882c4159275bb10N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD58465432f3f68e4b72d9b2d58b837e937
SHA160a976a748c9b213e2394c7377f45bf73a5046b0
SHA256efa477f8f1d07b2df0ba65c5d615854faeae17584939e90ca02b7f11b9517a39
SHA512fe6f0473cdcf8b6630c3522c4038d374cfae9991808944d569ca0db48affefd623edd1c5a86e014e0a8e8ffc1e3e2a22e50efbb9df915cc1fc953714614a9a96
-
Filesize
294KB
MD54e6d1c3dfde732b9201cc558f40a4ec8
SHA158862e11f24ac61ad4d93d89f3afb6a7004a1890
SHA256d2988e51633a5609713b9dbf42e674b164ecbff8bc24bf6252bfcf7fa8a36d62
SHA5122513e7db57771e424f8bce77cddcf35fb8db06b030cf0ef782786827660140b3482f51e41a223a3c16f6dc57c9e9eb8eaa00a696ad5a3b41bd7283c610f40125