Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/09/2024, 08:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
49a0997378bbc56ad07ddd97b0348850N.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
49a0997378bbc56ad07ddd97b0348850N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
49a0997378bbc56ad07ddd97b0348850N.exe
-
Size
100KB
-
MD5
49a0997378bbc56ad07ddd97b0348850
-
SHA1
6885421e0b4358c6c13b8f0fd2adad83a255a889
-
SHA256
cd0677f3bd29ea5b98547606cb963819ecb335bf5f9535e9381971125aac219a
-
SHA512
e2af72b7959870863de98db449edcef6c5e6175274049657312eecc3916ff696224451a5993dac915aacaf6d27d9695cb15fdc7a05191d8150815b457c4a8e59
-
SSDEEP
1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3MLY:6DWpwE7oL2e+efZwZ08i8z3MLY
Score
9/10
Malware Config
Signatures
-
Renames multiple (4513) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\DebugExpand.php.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp 49a0997378bbc56ad07ddd97b0348850N.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 49a0997378bbc56ad07ddd97b0348850N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 49a0997378bbc56ad07ddd97b0348850N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5276af32f84ae7ea94464cc3b8edce725
SHA19acae47f713db8c2ba428329e3ef20b4b0c66f97
SHA256ed1bdf046b6e535bef956bb1dbb3f6390d070cdeab1b38f52200f7c28b531806
SHA512c749de3ee4952c1c94b4a5cf04cdaf66aae8883e9cd006bb25d434fb237baa9435a55c2cd06390ef883fff07ae46344d57fdf324b6c05ec2074b4aaeb99e4875
-
Filesize
199KB
MD5e6348a5e0e64456dc87c2325228b60bf
SHA10dd770706044ed8ef7113fded8db0410d1d564ef
SHA256990311518e1ce6f437ec70a6826e97d3f218e7fb4e5819e5f194228d1f11774d
SHA512b0203e1200481d28e281fbd301ee37f2d546203bc68f7056eb2457b578d3b204c3be38a5638e9ddb837567ec7a02d0af394173dbb4cd7e0da55488cd1c3482d1