Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 12:23
Behavioral task
behavioral1
Sample
Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe
Resource
win10v2004-20240802-en
General
-
Target
Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe
-
Size
33KB
-
MD5
cc7b4696b7ef0df8aa053d4a2b63c496
-
SHA1
1bc0243d6e758bf3fd693e78ede503952920897d
-
SHA256
e366dbe0897b08d051991e34f934c977286de901a02d2b5d101c0f95d91f83bc
-
SHA512
66440ec1432756d7b5bac62384ba8f6ee428b54164d3916d89b5ae1e8d60f86b164f64b54dea15a40dbd0165851a5009b1616829215e68362f7d840d97f04b27
-
SSDEEP
768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9pQ9HsQ9H89f:CTW7JJ7Tbgsg0
Malware Config
Signatures
-
Renames multiple (4675) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/3192-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral2/files/0x0008000000023497-2.dat upx behavioral2/files/0x0014000000022936-6.dat upx behavioral2/memory/3192-760-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\kn.pak.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe"C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD51fe9ecedb194c4be7441269b29f47555
SHA12bda7375ddf430d219355cf147acf94d7d854012
SHA256ea949aec956c26fe1e5a429e7c149c4219c3aec1001f554abf408dc8cc2ef882
SHA512d2971b2e61750b491065aa54a2881ae56a7fbf405ee73a1e6dc249fa812ee32cf9befa315d7ca2bb01100d27f662a43a0ada1c9da06a4a73f7c3783b5d835191
-
Filesize
132KB
MD5c09ad3cca4f982a6f1ad927000826e62
SHA16b372bb79ac3d1d7056c11f007455af3a10de656
SHA2567d0dfa54eb1561690aa0b9ed5152655d2f54da42ded238333009edf517a6d817
SHA5123a39afdb8d8905543f3053562d7001d87b7e19c1c75843fa3f1e0002b3f119f94f544c47eb1ab12c3a2368c4a2bc2eeabf18a1863355f02a2db08ebde80adce5