Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 03:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2025c3e03a29cb23b61b58792c95dfb0N.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
2025c3e03a29cb23b61b58792c95dfb0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
2025c3e03a29cb23b61b58792c95dfb0N.exe
-
Size
44KB
-
MD5
2025c3e03a29cb23b61b58792c95dfb0
-
SHA1
24d7e83d36f5bfd915baec364f62a0142d36da27
-
SHA256
e15e7fc70a4e57b6e95cce5ae6495a9d9cc08da28509966077d59688f9b03515
-
SHA512
ff94d2a9d34c99af8fb8592e4e7d9de12c38e67b99d12ba7427ba404b8da54a8d2488027725094b16fa46b8e84d5b31a0f3c03a9a22616f8d8970fb65903d229
-
SSDEEP
768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5n4fZ9Z34fZ9Z0:W7ZhA7pApM21LOA1LOrtkpt60
Score
9/10
Malware Config
Signatures
-
Renames multiple (4642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\7-Zip\Lang\cy.txt.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\7-Zip\Lang\ar.txt.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp 2025c3e03a29cb23b61b58792c95dfb0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025c3e03a29cb23b61b58792c95dfb0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD537bab797101bd9cfc173ddb83cdae795
SHA12df160369b3031cb559f99d9f2dbdef150019be9
SHA25629e26b4d0a7fa1fabc494747ac92c707995fd639d6c84d7364c1ecccaf61ac98
SHA5121cdfba7e0fe7ad5744c9e6a112eefd0621953ad898ebcbfc6cbf723d3099facabe0fa3547f161b725e6c66215bd1dd74d732013adf4757326e2d9334f0545fd1
-
Filesize
143KB
MD5e697c43c9c11c6caf98ab20c2feb1e94
SHA1d5ad149f655f0f76b8d3932d07503d2d572bdb57
SHA256d099451b5e89ec0fa16cadbb809bae21314f31926e18d0186b2c02fd7e0df7e7
SHA512371a157ed169be9cdab0fbccc66897879b01f749fc6b9c056728f2a153261cde89ebb68dee1b6594e5990709261275be12ee5d55009984cd0df766e4d9b55e56