Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 09:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
-
Size
74KB
-
MD5
f2d9aebed83bb48b457b216bf87ed320
-
SHA1
afcdf5e9004656eed98d9e4cbab51e56ae162074
-
SHA256
904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1
-
SHA512
c7eccc7dda136d7801978509ca2f2197e800f058a1522443f31dbbe8b6d0cc0ad4f7575c0efbb27d7abc53afefc8dc5a0d36d6d321e1649adf31d7ce371ef635
-
SSDEEP
1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxrLX6l:6pWpBwchcV2WxrLA
Score
9/10
Malware Config
Signatures
-
Renames multiple (4660) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe"C:\Users\Admin\AppData\Local\Temp\904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD53e0a524f5cd600a1e3ab8d9d5da598cc
SHA1a7fe3e47f499c1cb7a939d4e9bacde6853062698
SHA2569e03c3e944d31d7808a4294eb4d7e8ee228de29047bd0cbf5ff9c775a69180c4
SHA51268721c862707df664cbb01741dfa47e89d1fd7eff3c1033d724fb93d75c5c913c6f134766c84fba28c74306b952696ed1e241739f6e61b3bdde741cd07dd4544
-
Filesize
173KB
MD5122b9cfc3547ec1d8706a5d1fa668f32
SHA1f0fe7d377ecd4fabf86f3965fb17ccc9a0e9472e
SHA25607668f2e82fc16bf8d06bd0767a3ab9376426881949cf68411000a08d30d0066
SHA512c7ef7731e2372d197a0f0945872c07e9c2ab6f4a20c834af6e3dfbd75d1f64abc21e766a0f1291eb770d206af0499b172699d4c72f17d42766783dee39e78bd3