Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 21:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe
-
Size
66KB
-
MD5
8feaf9341313bc1808ab32f7e111e910
-
SHA1
3fcb28bc538a3ab1b773285ffbf15efac76561a4
-
SHA256
517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908
-
SHA512
0b8dd3847364812c1951e69e641c42d7aaa6564c6e5ce6afcc4a0112e6abee1aa2ce72dab00ac5195cbc99b71cffefb7b60e7826b365f6786404a73f9827ff2f
-
SSDEEP
768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7u595QUhUB:/7ZQpApHou595QUhUB
Score
9/10
Malware Config
Signatures
-
Renames multiple (4357) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Internet Explorer\images\bing.ico.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\7-Zip\Lang\fur.txt.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe File created C:\Program Files\7-Zip\7z.dll.tmp 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe"C:\Users\Admin\AppData\Local\Temp\517f1b950793a81dfafc8d61107809c4227e9e6fb3e25ccde4925be1ff545908N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD57a0f78e346566d09680aad11ab68e94b
SHA117ffa9a185f66c29d9cff5be4f01844cc5efdd6b
SHA25606f73997f7a6bddbce8b1ff280158e99c578ca27c2aadca028ae1ef482caad59
SHA512e612922c7b44ee97d3145f960abfede90573fda11d93c53d65730d618919ea42acc5f4fea6cd8bc751f68783dab2231485a7177b7e99b9540cd8a3cb1912ef13
-
Filesize
165KB
MD5143ae5fe4700a366e66c6a30007170dc
SHA159ec0cecdf546aa79a2d1c6279882613b2cac235
SHA256dc8a209d580a84883b403e09dff247e8fbff500f65f6d27ecbac57899faa6644
SHA51282cdcb3209a45621a4d381e33a1a432866e77e2fbfb652b2c73eb977067302429f0f8bee8190eae4e1b1de94fc18e3cd7a842063178160f363443211ce7b5a6b