Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 02:43
Behavioral task
behavioral1
Sample
a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe
Resource
win10v2004-20241007-en
General
-
Target
a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe
-
Size
43KB
-
MD5
efe08a229e3ac609c9b77f72bd70e2f4
-
SHA1
ed5dafd0b387abcf93f2ef5a7737bb5992a18104
-
SHA256
a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425
-
SHA512
62b8c770815b041d95183304d1e8d678133a9c16f41fa811cd9c53a71f68b2ba32f47018cecba8e488fbc34af7bf7a1d58777f76e7048cf4c52f11765c259935
-
SSDEEP
768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PpEI:CTW7JJZENTBHfiPpEI
Malware Config
Signatures
-
Renames multiple (3756) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2824-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x0007000000012117-2.dat upx behavioral1/files/0x0002000000010664-6.dat upx behavioral1/memory/2824-64-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\7-Zip\Lang\ug.txt.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\Welcome.html.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\7-Zip\Lang\ba.txt.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\lib\classlist.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\7-Zip\Lang\ko.txt.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5885cafc4eac61f1c205b172baa8212af
SHA17e908db26c1feb63ae12de73c7c14bf5d62850b0
SHA256072bed5128dca732e363c7fc33490c0b156e0032c229691148a2b97dcab8980c
SHA512c8910df90cfa079ca7e5f4acd498f4988194d1a042791e5700d21f33a58214abe66c50917536fcc7e19eca731f0bba34541d247fd83094c48df67598dbbb2680
-
Filesize
52KB
MD5eec4d975a96e1b4a9224780fb47722c9
SHA15c2bfc3182164ed208b9b89034bc2fe4a40c0a96
SHA2560a1bd1af77754b9ef3a20d3a5198e7d7a05dfe2d2285aae08a5a3504fcce6b86
SHA51263d7ac54cd7c028f7c435d302fa95f74d2af026214401f1f271021256f8996f6eb5bdc07129ec6cd6cd74ee3c008fa93711ad09bee632dfe9ae6f262b0547262