Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 03:24
Static task
static1
Behavioral task
behavioral1
Sample
6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
Resource
win10v2004-20241007-en
General
-
Target
6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
-
Size
57KB
-
MD5
55344a6d20e08105313c046901aab050
-
SHA1
d5b934d00089e98bddac0329b638fd6d5e97138d
-
SHA256
6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0
-
SHA512
c5f41d7aaabed63e333e793c1dbd69559dd4069156b61ee5f01247c89491a6b8a84ba6e3be236afc121b0fe77da7a63e4fd7a66b493f1ec70e96b29e61f98b0b
-
SSDEEP
384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3WSVhYSinVtYSinVL:W7BlphA7pARFbhvOsTKnKqtdYSiHYSiV
Malware Config
Signatures
-
Renames multiple (3215) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\CheckpointMount.xhtml.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Internet Explorer\IEShims.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\UndoComplete.sys.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5dbfe0f2b15b6f26f24b646bbba4ff20c
SHA18c1d5b6fd4b961cfcfc1d1cb432a1714f38e0c5d
SHA256d36091382af7c3ef6e2855ad4fc79319fa0fd2f5011642623c07ae87cd28339d
SHA512343d463e7d9b2300c0e2b36d5d3665bc6fd20914e37771bbb8b2833caf33edd527d6a82d8bb5a29ad92995ec5b790dada2146d2e775da5edf6dad02645922541
-
Filesize
66KB
MD56f67bf3562569ec9afdaabc60610d798
SHA1c24a9c9336f9c4fd01a9f359bf39a01a3dc9ce40
SHA256a05aa3bc7bbf4ca97e9f8e86893eca848d99578bb9d2429eec9798521b1d1f70
SHA5122bbdae224448f0fa170c82498bbe8e84d8cf5c4b727fcc7d06d1fec799379d7894ab4cfef671629419d3452aeefc7d2d10cfa8af17d8cf8dc091df328dfdbbab