Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 03:58
Behavioral task
behavioral1
Sample
e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe
Resource
win10v2004-20241007-en
General
-
Target
e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe
-
Size
61KB
-
MD5
7f24edd76b2b27d42a6271c64f5ae340
-
SHA1
39c2b65c03bc0b63bbe4970921b1f559bd1ec387
-
SHA256
e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865
-
SHA512
5bd4da7fb0636619f1a2127e6c6ff34cc59c8df6d1a0612e82a4085318be34cae228f0fd5802524d1fcf4202e070f4730234be38048bd11b53821590e07b2783
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti0oj1O4iB:V7Zf/FAxTWoJJ7TTQoQ/IV
Malware Config
Signatures
-
Renames multiple (332) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x00070000000120fc-2.dat upx behavioral1/files/0x0002000000010420-6.dat upx behavioral1/memory/1656-26-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\nb.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\bod_r.TTF.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Pipeline.dll.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\Lang\hr.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\Lang\ps.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\Lang\fa.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\Lang\ug.txt.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe File created C:\Program Files\7-Zip\7-zip32.dll.tmp e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5d120607bbf5974bd57e29be3d19e841a
SHA1ff03be836f8633c7b2bb5e894d967771359b5d4e
SHA2563ffed25c2eb6e190f66e973f55d707912bda32347184b8cfa83519b82634d891
SHA512fb365ee9742442e930feeab955faba7c031ee685229134c2dfe0c84e2dba4157b2a17f511bf3e33655c08e5871eb4ea7314e03cc52b80756eab94abdde396187
-
Filesize
70KB
MD5db1656517577ba050d536a0ca927a502
SHA1487af2cc1a31193fde135ef9e15d150e95351b8b
SHA25616351cbf92a1dd679d4feb360a4ba2e3acf239844bb70779aca72e2c2aaaff5f
SHA51212396ad770afa49fab85cc3955ca6e01b585b62c0c09e12b1211d0fa4f621f6891a694f0c94c95107aef586d022c96ea5482ba74412120b7bf74b717dbce2ead