Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:05
Behavioral task
behavioral1
Sample
bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
Resource
win10v2004-20241007-en
General
-
Target
bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
-
Size
126KB
-
MD5
fdf26c7c5a4dab29fde9a471e90a8895
-
SHA1
b3b87a01e165b220d05949a6afe7e4a94ed4e292
-
SHA256
bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38
-
SHA512
33c579045180aedc0819ad7ec62352107cd69339d35d6163b95261acb55b6eb123acc009ba8c9e4ebfcd4f2eab8519f80ed91858ca4b7aff1e3ce269e965fc56
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PVMN1M:V7Zf/FAxTWoJJZENTBHfiPCNc8uO6z9
Malware Config
Signatures
-
Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/3068-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000b000000012270-2.dat upx behavioral1/files/0x0002000000010617-6.dat upx behavioral1/memory/3068-72-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\7-Zip\Lang\ext.txt.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\README.txt.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe"C:\Users\Admin\AppData\Local\Temp\bae998494715310d62a5c9b61368df45cf9fa3dc3cfff5b58c3e37af16133c38.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126KB
MD527ecaa1470f0c360be6863b87db3adf5
SHA1eed3a396dcb0a47a7c333f30ec01a55c9f1f3498
SHA2565d6a9ce1bc468abe3b6454978914bf48bb479c08955bfed2a166b595bda9bf66
SHA51288a01dcd00134a98724d6a619e63ab1d7fca89ffbd7546c2f28524f4eca810f450a85b12f1715bf33330a9c629a854dc3e5cb21990d35a812ea6828f96ef81bf
-
Filesize
135KB
MD5eefc3af04ed43890e523d9f6fb845456
SHA17407ade86c282df60545bba084fab93d148c0ac8
SHA2568a0857dfa55966e8657736c10e646e7811dd1fd79550ed6fe7779e6a273d78d6
SHA51207dfefd30286bb647ed1be0a9059e4a745ccb533f3ea5c8861e634983f1d9d8be081d4c920afbbec662cae14712e239e567abba354dfed1bfadf45e337826b7a