Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe
Resource
win10v2004-20241007-en
General
-
Target
6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe
-
Size
82KB
-
MD5
850663fdc1731e7c026c98b20f36e480
-
SHA1
bd1702bdc2861f268e71048d6782912da883f894
-
SHA256
6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075c
-
SHA512
22a3d4bc4901bc236f2ea36ef3e73781e85c14561b9b5dda858dc1d003c48c69dbb7eb4dd4b8041ec7cf81f6952750b80ccc9f292c0312de05653780ee7c905d
-
SSDEEP
1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGlMr:6e76mQSohsUsUKa
Malware Config
Signatures
-
Renames multiple (3071) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\7-Zip\Lang\br.txt.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\7-Zip\Lang\tg.txt.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5c491caa0504f5b8d171f969ac895ad8e
SHA146bbdf15ebe597618780c726c128d5fc8874d2f7
SHA25618bd98f06f5759993c52494463a5390983030d4e13d59a4de0efa12417e624f5
SHA5128d5aa7173b3a0b4cc0595cd379436b49cbf92f6c71ab0fe121eb5c5b1b889ccddd7ea2ea27857025539ad8dfaa4c26be1a15c86150397e2c7c016ac3e2f19b0b
-
Filesize
91KB
MD53408464349497ac9921ce07c0d58f513
SHA1584c62e11ef68afb57c7b39e41dd030f93e3791a
SHA256bd3273effc295f999ec1fdb0ab3a8b7d6d4fe863961049d7a0f3460ff83d5980
SHA512cc2b54e08debfce8f20c6094983e6cdc8eec84b0b982ea39c034c6572b0008f0415a4b380722d70af15dd1f9f6c0e23d4c2b698f90aaa1409666c1941da2f7ee