Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:18
Static task
static1
Behavioral task
behavioral1
Sample
b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
Resource
win10v2004-20241007-en
General
-
Target
b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
-
Size
59KB
-
MD5
0180e5341d547a9f8c44e0ee1e1ef960
-
SHA1
f7263447cb893b7c67605e932a9a3d879f56ba55
-
SHA256
b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55b
-
SHA512
e5148c5b90975d2908a074c4094761f9097e341afbfe3078c6b7e23db65e4b1f9c8f9f9da63fc6bb9c9c4a19589320291d7677980652e4ae7b9e9ed2c345fa07
-
SSDEEP
768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/3sY1YxwDwI1Q1P:W7ZppApyVyjVy7UO2P
Malware Config
Signatures
-
Renames multiple (3858) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\micaut.dll.mui.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\WaitGroup.lnk.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5ffb1dde1767d815194babee88d89bf8f
SHA18032d5f29518511f831e99880755855fa8470d33
SHA2562813d37d7b12607c905d41f3bda49809e21876fdd44772fc3616052d660f807f
SHA5127bfe891a760f4e92e9a6cc138ca8fb8c71a971517b36aa50ba3589d6a9e4fa5a613f719ca2a4ff7831925c8d8b239b1991495c27a0d8bd7c66a9149a235a90a1
-
Filesize
68KB
MD5a93b040273437a66275af46b50b24862
SHA17c2fcd971193bb7f96fb3fa643ebe8d67387250c
SHA25616d6adceb01cc21bb5139076123cf3500cda6482d5329fe30e76a59ddd335f84
SHA512feb02fc2876b5a975ecf12fbaa88fcf0fa91ba001e62002523363b718de8bb9b066a4cc19390ce8949fd7442495cbdf72e327e38a1c4923b4f3482c82be3c61e