Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
116s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:20
Behavioral task
behavioral1
Sample
c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe
Resource
win10v2004-20241007-en
General
-
Target
c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe
-
Size
90KB
-
MD5
b3bd09a6d1604ab8188a044862a30410
-
SHA1
902ebce82db8754e106b5e015524356f13d1d7a4
-
SHA256
c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4
-
SHA512
adb5df5a2f4e70b3cdd272c313a67ecedceaf231f03fd16ca82e63a24796357e63f2f3eb536a3b9f41f20f80c5445f61535655dfa514a2b602158cb726980ee5
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5J:fnyiQSox5J
Malware Config
Signatures
-
Renames multiple (256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/3040-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000d0000000133b8-2.dat upx behavioral1/files/0x0002000000010420-6.dat upx behavioral1/memory/3040-26-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\ExitRestore.dxf.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\7-Zip\Lang\hy.txt.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe"C:\Users\Admin\AppData\Local\Temp\c6805c3e6b9f3aefcba0b960d888bb8b2e7e9ffc3d20458890ec138be1e51eb4N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5dd46d51aa122dde79c682b19218e5323
SHA17d0b7b71a41d1f3184e371d4f7c670518ad66c94
SHA256d0949556b7a052d82312b74cefd73eaf778552f93d57073e38ebea2bbb29e2f8
SHA512cf09f336d6f9842f5473b51a5ceed45bfed3b7d7b89e3d6ae445323e38c7439e6dc8c77fe96a8a252f80354fe788679f0f20179781dfb05106bc0e2815d65c85
-
Filesize
99KB
MD52f86ebc5296e305d924c98997dd2eb14
SHA113e436861b87c16cd0dfea92e117863349571c52
SHA256b13a99f2dcebb40610c0bd7ecd4fb1743bc6b24dbaaf12aaa2587b9d6389471d
SHA5126e45fde8ce80825c57982e3435fa64c19712d0be77d40279639ed905d8a75d240ab407e94b4cc3df5ff03967ab8e0b89ac82d1190a096a26e0de025d53a8a527