Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:23
Behavioral task
behavioral1
Sample
07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe
Resource
win10v2004-20241007-en
General
-
Target
07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe
-
Size
40KB
-
MD5
ee1257b67d36a774e718697014c7c730
-
SHA1
c0743dc8e067afd019095c31bb4250682b2c420a
-
SHA256
07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2
-
SHA512
28e527eec81c774f488bd4cc5510c07a1be70045c70085577083ac72114ca94f1f679032db62bf3fed93f69c281c9fede966d02c40745168492f048273667a50
-
SSDEEP
768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeKiwle:CTWciVRRNRR/
Malware Config
Signatures
-
Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2668-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x0007000000012118-2.dat upx behavioral1/files/0x000200000001067f-6.dat upx behavioral1/memory/2668-74-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\SwitchCopy.m3u.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\UnlockExport.mpp.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Mozilla Firefox\precomplete.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\UndoDisconnect.mpg.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41KB
MD5d74a9210c306ae32c419f51f34021a62
SHA168cac1f1278eed0dd2d7fb4bef25ffc4ebe84b08
SHA2560bfdd3ed56d9011549bffe711535fe6068f1ce1db59e314365448404038c0594
SHA5125369ba8622addffacf00b6dcce5964fb3f7f4173e3a18d159b98445cb7609486107aa163b555c2212090ce0edeb95657e3bf36f121350a9dcc7f85d90044ec50
-
Filesize
50KB
MD550bd1e34d20cd19fe940a40c866dd4d4
SHA1e0c5c821144cb68b79b5c1467b50396e30fa2601
SHA256ceaeeff9f61aedea71e58a389a92c896a57bbcb6a3610dc704565e07aef2fe8e
SHA512c7055e04daaa02988f2f2ccbb52d4c64f5c894c12efd85f1f9f38aa94489f3152216e40801062edae246c1263a4330891aca795b8672a70db39ecbbcda4ac60f