Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 04:42
Behavioral task
behavioral1
Sample
c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe
Resource
win10v2004-20241007-en
General
-
Target
c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe
-
Size
48KB
-
MD5
5001bd78bf98c2dfb6fb883d168076a6
-
SHA1
95f54540ce8e1d13d87f7be404aa39808bd8077f
-
SHA256
c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9
-
SHA512
71e9068ce467be146aaf4708f495fa3eaf3373ee69a9d13081893f1c3af8ce64c23ebd32d9745bbef8dcc797293d478fe521b00b1ba99e9f5563b3988c26a29b
-
SSDEEP
768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9xj+N1J3DCl4N1J3DClal3l7lcl7lD:CTW7JJ7T/jQlilJ
Malware Config
Signatures
-
Renames multiple (1041) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2820-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000c000000012262-2.dat upx behavioral1/files/0x0002000000010420-6.dat upx behavioral1/memory/2820-19-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\cy.txt.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\7-Zip\History.txt.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\7-Zip\Lang\sv.txt.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\7-Zip\Lang\gl.txt.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe"C:\Users\Admin\AppData\Local\Temp\c51b909fa98e216faed878480a96c0f7da4e54a6c76a460076178a5cb9fe4ec9.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5275298eb865d313be2eb7e308a26731f
SHA19d824f77fe97cae1820856473e85a9709f9cbff9
SHA256432b87ee873cb72aba64795b1aace57e35ec95e91e34273f6d6ff3195c437086
SHA5125576e0d4634a12f658e895329106af72d215cc7ddeedbf057bb94c36a0695eabb34a8fc42c2c5ae7d7944458001d42c1a7091ce8ed19a0b4a178c262c779e0f8
-
Filesize
57KB
MD53f128fa9979cae7f7ba4c15a4af40802
SHA1432308c6f2cd4d6c4be186b954a3fb0ad3b5f8da
SHA2568882f310e6bb2c98912b665b53e5bbfd4afdedabe29b735a5e01c47a7ecef468
SHA512b31470439c2bdeef5f48c2948c57cf84f0411364265d9a27515cfbc63df3b98f1ea505c910f00e7cea99a330a117fb820496f53593f799a0ebb0c091fdf575af