Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
20/10/2024, 21:54
Behavioral task
behavioral1
Sample
5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
Resource
win10v2004-20241007-en
General
-
Target
5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
-
Size
48KB
-
MD5
ce612c08fbd73a2297549f2ec1bbb141
-
SHA1
0d7b4d8e1a747ff488f2adb60afcd0291f63a125
-
SHA256
5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8
-
SHA512
4f0bc9621a852427bc5d0eb0d115a7c4271c48266bab98f239bf571d934b458ec9aeb77c4a7594b0646642aed836df2404b9da8f4e6eb33cabf291363054d2f4
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBmX7h0MpX7h0Ms:V7Zf/FAxTWoJJZENTBm9Rp9Rs
Malware Config
Signatures
-
Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2524-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x00090000000120fe-2.dat upx behavioral1/files/0x0005000000010479-6.dat upx behavioral1/memory/2524-68-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Defender\MsMpLics.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\7-Zip\Lang\es.txt.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\7-Zip\Lang\ug.txt.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD57d6976908a9be3135f22246a4185b73d
SHA1b250df9cb651fbe2905d5c61aa21b5de26773a86
SHA256f5c69dd0dd8bc12c29b71a5d3797d09ec7d5ee107972c49151ed4f90277ad5e8
SHA51285f39e1523cdc8bc10268949d26691657a98694219afbd917b600d4e5886b3b7749715c8f642795297cd3562e8a55be1722ada1a1c10e49cefb4d911ac6c472e
-
Filesize
57KB
MD5392d7cb606458a59fedb21284f6a139d
SHA17f9cbc6202e6eb1a5ed6828c9c6849ef32bcca85
SHA256def11a50ca8d397cc48042e7a9eaf7eff5526915e9b250e5f556a91c8e712faa
SHA512f708cd815cec12d781b87eddfe0231a748cef3d0800fe6d9015192f1e439505b93005c9fd2e077ced600bdb0725c54b43ce92567d6d7baa0d2a158e2df6e5c71