Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
21/10/2024, 00:28
Static task
static1
Behavioral task
behavioral1
Sample
845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe
Resource
win10v2004-20241007-en
General
-
Target
845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe
-
Size
94KB
-
MD5
8fe84ecaf9d3d85c493e0a9858a58890
-
SHA1
83d5f11dbc6403d91c8c88bc2668c406a5dab42f
-
SHA256
845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233
-
SHA512
1a68e22a68344d18a4d47731069d43805eb84c81d828cc7bfc64ff7a4d1f0ef78685c6d68da17b62ee4d2c9323a81799f6da4566312e7b6b903106f745416bcd
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh+:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsr
Malware Config
Signatures
-
Renames multiple (3042) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Common Files\Services\verisign.bmp.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\7-Zip\Lang\vi.txt.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5c4a522e0946d75fbe068f495196d9d4f
SHA1a8b8f5a4873368328a9cbe529059951be46aac8c
SHA256c346e0bd31fcb99971a0657985b4b68be5c61b3f7ac762dd107c42b6de89d5a6
SHA512232f2cbd930a2fc40bb21ec37409d68f4fa5ef4fecb0e89a06ef6b7c2f1f22d13a88e4b1e54872229900cc53e10055a37abf994bae04d052972e14dcfa95ab7e
-
Filesize
103KB
MD595f5fdb9f35c9b767b4c8b2ca387c797
SHA146168ef6b8204c925597867e2a1126a751a3ef90
SHA256c31355a0d6f6f5eb2963b42f93013f5de03933fa7493c872b84f94e14db0196a
SHA512adf1327cc589848b3ab75061302288a5e0781f909f3de975f38ef317b8af8380320c92a3e52a0bb37a09e4b484a9e653587074cbbf474d5ab3a397ce4c9423db