Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/10/2024, 00:30
Static task
static1
Behavioral task
behavioral1
Sample
baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
Resource
win10v2004-20241007-en
General
-
Target
baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
-
Size
91KB
-
MD5
5671c8bbf9e774c71417d4f5ab358310
-
SHA1
79c00fb2a4735798ba6ad68d0e7962568a580a47
-
SHA256
baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55
-
SHA512
5a734516e34085404bf6ada7cda5ea7e217be295879d0e2a9f643bfa4f999470ae921691c1ae3e49ef99c20ceb712be6feafdfb6aca86cb188b4700bdeedefb8
-
SSDEEP
1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGLtErm:6e76mQSohsUsUKDtErm
Malware Config
Signatures
-
Renames multiple (2789) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\7-Zip\Lang\sl.txt.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\7-Zip\Lang\hy.txt.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\bin\glass.dll.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\logging.properties.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\7-Zip\Lang\en.ttt.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
91KB
MD54e64e039c92286ea5b570083d2f2741d
SHA141135158d3aa8c08536447b8de5a2d9f3f103053
SHA256bc707ab44c59e6879ab8967a35de432798b4a4cbed19e4d7cc2638bb287d71d7
SHA512fe634d4773d66c5bf8a6c9753abdbc213e7458c989b7c65c7d79f27768489ee8d21e97c06933d30c3163d3eff74f3bc4d4020ca299b7acdf497f2dd428220bc6
-
Filesize
100KB
MD527be7056c188978759e406a8dc83b8ee
SHA1f98d1d2225b84995d3aee039ee3c31add969b57a
SHA256e8ec767eef13d64e2c8be3fc5d580623954635c5f337a2f4a1f6a4a45173e162
SHA51204ac391fc14aa06fd85161263c6821c7f9aabcae963c232fc3b86c8152e4a24c3997d2924ac89e43004e1f093ab435e905ce73db07a7214d445b663fba61e24b