Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/10/2024, 00:34
Behavioral task
behavioral1
Sample
78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
Resource
win10v2004-20241007-en
General
-
Target
78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
-
Size
64KB
-
MD5
b0907e7f0d00fe6aa00e79d14fc040e0
-
SHA1
b65a5a0560c1c7957f0dbd831ca9524b838e3273
-
SHA256
78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315
-
SHA512
9cc0f91a8d17ebbe62b87b7bfa40b1f6206740e8efdaf8409e90bbac478529b646f30bec1ad32a7a11efbbcad6ec6570eff257243c2f4c9e06e009aa5c772f16
-
SSDEEP
768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n05:V7Zf/FAxTWoJJ7TU3n0Wn05
Malware Config
Signatures
-
Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2816-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000b000000012259-2.dat upx behavioral1/files/0x000400000001043d-6.dat upx behavioral1/memory/2816-68-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5ec24af4f52c9442bad1cec63d0a748c8
SHA192dee1f8232d966fbe8f18784cdf8f7d26152a7e
SHA2564c949c712916bf5d76b323e4ffbc5a221a26b86aacaa3512134cf7793fe9bc7e
SHA512d6f5694464d9dfabecb7ccd1d650f6a5a711c80c561a7cf3a380b9a98c87de72eae17504163f2151f3b6283b9cf77df62c8bd9d926138d763c2a66259d5d4314
-
Filesize
73KB
MD50eeef4f75d90014e3893eb16e9d65300
SHA1cc6f195456f15f87c870e30466bd3b36573a7d5d
SHA256aa6ef0577b734a4d44f1979f0569078fd14e61838bed54009cf77e220e984e96
SHA51242bfbf33452fe21cb0f62af770e6952ecf4865f5a620d1b82472ce995d4578b52ba8ff1ab893f3eaa6addd7bb4bd1ac63d97e8172f0e3e3e71968935d768842a