Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

Haunted Wi....2.exe

windows7-x64

7

Resubmissions

14/09/2022, 14:25

220914-rrpjzaecdj 7

14/09/2022, 14:21

220914-rnzwjaaef7 7

14/09/2022, 14:09

220914-rgmydsaee6 7

14/09/2022, 05:36

220914-gan7rshch4 7

Analysis

  • max time kernel
    485s
  • max time network
    456s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2022, 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Haunted Windows 7 V2.2/Win7 V2.2.exe

  • Size

    65.8MB

  • MD5

    7b1d1b25fb79940331588e1117a31b33

  • SHA1

    18874fa1385a1a68057ed6cacd604bb128ebec01

  • SHA256

    22ff801ab08ca9ea301b93f2f1c4fa60be4499e7ee3d79736043331faae1fccf

  • SHA512

    0b826800b3bf04eec2cb86e57c5cad3d5656983c3e0c89793a091561f3a3b31b7665e0e1130eee877629f6ed5123e21d00e3504e871643ce8388392f5d94338d

  • SSDEEP

    1572864:LLAXMDsfst9nOOs9mmar/5UNP6TU1JmA93jhpTpxrEW7M3frZz:LLFsfanOOkYUNP6MJl1jh1DEFrZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Haunted Windows 7 V2.2\Win7 V2.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Haunted Windows 7 V2.2\Win7 V2.2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1640
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x578
    1⤵
      PID:1448
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x468
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\OpenURLs.mfx
      Filesize

      81KB

      MD5

      213a3941e576daf3e6f6be616a6643c1

      SHA1

      55e31d2fb7084a130e4a27fbd433704e3e840b75

      SHA256

      6d33883fe9a8fcdff9aab0e886d505a38e21a461c713e5ac7b7e0c2a65e934ae

      SHA512

      310f951c93cb54131bce7e7cdd50225b55a9168ff922e320145f8517cda27d53de55a03ef16aba107cd968a4471d1702b9c3689f5a20f55b786df31d6ab82933

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\PCShutdownOperations.mfx
      Filesize

      114KB

      MD5

      426ac6ce433939fb99a06c4924f374c9

      SHA1

      d35fdd69d7788dc4e75e615d0ca9ac011bce14f5

      SHA256

      7948de373521b28b905b0f543d8851272fa6259594aab4379abd5e330f0360ce

      SHA512

      6085240699168fea46df1210c85ac874a106fd1de0ecd2b1260a5ba05de6403d7bee48a75c2b6624f98afb55d5a392063cc73af8d2110d289ab9844942bbf7b2

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\ProgressBar.mfx
      Filesize

      25KB

      MD5

      f41343b0b41066d01c2bf5c3cd925682

      SHA1

      0fcc264778eb89648f1259b772c4a4ed6771a6f9

      SHA256

      a33dad51bdbc04a76f69944eeeb3415f3d2c5a9dda229ac0caeb0e165c651088

      SHA512

      2223ec0e5e3e378d3cf31e641ddae7fbc797b13c4e1bb5f0febf7cd7fe9623c8382cb2b6ddf23d4209efc5610af652783e1a6d18430c4e360f7aa1e27cfdd06a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\cctrans.dll
      Filesize

      150KB

      MD5

      5943fbe7ea7e689911b533741f049423

      SHA1

      441a929c70f8a387a690a297f64202088484aec9

      SHA256

      0afc8a53edb74a13a62b1421b74212b533328e4b6a9c5f2ed8a400b238fc5d29

      SHA512

      bb543a30edc5c54696a70deb8bf9681e668e0d547766cba7acd0da1e062a22721d0aea8c0f6158f39647f7e13f3312bee1270da12992466193d56c5716919443

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\kcmouse.mfx
      Filesize

      7KB

      MD5

      a3b924e8747962ba4d6f81bf31da0d2a

      SHA1

      2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

      SHA256

      8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

      SHA512

      11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\kcpop.mfx
      Filesize

      10KB

      MD5

      44557bf7ff780cfa6019c0c4119fb54a

      SHA1

      e02f00a1f9b9eae1855ca0168c362bd389fd6b8d

      SHA256

      28726ae556cbe1e2b4995ab135da1bfc72d0bc4e4f56d821e95dab738eed61a6

      SHA512

      071c11c89f59397b873d540561bc26f96651b6647f991b34ccdbb22809a16241c5e0167e892d3b660038d3fed5089c20a19eea1ca2a8607acdb6984d84cdf62e

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\kcwctrl.mfx
      Filesize

      61KB

      MD5

      0f570c5e463884ae8c3d42561c79454e

      SHA1

      61f6d2f7c9d12078d86584ccfa5645ec75148a94

      SHA256

      1c446384baf31dd6dae36fd51618fe120b3097ac6771b894ae11924404d9b392

      SHA512

      ac2dc004665857c3b8e45fb13b318f15e592fd1e22cbd693e4bbdb9b8fb3352698633492c65c80aadd8a478b6cc50a73b20cf2cd605d1fa6659de2830c31a6bb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\mmfs2.dll
      Filesize

      460KB

      MD5

      4758d460ecbb307ed90d59643046f00b

      SHA1

      2bd87c39f97b73b9db6d205bb10ae37eb82f2372

      SHA256

      3293a93c6d8a2ce529538fbdd2a81dc623fc40464efdb5348c8e039788ad1b22

      SHA512

      970a44102539ed3116c125bfcf9075e3acb8f710a338ff8ba881bbebf5111d236b3c27bf325a77d83d295aba8e836439fb6fd54a899e3ef075e1e45b6e2a1fdb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\mp3flt.sft
      Filesize

      24KB

      MD5

      f0ebc8596156d8ebf6201a10f9864305

      SHA1

      0efd689d027d2d592369c3585cdd9a0b879e6562

      SHA256

      fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

      SHA512

      7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\mrtEF4F.tmp\waveflt.sft
      Filesize

      8KB

      MD5

      5230a9c12b9829c9fd333cd8b0620011

      SHA1

      0becf7512f498c18af3b9943a4b2556a769cc8eb

      SHA256

      98134d326a09569bd5933ffcb026009575509a1bfc20384ef8eebb762aabcd38

      SHA512

      1a6a5a72fed0458152ca830941b3d07e448bb588fc61a24c97561833b882e23a529a0a78036732cca95013170a46cc5444a4d642bf05a4fa5a474d51d40789d5

      Download Submit

    • memory/1640-54-0x0000000075811000-0x0000000075813000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1640-62-0x0000000000950000-0x0000000000968000-memory.dmp

      Filesize

      96KB

      Download