Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

Haunted Wi....2.exe

windows10-2004-x64

7

Resubmissions

14/09/2022, 14:25

220914-rrpjzaecdj 7

14/09/2022, 14:21

220914-rnzwjaaef7 7

14/09/2022, 14:09

220914-rgmydsaee6 7

14/09/2022, 05:36

220914-gan7rshch4 7

Analysis

  • max time kernel
    1407s
  • max time network
    1233s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2022, 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Haunted Windows 7 V2.2/Win7 V2.2.exe

  • Size

    65.8MB

  • MD5

    7b1d1b25fb79940331588e1117a31b33

  • SHA1

    18874fa1385a1a68057ed6cacd604bb128ebec01

  • SHA256

    22ff801ab08ca9ea301b93f2f1c4fa60be4499e7ee3d79736043331faae1fccf

  • SHA512

    0b826800b3bf04eec2cb86e57c5cad3d5656983c3e0c89793a091561f3a3b31b7665e0e1130eee877629f6ed5123e21d00e3504e871643ce8388392f5d94338d

  • SSDEEP

    1572864:LLAXMDsfst9nOOs9mmar/5UNP6TU1JmA93jhpTpxrEW7M3frZz:LLFsfanOOkYUNP6MJl1jh1DEFrZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Haunted Windows 7 V2.2\Win7 V2.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Haunted Windows 7 V2.2\Win7 V2.2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2740
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x33c 0x394
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\OpenURLs.mfx
    Filesize

    81KB

    MD5

    213a3941e576daf3e6f6be616a6643c1

    SHA1

    55e31d2fb7084a130e4a27fbd433704e3e840b75

    SHA256

    6d33883fe9a8fcdff9aab0e886d505a38e21a461c713e5ac7b7e0c2a65e934ae

    SHA512

    310f951c93cb54131bce7e7cdd50225b55a9168ff922e320145f8517cda27d53de55a03ef16aba107cd968a4471d1702b9c3689f5a20f55b786df31d6ab82933

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\OpenURLs.mfx
    Filesize

    81KB

    MD5

    213a3941e576daf3e6f6be616a6643c1

    SHA1

    55e31d2fb7084a130e4a27fbd433704e3e840b75

    SHA256

    6d33883fe9a8fcdff9aab0e886d505a38e21a461c713e5ac7b7e0c2a65e934ae

    SHA512

    310f951c93cb54131bce7e7cdd50225b55a9168ff922e320145f8517cda27d53de55a03ef16aba107cd968a4471d1702b9c3689f5a20f55b786df31d6ab82933

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\PCShutdownOperations.mfx
    Filesize

    114KB

    MD5

    426ac6ce433939fb99a06c4924f374c9

    SHA1

    d35fdd69d7788dc4e75e615d0ca9ac011bce14f5

    SHA256

    7948de373521b28b905b0f543d8851272fa6259594aab4379abd5e330f0360ce

    SHA512

    6085240699168fea46df1210c85ac874a106fd1de0ecd2b1260a5ba05de6403d7bee48a75c2b6624f98afb55d5a392063cc73af8d2110d289ab9844942bbf7b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\ProgressBar.mfx
    Filesize

    25KB

    MD5

    f41343b0b41066d01c2bf5c3cd925682

    SHA1

    0fcc264778eb89648f1259b772c4a4ed6771a6f9

    SHA256

    a33dad51bdbc04a76f69944eeeb3415f3d2c5a9dda229ac0caeb0e165c651088

    SHA512

    2223ec0e5e3e378d3cf31e641ddae7fbc797b13c4e1bb5f0febf7cd7fe9623c8382cb2b6ddf23d4209efc5610af652783e1a6d18430c4e360f7aa1e27cfdd06a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\ProgressBar.mfx
    Filesize

    25KB

    MD5

    f41343b0b41066d01c2bf5c3cd925682

    SHA1

    0fcc264778eb89648f1259b772c4a4ed6771a6f9

    SHA256

    a33dad51bdbc04a76f69944eeeb3415f3d2c5a9dda229ac0caeb0e165c651088

    SHA512

    2223ec0e5e3e378d3cf31e641ddae7fbc797b13c4e1bb5f0febf7cd7fe9623c8382cb2b6ddf23d4209efc5610af652783e1a6d18430c4e360f7aa1e27cfdd06a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\cctrans.dll
    Filesize

    150KB

    MD5

    5943fbe7ea7e689911b533741f049423

    SHA1

    441a929c70f8a387a690a297f64202088484aec9

    SHA256

    0afc8a53edb74a13a62b1421b74212b533328e4b6a9c5f2ed8a400b238fc5d29

    SHA512

    bb543a30edc5c54696a70deb8bf9681e668e0d547766cba7acd0da1e062a22721d0aea8c0f6158f39647f7e13f3312bee1270da12992466193d56c5716919443

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\kcmouse.mfx
    Filesize

    7KB

    MD5

    a3b924e8747962ba4d6f81bf31da0d2a

    SHA1

    2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

    SHA256

    8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

    SHA512

    11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\kcmouse.mfx
    Filesize

    7KB

    MD5

    a3b924e8747962ba4d6f81bf31da0d2a

    SHA1

    2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

    SHA256

    8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

    SHA512

    11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\kcpop.mfx
    Filesize

    10KB

    MD5

    44557bf7ff780cfa6019c0c4119fb54a

    SHA1

    e02f00a1f9b9eae1855ca0168c362bd389fd6b8d

    SHA256

    28726ae556cbe1e2b4995ab135da1bfc72d0bc4e4f56d821e95dab738eed61a6

    SHA512

    071c11c89f59397b873d540561bc26f96651b6647f991b34ccdbb22809a16241c5e0167e892d3b660038d3fed5089c20a19eea1ca2a8607acdb6984d84cdf62e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\kcpop.mfx
    Filesize

    10KB

    MD5

    44557bf7ff780cfa6019c0c4119fb54a

    SHA1

    e02f00a1f9b9eae1855ca0168c362bd389fd6b8d

    SHA256

    28726ae556cbe1e2b4995ab135da1bfc72d0bc4e4f56d821e95dab738eed61a6

    SHA512

    071c11c89f59397b873d540561bc26f96651b6647f991b34ccdbb22809a16241c5e0167e892d3b660038d3fed5089c20a19eea1ca2a8607acdb6984d84cdf62e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\kcwctrl.mfx
    Filesize

    61KB

    MD5

    0f570c5e463884ae8c3d42561c79454e

    SHA1

    61f6d2f7c9d12078d86584ccfa5645ec75148a94

    SHA256

    1c446384baf31dd6dae36fd51618fe120b3097ac6771b894ae11924404d9b392

    SHA512

    ac2dc004665857c3b8e45fb13b318f15e592fd1e22cbd693e4bbdb9b8fb3352698633492c65c80aadd8a478b6cc50a73b20cf2cd605d1fa6659de2830c31a6bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\mmfs2.dll
    Filesize

    460KB

    MD5

    4758d460ecbb307ed90d59643046f00b

    SHA1

    2bd87c39f97b73b9db6d205bb10ae37eb82f2372

    SHA256

    3293a93c6d8a2ce529538fbdd2a81dc623fc40464efdb5348c8e039788ad1b22

    SHA512

    970a44102539ed3116c125bfcf9075e3acb8f710a338ff8ba881bbebf5111d236b3c27bf325a77d83d295aba8e836439fb6fd54a899e3ef075e1e45b6e2a1fdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\mp3flt.sft
    Filesize

    24KB

    MD5

    f0ebc8596156d8ebf6201a10f9864305

    SHA1

    0efd689d027d2d592369c3585cdd9a0b879e6562

    SHA256

    fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

    SHA512

    7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\mp3flt.sft
    Filesize

    24KB

    MD5

    f0ebc8596156d8ebf6201a10f9864305

    SHA1

    0efd689d027d2d592369c3585cdd9a0b879e6562

    SHA256

    fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

    SHA512

    7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\waveflt.sft
    Filesize

    8KB

    MD5

    5230a9c12b9829c9fd333cd8b0620011

    SHA1

    0becf7512f498c18af3b9943a4b2556a769cc8eb

    SHA256

    98134d326a09569bd5933ffcb026009575509a1bfc20384ef8eebb762aabcd38

    SHA512

    1a6a5a72fed0458152ca830941b3d07e448bb588fc61a24c97561833b882e23a529a0a78036732cca95013170a46cc5444a4d642bf05a4fa5a474d51d40789d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrt7302.tmp\waveflt.sft
    Filesize

    8KB

    MD5

    5230a9c12b9829c9fd333cd8b0620011

    SHA1

    0becf7512f498c18af3b9943a4b2556a769cc8eb

    SHA256

    98134d326a09569bd5933ffcb026009575509a1bfc20384ef8eebb762aabcd38

    SHA512

    1a6a5a72fed0458152ca830941b3d07e448bb588fc61a24c97561833b882e23a529a0a78036732cca95013170a46cc5444a4d642bf05a4fa5a474d51d40789d5

    Download Submit

  • memory/2740-140-0x00000000013C1000-0x00000000013C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2740-137-0x0000000001391000-0x0000000001393000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2740-145-0x00000000013E0000-0x00000000013F8000-memory.dmp

    Filesize

    96KB

    Download