Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 20:12
Behavioral task
behavioral1
Sample
4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
-
Size
1.3MB
-
MD5
6bcb3899524409e25df2ab34d2b4fa80
-
SHA1
2c19192beff2cb105234bf7f5192867b566ce03e
-
SHA256
4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0
-
SHA512
bf8d616102887b18d6174b3c473397c7cfe2ac4a585f0eab8778c8d8203a1a6dc9ef24804db5be0667c6fabfb880447d577bd67d8a847e8bcc1a2323c5a9a2c5
-
SSDEEP
12288:1pXlQnDXSgzyUfKRzS1RzSzittmDbi7ce9WXOmDbi7ce9WXw:1pXlYJyUf9KzitGxX9xXw
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1644-54-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/memory/1644-55-0x0000000000400000-0x000000000040F000-memory.dmp upx -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\explorer.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\MediaCenterWebLauncher.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\ehshell.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\ehsched.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\fveupdate.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\WTVConverter.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\ehrecvr.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\McxTask.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\ehrec.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\ehome\ehtray.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe 4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe