Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
04/10/2022, 04:49
General
-
Target
7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f.exe
-
Size
42KB
-
MD5
44eb3d88f54f445d6896f99d23c055a9
-
SHA1
4076dc5fff3f965a02e505dad1217cbba5717a7e
-
SHA256
7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f
-
SHA512
39b976bad403e2a1454d8273791e39533e91ef80753e0c2b5f41cef33e18f3d2d1c164077e9338b7c88cfd528cc00a390fc2f337a603a8f7959ba80bdde34037
-
SSDEEP
768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888l:BzOCay4wV339rPjzbpLwRJ9pSdoII
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 8 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 4 IoCs
-
ASPack v2.12-2.42 18 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE 12 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 29 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 20 IoCs
-
Suspicious use of WriteProcessMemory 38 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f.exe"C:\Users\Admin\AppData\Local\Temp\7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f.exe"1⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\recycled\SVCHOST.EXEC:\recycled\SVCHOST.EXE :agent2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\recycled\SVCHOST.EXEC:\recycled\SVCHOST.EXE :agent3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\SPOOLSV.EXEC:\recycled\SPOOLSV.EXE :agent3⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\recycled\SVCHOST.EXEC:\recycled\SVCHOST.EXE :agent4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\SPOOLSV.EXEC:\recycled\SPOOLSV.EXE :agent4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\CTFMON.EXEC:\recycled\CTFMON.EXE :agent4⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\recycled\SVCHOST.EXEC:\recycled\SVCHOST.EXE :agent5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\SPOOLSV.EXEC:\recycled\SPOOLSV.EXE :agent5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\CTFMON.EXEC:\recycled\CTFMON.EXE :agent5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\recycled\CTFMON.EXEC:\recycled\CTFMON.EXE :agent3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\recycled\SPOOLSV.EXEC:\recycled\SPOOLSV.EXE :agent2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\recycled\CTFMON.EXEC:\recycled\CTFMON.EXE :agent2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f.doc" /o ""2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD55962e262161173918965a4d0db5c65ac
SHA13613de872d6085d1f86aeb7b958b31b4bb859c8f
SHA2568d0bd2648ee42f19f518585735e62985f8a6f7265e3d86ca40185fde6c5c30ee
SHA51292217673a3090d9311ab647b6663b64008f39277d4528eb7e76385821e6e6483952c81a28fa8baf47f12bba7fb3571cf3502e9e144260c42ab2e5e858e8bc628
-
Filesize
42KB
MD55962e262161173918965a4d0db5c65ac
SHA13613de872d6085d1f86aeb7b958b31b4bb859c8f
SHA2568d0bd2648ee42f19f518585735e62985f8a6f7265e3d86ca40185fde6c5c30ee
SHA51292217673a3090d9311ab647b6663b64008f39277d4528eb7e76385821e6e6483952c81a28fa8baf47f12bba7fb3571cf3502e9e144260c42ab2e5e858e8bc628
-
Filesize
42KB
MD55962e262161173918965a4d0db5c65ac
SHA13613de872d6085d1f86aeb7b958b31b4bb859c8f
SHA2568d0bd2648ee42f19f518585735e62985f8a6f7265e3d86ca40185fde6c5c30ee
SHA51292217673a3090d9311ab647b6663b64008f39277d4528eb7e76385821e6e6483952c81a28fa8baf47f12bba7fb3571cf3502e9e144260c42ab2e5e858e8bc628
-
Filesize
42KB
MD55962e262161173918965a4d0db5c65ac
SHA13613de872d6085d1f86aeb7b958b31b4bb859c8f
SHA2568d0bd2648ee42f19f518585735e62985f8a6f7265e3d86ca40185fde6c5c30ee
SHA51292217673a3090d9311ab647b6663b64008f39277d4528eb7e76385821e6e6483952c81a28fa8baf47f12bba7fb3571cf3502e9e144260c42ab2e5e858e8bc628
-
Filesize
42KB
MD50c717c76cd2b88f2647d0553e1417ad9
SHA1b0803966169600f8c5d1314e833e7904fa0091c4
SHA2565d9b701f03ecd155ead220a6879e5b564b10b33844d332e92c59cad1950466f0
SHA5124dec5a0f53be75d9f0a16471840c075560ea1161c3938b86d42a0403d55390cda2eff11a9dde490bce78e9bafa7eb8c05a927d2940ef660bb01256e975efb77c
-
Filesize
42KB
MD50c717c76cd2b88f2647d0553e1417ad9
SHA1b0803966169600f8c5d1314e833e7904fa0091c4
SHA2565d9b701f03ecd155ead220a6879e5b564b10b33844d332e92c59cad1950466f0
SHA5124dec5a0f53be75d9f0a16471840c075560ea1161c3938b86d42a0403d55390cda2eff11a9dde490bce78e9bafa7eb8c05a927d2940ef660bb01256e975efb77c
-
Filesize
42KB
MD50c717c76cd2b88f2647d0553e1417ad9
SHA1b0803966169600f8c5d1314e833e7904fa0091c4
SHA2565d9b701f03ecd155ead220a6879e5b564b10b33844d332e92c59cad1950466f0
SHA5124dec5a0f53be75d9f0a16471840c075560ea1161c3938b86d42a0403d55390cda2eff11a9dde490bce78e9bafa7eb8c05a927d2940ef660bb01256e975efb77c
-
Filesize
42KB
MD50c717c76cd2b88f2647d0553e1417ad9
SHA1b0803966169600f8c5d1314e833e7904fa0091c4
SHA2565d9b701f03ecd155ead220a6879e5b564b10b33844d332e92c59cad1950466f0
SHA5124dec5a0f53be75d9f0a16471840c075560ea1161c3938b86d42a0403d55390cda2eff11a9dde490bce78e9bafa7eb8c05a927d2940ef660bb01256e975efb77c
-
Filesize
42KB
MD530329e71cb77b653fb97f2c49cf066bf
SHA136e71441147ecd3e520b6a7fe5da3ff66dde428e
SHA2569f6fb13e5ced63b7b3be2d718153c66ae18d3b7c5844dde6201f110e37c36d78
SHA5121caf3cc2c0e6da029430bed24848faafacfdef4fcda95cb105c22ad23402f8302a52911020cf64744e28e8d16e722a354761753cd60ae1849b5f8f172125cef0
-
Filesize
42KB
MD530329e71cb77b653fb97f2c49cf066bf
SHA136e71441147ecd3e520b6a7fe5da3ff66dde428e
SHA2569f6fb13e5ced63b7b3be2d718153c66ae18d3b7c5844dde6201f110e37c36d78
SHA5121caf3cc2c0e6da029430bed24848faafacfdef4fcda95cb105c22ad23402f8302a52911020cf64744e28e8d16e722a354761753cd60ae1849b5f8f172125cef0
-
Filesize
42KB
MD530329e71cb77b653fb97f2c49cf066bf
SHA136e71441147ecd3e520b6a7fe5da3ff66dde428e
SHA2569f6fb13e5ced63b7b3be2d718153c66ae18d3b7c5844dde6201f110e37c36d78
SHA5121caf3cc2c0e6da029430bed24848faafacfdef4fcda95cb105c22ad23402f8302a52911020cf64744e28e8d16e722a354761753cd60ae1849b5f8f172125cef0
-
Filesize
42KB
MD530329e71cb77b653fb97f2c49cf066bf
SHA136e71441147ecd3e520b6a7fe5da3ff66dde428e
SHA2569f6fb13e5ced63b7b3be2d718153c66ae18d3b7c5844dde6201f110e37c36d78
SHA5121caf3cc2c0e6da029430bed24848faafacfdef4fcda95cb105c22ad23402f8302a52911020cf64744e28e8d16e722a354761753cd60ae1849b5f8f172125cef0
-
Filesize
2KB
MD51a1dce35d60d2c70ca8894954fd5d384
SHA158547dd65d506c892290755010d0232da34ee000
SHA2562661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c
SHA5124abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e
-
Filesize
2KB
MD51a1dce35d60d2c70ca8894954fd5d384
SHA158547dd65d506c892290755010d0232da34ee000
SHA2562661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c
SHA5124abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e
-
Filesize
2KB
MD51a1dce35d60d2c70ca8894954fd5d384
SHA158547dd65d506c892290755010d0232da34ee000
SHA2562661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c
SHA5124abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e
-
Filesize
42KB
MD55cec1e5bf1cbccc6e443ecc9aa7ac984
SHA164a0ac3cd8d78578d74d67c09d96e34b1e052619
SHA256a8cfd8f60b1025f4bdb53df5aa316a295608a12599b71d4537051121a2569fa1
SHA512f252b889905aeaaa2da043eda10554912b25df3ca1d44fe104d7ff390ae342a875c1c6cc15a1c43dd4fbb88f70f38a2d042226e4a106306658484e1788badfda
-
Filesize
42KB
MD579dec76c914d0d32999d8ff5f92ed12e
SHA160eb964b87b91eacb7989912370c41b11a0a4fec
SHA256f2d1723698ae9ac67b9a874cef72c73809376583e2cbb1036f07e42bd4a7d888
SHA512a403d79ff71f06946bba7b60f6d22be8d8200854778714198f8d5e0c9bd2af5894332f056e3863c6bd109d78966839755fae0dbe5cd488bfe37a01fc735abcf5
-
Filesize
42KB
MD5debaffeb2a78b752b8e1ea6e5005cee5
SHA16ef96cc76bf635321a1041bd00de3fc2ce94b734
SHA2564f53cc5d9b338bbd4e9d741c7e765e61925a95bc28a78d1beafd72a68c5aa457
SHA512f452a193f73f912db135210fe096416b7407ac0604b3ba02c440e4a1bd6621fee056567b0dcb01da8904f56d7bde74c6cb0b1b6dcd737e59a827b2313877d195
-
Filesize
42KB
MD55962e262161173918965a4d0db5c65ac
SHA13613de872d6085d1f86aeb7b958b31b4bb859c8f
SHA2568d0bd2648ee42f19f518585735e62985f8a6f7265e3d86ca40185fde6c5c30ee
SHA51292217673a3090d9311ab647b6663b64008f39277d4528eb7e76385821e6e6483952c81a28fa8baf47f12bba7fb3571cf3502e9e144260c42ab2e5e858e8bc628
-
Filesize
42KB
MD50c717c76cd2b88f2647d0553e1417ad9
SHA1b0803966169600f8c5d1314e833e7904fa0091c4
SHA2565d9b701f03ecd155ead220a6879e5b564b10b33844d332e92c59cad1950466f0
SHA5124dec5a0f53be75d9f0a16471840c075560ea1161c3938b86d42a0403d55390cda2eff11a9dde490bce78e9bafa7eb8c05a927d2940ef660bb01256e975efb77c
-
Filesize
42KB
MD530329e71cb77b653fb97f2c49cf066bf
SHA136e71441147ecd3e520b6a7fe5da3ff66dde428e
SHA2569f6fb13e5ced63b7b3be2d718153c66ae18d3b7c5844dde6201f110e37c36d78
SHA5121caf3cc2c0e6da029430bed24848faafacfdef4fcda95cb105c22ad23402f8302a52911020cf64744e28e8d16e722a354761753cd60ae1849b5f8f172125cef0
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB