Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14/10/2022, 10:48
Static task
static1
Behavioral task
behavioral1
Sample
a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe
-
Size
14KB
-
MD5
63b5adacdf2b15e5375c3c8cb089c990
-
SHA1
4ff8a6cea5971a17934c7bd4f23e12db2fefc331
-
SHA256
a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28
-
SHA512
b4dd3bb8824adfb92d5431d71b43a22beb371d6c75705bc6c36a4854c3c012ec52b61bf49069706edb62f295887488b0fedc496522d153cdec50b44fc4a5855d
-
SSDEEP
192:ieBPEdRsL4b1jnkr5i2G9xjd/Qrg/jTuu9QMydMn0sS0vsf7xc8WS81g9WnKqZ21:VP6e6UE2c/TABsS0Ef7JWS81g9WPZ69t
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\driverquery.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\findstr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\iscsicpl.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\MuiUnattend.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\RpcPing.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\sbunattend.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\autoconv.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\dplaysvr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\mountvol.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\netsh.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\netiougc.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\sc.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\syskey.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\xpsrchvw.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\shutdown.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\SystemPropertiesHardware.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\xcopy.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\CertEnrollCtrl.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\eventvwr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\newdev.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\RMActivate_ssp_isv.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\compact.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\msinfo32.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\ntprint.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\prevhost.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\control.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\forfiles.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\systeminfo.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\verclsid.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\lodctr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\sdiagnhost.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\srdelayed.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\winver.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\wusa.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\dpnsvr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\dvdupgrd.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\mshta.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\perfmon.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\notepad.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\icardagt.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\regedit.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\sethc.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\HOSTNAME.EXE a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\nslookup.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\RegisterIEPKEYs.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\timeout.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\raserver.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\shrpubw.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\winrs.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\doskey.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\dpapimig.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\icacls.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\LocationNotifications.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\logagent.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\NETSTAT.EXE a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\isoburn.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\mobsync.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\ocsetup.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\verifier.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\ComputerDefaults.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\fltMC.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\gpresult.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\InfDefaultInstall.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\SysWOW64\cttunesvr.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\ehome\loadmxf.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\ehome\McxTask.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\ehome\WTVConverter.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\twunk_32.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\bfsvc.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe File opened for modification C:\Windows\ehome\ehmsas.exe a038c44259f5d3f77ae18c26d05e896bbb71c4ae732c842c2ca44d5171eb0b28.exe