Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21/10/2022, 00:54
Static task
static1
Behavioral task
behavioral1
Sample
5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe
-
Size
13KB
-
MD5
7b3a29b687c346cfb3be0ddc2705ebce
-
SHA1
37e53e167b03d8a5f7ab919d4494791bcee8cb2d
-
SHA256
5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be
-
SHA512
41f98830a874ea1bc5bffa2ebffd223c0f9366faf8333413fb9540f38d69c3f1af1b26b4a39b0fd97b73e0444bf4860013f3e1ae30a5cecc85e56704c5a2b72e
-
SSDEEP
384:8Oa+ijNOY9rkyIDaFErNSrzNvOcal9qgeOJ:Z1uAkERoZp9OJ
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 5 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File created \??\c:\Program Files\desktop.ini 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\desktop.ini 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\kaa.txt 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACETXT.DLL 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmcachemgr_xl.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\ja.pak 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\uz.txt 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\oledbvbs.inc 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.exe 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msotd.exe 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\es-419.pak 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar 5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3360 648 WerFault.exe 23
Processes
-
C:\Users\Admin\AppData\Local\Temp\5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe"C:\Users\Admin\AppData\Local\Temp\5956d6697f3eee17eeebfd18f130e2f512a08b6b39d8f810beceb584670c41be.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:648 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 5882⤵
- Program crash
PID:3360
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 648 -ip 6481⤵PID:4932