Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe
Resource
win7-20220812-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe
-
Size
131KB
-
MD5
835a4b6ab32bf1eb4932ba6674cd0fc0
-
SHA1
0e743bd1011dc2ef42055db658afa45462833d10
-
SHA256
0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af
-
SHA512
9d657a8ec9d9155f6a58ad61b1d6cde139a2cffcccd8b284c428fd18f957a0040a4f0ca7d56e75ee693354a57b98983de8cf0a42378be7ae9fcb24752a89344f
-
SSDEEP
3072:EzxtzxywkhuRVFJ3T2xXzcyk2TWM7+9PCzItIHhhHyTtqCEsG:qZywIEV33T3CTWMcCEYXy
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\LKGGOPABUH = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe" 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe File opened for modification C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\International 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe 1384 0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe"C:\Users\Admin\AppData\Local\Temp\0690c7f35cf80ec224d1af3744f97ebcbda79a705b78fe0978418b6dbedf39af.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1384