Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2022, 01:29
Static task
static1
Behavioral task
behavioral1
Sample
b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe
-
Size
649KB
-
MD5
0fc99ee25756d010c29e2ca27967f286
-
SHA1
396f140df596844eca63bfcca500b11d52a0aba4
-
SHA256
b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a
-
SHA512
c995854e9d1fc370d0d0abdd8530cebfc134dd757eefd1f4b8f3321f8d672952c5c4a791783595fb4e63abbd0717e2c343ca177bc104dd05e8bb5d56e68c4696
-
SSDEEP
3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNF:aZmqt6Qyiy3b6CR10TY8JOArF9S9
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe" b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers32\Train Simulator 2 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Quake III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Thief III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Soul Reaver 3 No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Kings of War Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\EverQuest 2 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Enemy Territory Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\WindowBlinds 4.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\WinAce 2.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\ICUII 5.7 Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Silent Hill III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Elder Scrolls III - Tribunal No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Halo Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Paint Shop Pro 8.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Thief 2 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Splinter Cell No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Neverwinter Nights - Shadows of Undrentide No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\DOOM III No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Microangelo 5.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Midtown Madness III No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Black & White 2 No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\mIRC 6.03 Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\NBA Live 2004 No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Warcraft III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\EverQuest 2 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of EverQuest No-Cd Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Microangelo 6.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.x Crack.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\DOOM III Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File opened for modification C:\Windows\SysWOW64\drivers32\Winamp 3.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe File created C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1264 wrote to memory of 4248 1264 b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe 89 PID 1264 wrote to memory of 4248 1264 b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe 89 PID 1264 wrote to memory of 4248 1264 b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe"C:\Users\Admin\AppData\Local\Temp\b5e9c5b11f7b8ad4b95ba5a0a50e3ce6e20a5946f765711a75b8019e2cceb09a.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1264 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\$$$$$.bat2⤵PID:4248
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD5035589f3f5d8fc361afbf3181e79ec67
SHA15b9eddab7725829270125a20ddcba3c54578396c
SHA256fb383adc40c086bcda3f22b4db183d6385f56f4c32414fb258664ca4417ce736
SHA5129a8838066a69895dde41a08c9645abbc4b9e8887c7106b733a96b798f89c47f691d2fd853dbecb500496d6f737912e1c98e4444b3ab6f0edfe6a398a0864d859