Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/11/2022, 11:55
Static task
static1
Behavioral task
behavioral1
Sample
d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe
-
Size
12KB
-
MD5
210eee44d1d313f8138b07ecfff661f0
-
SHA1
2d5d6ec110f074e6a2dd4483bf6ace75648b1952
-
SHA256
d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319
-
SHA512
a4a7a90488f12f2d4699a243b8d6fa9f24a8ecf5bea2fd9f7cdab6adc910b2826108bd9e25418917db0ff34c316d41d5cb9552b37ffdb83f59eef257d9ddec39
-
SSDEEP
192:Lv911t1RN12Eay6+KTON/2qZ4uuqHagMtMYihz+ZpJxmjWh8P5t8WBJ0El:r1t1L11ay6P85HDS6hz+hAjWh8P5t8Wd
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\expand.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\mountvol.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\msra.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\PushPrinterConnections.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\RunLegacyCPLElevated.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\systeminfo.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\compact.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\dfrgui.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\lodctr.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\makecab.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\NETSTAT.EXE d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\WPDShextAutoplay.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\xcopy.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\dcomcnfg.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\ieUnatt.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\OptionalFeatures.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\syskey.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\tcmsetup.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\winrs.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\fsutil.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\ctfmon.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\DevicePairingWizard.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\dvdupgrd.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\powercfg.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\sbunattend.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\SearchIndexer.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\sfc.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\chkntfs.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\user.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\wiaacmgr.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\tracerpt.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\iexpress.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\iscsicpl.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\regedt32.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\regini.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\RmClient.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\UserAccountControlSettings.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\extrac32.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\dnscacheugc.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\gpresult.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\iscsicli.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\logagent.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\mshta.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\SearchFilterHost.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\SndVol.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\cttunesvr.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\wimserv.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\calc.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\at.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\eventcreate.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\gpupdate.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\recover.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\shrpubw.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\dplaysvr.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\netiougc.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\rekeywiz.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\RMActivate_isv.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\verclsid.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\ipconfig.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\colorcpl.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\ComputerDefaults.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\cleanmgr.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\finger.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\SysWOW64\TRACERT.EXE d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File opened for modification C:\Windows\notepad.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\twunk_16.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\winhlp32.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\write.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\fveupdate.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\HelpPane.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\hh.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\splwow64.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\twunk_32.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\bfsvc.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe File opened for modification C:\Windows\explorer.exe d7df73b23217f0b9a80a13979c1c57eeb0b1aacecc776036d09cb0ef6226b319.exe