Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24/11/2022, 01:12
Static task
static1
Behavioral task
behavioral1
Sample
bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe
-
Size
18KB
-
MD5
025c130b4f3f71a92eaa5427d372d7a0
-
SHA1
0b179487e85c402ca0d8afd4d8ac433d7a65ff99
-
SHA256
bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a
-
SHA512
2b5858971f860872915a68ac54f56070ad66a37183da6fa17fb1857dc18a7cfa4b31642d52428b0be9453eacf88007fe7b3b3d9aac1bc867a3c9f64a50f83e45
-
SSDEEP
384:HlICfbOf8BZHXICfZS9DTEHnRQNS+WGaWlMZ69G:h+MZHl7uOZ4G
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 62 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\ieUnatt.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\RmClient.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\UserAccountControlSettings.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\wevtutil.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\diskraid.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\Dism.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\HOSTNAME.EXE bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\systeminfo.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\DpiScaling.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\label.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\certreq.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\cmdl32.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\credwiz.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\ctfmon.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\Magnify.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\runas.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\autofmt.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\cttunesvr.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\doskey.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\logman.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\sxstrace.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\WerFaultSecure.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\DisplaySwitch.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\lodctr.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\makecab.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\RMActivate.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\odbcconf.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\gpscript.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\ntprint.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\TCPSVCS.EXE bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\user.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\efsui.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\fixmapi.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\hh.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\RunLegacyCPLElevated.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\ntoskrnl.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\sdiagnhost.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\secinit.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\mmc.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\wimserv.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\proquota.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\ntkrnlpa.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\ReAgentc.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\regedt32.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\sdchange.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\convert.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\driverquery.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\eventcreate.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\iexpress.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\msinfo32.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\typeperf.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\PushPrinterConnections.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\SystemPropertiesProtection.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\RMActivate_ssp_isv.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\systray.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\userinit.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\bootcfg.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\chkdsk.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\dllhst3g.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe File opened for modification C:\Windows\SysWOW64\mspaint.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\twunk_32.exe bd917e2399cb43d775be10caa9d77e9afd72682c0cf9c2f550b55cd66d51a49a.exe