Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24/11/2022, 06:38
Static task
static1
Behavioral task
behavioral1
Sample
NetKeeper杀手.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
NetKeeper杀手.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
更多软件下载.url
Resource
win7-20220812-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
更多软件下载.url
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
飘荡软件.url
Resource
win7-20220812-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
飘荡软件.url
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
NetKeeper杀手.exe
-
Size
400KB
-
MD5
61f9498bd33ba1e43003d91159d3df3a
-
SHA1
3d982765dd94ce5e7b6bff712cdce9c252219df2
-
SHA256
e48adc807ec9e73288d4a8bcead379bfa82690149d3169b92f9a9da06c8e4893
-
SHA512
50ea8ef4207a451c298cd583ea49a76ab204bc172631b56f21bfd2199670aafe6480d62f0750b4581be1ca19f3f20dadcb22e97a6fbb0f5bd5fd319bb736b90a
-
SSDEEP
6144:BHKJzrxersrjrer5ksrY605TksLqYgJHbULj0h9VKp:knArsrjrer5k6Y6+aY2HoA9Vw
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1688 NetKeeper杀手.exe -
Suspicious behavior: MapViewOfSection 21 IoCs
pid Process 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe 1688 NetKeeper杀手.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1688 NetKeeper杀手.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 368 1688 NetKeeper杀手.exe 5 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 380 1688 NetKeeper杀手.exe 4 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 416 1688 NetKeeper杀手.exe 3 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 460 1688 NetKeeper杀手.exe 2 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 476 1688 NetKeeper杀手.exe 1 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 484 1688 NetKeeper杀手.exe 8 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 600 1688 NetKeeper杀手.exe 26 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 680 1688 NetKeeper杀手.exe 25 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 756 1688 NetKeeper杀手.exe 24 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 820 1688 NetKeeper杀手.exe 23 PID 1688 wrote to memory of 860 1688 NetKeeper杀手.exe 22 PID 1688 wrote to memory of 860 1688 NetKeeper杀手.exe 22 PID 1688 wrote to memory of 860 1688 NetKeeper杀手.exe 22 PID 1688 wrote to memory of 860 1688 NetKeeper杀手.exe 22
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:476
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe1⤵PID:460
-
C:\Windows\system32\taskhost.exe"taskhost.exe"2⤵PID:1160
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe2⤵PID:1640
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation2⤵PID:1108
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork2⤵PID:1056
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe2⤵PID:452
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService2⤵PID:292
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs2⤵PID:896
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService2⤵PID:860
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted2⤵PID:820
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted2⤵PID:756
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS2⤵PID:680
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch2⤵PID:600
-
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:416
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:380
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:368
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:484
-
-
\\?\C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R1⤵PID:1128
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\NetKeeper杀手.exe"C:\Users\Admin\AppData\Local\Temp\NetKeeper杀手.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
-
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵PID:1232