Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 08:41
Static task
static1
Behavioral task
behavioral1
Sample
2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
-
Size
30KB
-
MD5
0c7e5a8a06d25a02e3d2f575efc69330
-
SHA1
166106326c853686be258c962ae160db438a4b31
-
SHA256
2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da
-
SHA512
def0fb9fb7b85390183db48670e233a30bcc8e4d4d82639b918255b582945e772f5d6cfcafaf6454165758792a01121f152565ae1c26f830df090ae34423e0f7
-
SSDEEP
192:0TD0cOQ2IwkW8jAbKpWwD42FC/8eFWY4Wgh9IBcdtM2w0ik:pcZR9jyKpWwDjFlyWY4WXc/C0v
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\bootcfg.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\dpapimig.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\label.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\TSTheme.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\cmdl32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\getmac.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\rundll32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\shutdown.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\auditpol.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\ComputerDefaults.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\regedit.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\ROUTE.EXE 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\diskraid.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\gpupdate.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\sbunattend.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\calc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\forfiles.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\ipconfig.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\mobsync.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\mshta.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\setup16.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\srdelayed.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\taskkill.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\WerFaultSecure.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\dialer.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\netbtugc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\netsh.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\sethc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\waitfor.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\attrib.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\diskperf.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\hdwwiz.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\LocationNotifications.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\MigAutoPlay.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\nslookup.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\upnpcont.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\cacls.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\mstsc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\takeown.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\tzutil.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\dvdplay.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\isoburn.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\odbcad32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\print.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\regedt32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\relog.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\runonce.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\wowreg32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\cipher.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\cttune.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\help.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\Utilman.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\AtBroker.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\fc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\mspaint.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\printui.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\rasdial.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\resmon.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\shrpubw.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\wusa.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\dllhost.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\SysWOW64\dplaysvr.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File opened for modification C:\Windows\explorer.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\hh.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\notepad.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\splwow64.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\twunk_32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\bfsvc.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\fveupdate.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\HelpPane.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\twunk_16.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\winhlp32.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe File opened for modification C:\Windows\write.exe 2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe