Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3568374008...5a.exe

windows7-x64

10

3568374008...5a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    392s
  • max time network
    394s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35683740082d9d1598ff9bb34553468caf86c5e97dd73a57d1086a045178475a.exe

  • Size

    72KB

  • MD5

    023457d70aee38eb4431b2b99063d814

  • SHA1

    1104c468ea90ce907bcbdcceb62238f7fee3781f

  • SHA256

    35683740082d9d1598ff9bb34553468caf86c5e97dd73a57d1086a045178475a

  • SHA512

    1fa4eef0089e2c45681e337180a430257060ef5fddb7d9ee8ebfd00a96018d8d6c0e368b10ae1bee965e02b3cd42023c6144c039c5db7ab45b6e4927f43f6fde

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2B:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPV

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
    evasion
  • Disables RegEdit via registry modification 8 IoCs
    evasion
  • Executes dropped EXE 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • System policy modification 1 TTPs 16 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\35683740082d9d1598ff9bb34553468caf86c5e97dd73a57d1086a045178475a.exe
    "C:\Users\Admin\AppData\Local\Temp\35683740082d9d1598ff9bb34553468caf86c5e97dd73a57d1086a045178475a.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2284
    • C:\Users\Admin\AppData\Local\Temp\774104419\backup.exe
      C:\Users\Admin\AppData\Local\Temp\774104419\backup.exe C:\Users\Admin\AppData\Local\Temp\774104419\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:4556
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Modifies visibility of file extensions in Explorer
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2908
        • C:\odt\backup.exe
          C:\odt\backup.exe C:\odt\
          4⤵
          • Executes dropped EXE
          PID:2972
    • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1640
    • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
      C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:508
    • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4072

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\774104419\backup.exe
    Filesize

    72KB

    MD5

    8c8dacea438e266e625650d897deeedb

    SHA1

    dfc282d008484056c47df6d7974e71ee0d552dbb

    SHA256

    e374fc8fa1017f91b38d931749072bf517cf32f10072ed64193e7dd9c9e76f16

    SHA512

    1880af7f44600d9d4bb25bbff56267c8be61cbb15ef6e54bf56d9668a34bee35621cea17128779aef9ea32bf97a0b0b2e3041e97b386fbd5781a251f5ccacb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\774104419\backup.exe
    Filesize

    72KB

    MD5

    8c8dacea438e266e625650d897deeedb

    SHA1

    dfc282d008484056c47df6d7974e71ee0d552dbb

    SHA256

    e374fc8fa1017f91b38d931749072bf517cf32f10072ed64193e7dd9c9e76f16

    SHA512

    1880af7f44600d9d4bb25bbff56267c8be61cbb15ef6e54bf56d9668a34bee35621cea17128779aef9ea32bf97a0b0b2e3041e97b386fbd5781a251f5ccacb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    db96b04a1be595dbaa34703f42eab370

    SHA1

    10c585b8a162224ec79fb2a3bd94de7af6b0aca6

    SHA256

    faf6a5ffbebb0bb0ce6fbd765f5e85230cac11a449d3cd1d89c0a4c40e956ff3

    SHA512

    5ae86bb17f1c67c23871e66f873c69f9775f48773992874efc087b8d406b02d10cf2f860146448301a6ac15920f630ed91a5cd4d0b5fff7e2c748607893ba78c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    db96b04a1be595dbaa34703f42eab370

    SHA1

    10c585b8a162224ec79fb2a3bd94de7af6b0aca6

    SHA256

    faf6a5ffbebb0bb0ce6fbd765f5e85230cac11a449d3cd1d89c0a4c40e956ff3

    SHA512

    5ae86bb17f1c67c23871e66f873c69f9775f48773992874efc087b8d406b02d10cf2f860146448301a6ac15920f630ed91a5cd4d0b5fff7e2c748607893ba78c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    8c8dacea438e266e625650d897deeedb

    SHA1

    dfc282d008484056c47df6d7974e71ee0d552dbb

    SHA256

    e374fc8fa1017f91b38d931749072bf517cf32f10072ed64193e7dd9c9e76f16

    SHA512

    1880af7f44600d9d4bb25bbff56267c8be61cbb15ef6e54bf56d9668a34bee35621cea17128779aef9ea32bf97a0b0b2e3041e97b386fbd5781a251f5ccacb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    8c8dacea438e266e625650d897deeedb

    SHA1

    dfc282d008484056c47df6d7974e71ee0d552dbb

    SHA256

    e374fc8fa1017f91b38d931749072bf517cf32f10072ed64193e7dd9c9e76f16

    SHA512

    1880af7f44600d9d4bb25bbff56267c8be61cbb15ef6e54bf56d9668a34bee35621cea17128779aef9ea32bf97a0b0b2e3041e97b386fbd5781a251f5ccacb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    d26698983ab00edf23b035f44cb5b73f

    SHA1

    b2c345f584bab5a48daf33495e61ce3a91891297

    SHA256

    f4fe73d75700ce6ebfd41367f025d183077794ea30155a5d848251c12eea020e

    SHA512

    225f10c4cc11e12b1e6a4cf10449fd3f8950c2ba3b140cc45f29e7b58dc58beac8c1b3b8aea99426ba09c43530e5310dc952b01c279402ffc244e8ee1da8757b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    d26698983ab00edf23b035f44cb5b73f

    SHA1

    b2c345f584bab5a48daf33495e61ce3a91891297

    SHA256

    f4fe73d75700ce6ebfd41367f025d183077794ea30155a5d848251c12eea020e

    SHA512

    225f10c4cc11e12b1e6a4cf10449fd3f8950c2ba3b140cc45f29e7b58dc58beac8c1b3b8aea99426ba09c43530e5310dc952b01c279402ffc244e8ee1da8757b

    Download Submit

  • C:\backup.exe
    Filesize

    72KB

    MD5

    19eb3a888ba99bfbf93e258917d07cd3

    SHA1

    12dfe16d0756b2708daaed92ebfe291fde46b274

    SHA256

    95afd32ebdbc3ee45d8587ecb661be314f294a96a520816f95c7fcb3a0f9ce83

    SHA512

    4309f80c3dc626667f68021680d4a8de20605f45c8aa75bcec7fbd9808958365df368a37ad9b3be3602339e0f4923ece6085580fbe0ff21eeb500169d0a495c3

    Download Submit

  • C:\backup.exe
    Filesize

    72KB

    MD5

    19eb3a888ba99bfbf93e258917d07cd3

    SHA1

    12dfe16d0756b2708daaed92ebfe291fde46b274

    SHA256

    95afd32ebdbc3ee45d8587ecb661be314f294a96a520816f95c7fcb3a0f9ce83

    SHA512

    4309f80c3dc626667f68021680d4a8de20605f45c8aa75bcec7fbd9808958365df368a37ad9b3be3602339e0f4923ece6085580fbe0ff21eeb500169d0a495c3

    Download Submit

  • C:\odt\backup.exe
    Filesize

    72KB

    MD5

    06c8175714f101122dfb35a6d8da7195

    SHA1

    c3f4903ead85997c758049dd4cfabc225ff775a4

    SHA256

    78e47f461a7ae86822f4f4179bba077096a8d6b3ba84b35efefbe503442b0672

    SHA512

    51b3df7cc28b4fe8e8dc3ec81e8bcb073b27545c88cec94d09a321695bc8f95537483ff193b184ea052b3fc60f0b785aa71acd7aac23cd49124495b624974d77

    Download Submit

  • C:\odt\backup.exe
    Filesize

    72KB

    MD5

    06c8175714f101122dfb35a6d8da7195

    SHA1

    c3f4903ead85997c758049dd4cfabc225ff775a4

    SHA256

    78e47f461a7ae86822f4f4179bba077096a8d6b3ba84b35efefbe503442b0672

    SHA512

    51b3df7cc28b4fe8e8dc3ec81e8bcb073b27545c88cec94d09a321695bc8f95537483ff193b184ea052b3fc60f0b785aa71acd7aac23cd49124495b624974d77

    Download Submit