Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 09:05
Static task
static1
Behavioral task
behavioral1
Sample
cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe
-
Size
863KB
-
MD5
3b381613b645c2d738e6cff552717ca8
-
SHA1
07cd96754a88dc388b1ccf2b623dda3bb88bc913
-
SHA256
cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8
-
SHA512
ecf87223095ed3d2e39dea7bd9a27ac1e1817526a85c6966335d6eb187f4ccc5c64d938c6cb1b0d48f3439b869ade9aeb0209fc83f142043e1bb6496741f21c0
-
SSDEEP
12288:F1bL4I5RveDSHGv2NbQWWGihFi6QMppiJmTFPuYNCut+UmlEVtoinx7Vdv:F1bB1eD3MbQWWGAUMuJ0F3rVTx7rv
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe sIRC4.exe" cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\DC++ Share\jarsigner.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\sIRC4.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\LICLUA.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\extcheck.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\ieinstal.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\iexplore.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\appletviewer.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXFFB2.tmp cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\7z.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\OfficeClickToRun.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\chrmstp.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javac.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jarsigner.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\7zG.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\OfficeC2RClient.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\notification_helper.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\idlj.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\AppVShNotify.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\setup.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\chrome.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jar.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\java.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\javadoc.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\AppVShNotify.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\MavInject32.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_pwa_launcher.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java-rmi.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\7zFM.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\mip.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\ielowutil.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\iexplore.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\jar.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\office2016setup.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\MavInject32.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\TabTip.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\ExtExport.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\javac.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\appvcleaner.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\jabswitch.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jabswitch.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\master_prefere.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\idlj.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\IntegratedOffice.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\msinfo32.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\LICLUA.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\elevation_service.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\TabTip.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\OSE.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\OSE.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javadoc.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\mip.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\msinfo32.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\setup.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File opened for modification C:\Windows\SysWOW64\sIRC4.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\office2016setup.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\xdccPrograms\IntegratedOffice.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe File created C:\Windows\SysWOW64\DC++ Share\InputPersonalization.exe cd3ad434974788c8baad4f275f63dffe533d322e67d1024179088e267aabefe8.exe