Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 21:16
Static task
static1
Behavioral task
behavioral1
Sample
7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe
-
Size
80KB
-
MD5
670f69a6374b461d123ed616314d480b
-
SHA1
5d648ef1c6a5620e67b65205b250079fdd2881df
-
SHA256
7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c
-
SHA512
f8660b913725070f3523dc4a96b2ed10893f232b1b1568e1f431e554c10bc7ae1b50856fd7c88957bb3fda8f7063d66e88d1e46c4b247d6ee75b2298dd0f6afe
-
SSDEEP
1536:PcsriZiTLNxtH8DbtSWXlov+nUrgW99HiYDZOblI0nQhkpI9r7LtA6dU:BLxtH8D/V/UrgkYMKlnQII9r7LtA6dU
Score
10/10
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List csrsss.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\Common Files\System\csrsss.exe = "C:\\Program Files (x86)\\Common Files\\System\\csrsss.exe:*:Enabled:CSR System Services" csrsss.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\Common Files\System\csrsss.exe = "C:\\Program Files (x86)\\Common Files\\System\\csrsss.exe:*:Enabled:CSR System Services" 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List csrsss.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\Common Files\System\csrsss.exe = "C:\\Program Files (x86)\\Common Files\\System\\csrsss.exe:*:Enabled:CSR System Services" csrsss.exe -
Executes dropped EXE 2 IoCs
pid Process 2096 csrsss.exe 4696 csrsss.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\kazaa lite k++\my shared folder\RuneScape Gold Exploit.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\tesla\files\DeadSpace KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\tesla\files\DivX Pro KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\icq\shared folder\RuneScape Cracker.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\AOL Triton Cracker.exe csrsss.exe File created C:\Program Files (x86)\icq\shared folder\RuneScape 2008 - Newest Exploits.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\AOL Hacker 2009.exe csrsss.exe File created C:\Program Files (x86)\morpheus\my shared folder\Hotmail Hacker.exe csrsss.exe File created C:\Program Files (x86)\icq\shared folder\FTP Cracker.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\grokster\my grokster\AOL Password Cracker.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\bearshare\shared\DivX Pro KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\bearshare\shared\Widnows Vista Crack.exe csrsss.exe File created C:\Program Files (x86)\kazaa\my shared folder\Adobe Photoshop Crack.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\winmx\shared\Nod32 Keygen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\kazaa\my shared folder\Widnows Vista Crack.exe csrsss.exe File created C:\Program Files (x86)\morpheus\my shared folder\Left4Dead-STEAM-Online-Crack-WORKS-DECEMBER08.exe csrsss.exe File created C:\Program Files (x86)\kazaa lite k++\my shared folder\MSN Hacker 2009.exe csrsss.exe File created C:\Program Files (x86)\kazaa\my shared folder\Virus Generator.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\grokster\my grokster\Hotmail Cracker.exe csrsss.exe File created C:\Program Files (x86)\emule\incoming\Kaspersky 2009 Full Suite Crack.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Photoshop Crack.exe csrsss.exe File created C:\Program Files (x86)\kazaa lite k++\my shared folder\YIM HAcker 2008.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\icq\shared folder\Limewire Speed Patch csrsss.exe File created C:\Program Files (x86)\winmx\shared\Counter-Strike KeyGen.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\Project 7 Private 4.8.exe csrsss.exe File created C:\Program Files (x86)\edonkey2000\incoming\Adobe Photoshop CS3 Keygen.exe csrsss.exe File created C:\Program Files (x86)\emule\incoming\Microsoft Visual C++ 6 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\tesla\files\Kaspersky Crck.exe csrsss.exe File created C:\Program Files (x86)\kazaa lite\my shared folder\Windows 2008 Server KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\kazaa lite k++\my shared folder\DivX Pro KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\edonkey2000\incoming\Norton Anti-Virus 2008 Enterprise Crack.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\icq\shared folder\Kaspersky 2009 Full Suite Crack.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\AOL Password Cracker.exe csrsss.exe File created C:\Program Files (x86)\edonkey2000\incoming\Left4Dead-STEAM-Online-Crack-WORKS-DECEMBER08.exe csrsss.exe File created C:\Program Files (x86)\tesla\files\Nod32 Crack.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\kazaa lite k++\my shared folder\AOL Triton Cracker.exe csrsss.exe File created C:\Program Files (x86)\grokster\my grokster\AOL Triton Cracker.exe csrsss.exe File created C:\Program Files (x86)\kazaa\my shared folder\Half-Life 2 WORKS-ON-STEAM.exe csrsss.exe File created C:\Program Files (x86)\icq\shared folder\AOL Hacker 2008.exe csrsss.exe File created C:\Program Files (x86)\winmx\shared\YIM HAcker 2009.exe csrsss.exe File created C:\Program Files (x86)\kazaa lite\my shared folder\ICQ Account Cracker.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\icq\shared folder\RuneScape Gold Exploit.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\Kaspersky Crck.exe csrsss.exe File created C:\Program Files (x86)\winmx\shared\Norton Anti-Virus 2008 Enterprise Crack.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Adobe Photoshop CS4 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\morpheus\my shared folder\Steam Account Stealer.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\emule\incoming\Counter-Strike KeyGen.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Adobe Photoshop Crack.exe csrsss.exe File created C:\Program Files (x86)\edonkey2000\incoming\Windows XP Crack.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\bearshare\shared\Password Cracker.exe csrsss.exe File created C:\Program Files (x86)\edonkey2000\incoming\RuneScape 2008 - Newest Exploits.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Windows XP Keygen csrsss.exe File created C:\Program Files (x86)\winmx\shared\YIM HAcker 2008.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Counter-Strike Source KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\grokster\my grokster\Microsoft Visual C++ 2008 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\tesla\files\Windows XP Crack.exe csrsss.exe File created C:\Program Files (x86)\grokster\my grokster\Tcpip Patch.exe csrsss.exe File created C:\Program Files (x86)\bearshare\shared\DeadSpace KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\morpheus\my shared folder\Adobe Photoshop CS4 KeyGen.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe File created C:\Program Files (x86)\kazaa lite\my shared folder\Microsoft Visual C++ 6 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\icq\shared folder\Adobe Photoshop CS4 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\grokster\my grokster\Microsoft Visual Studio 6 KeyGen.exe csrsss.exe File created C:\Program Files (x86)\kazaa lite k++\my shared folder\RuneScape Gold Exploit.exe csrsss.exe File created C:\Program Files (x86)\limewire\shared\Nod32 Crack.exe 7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe"C:\Users\Admin\AppData\Local\Temp\7923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c.exe"1⤵
- Modifies firewall policy service
- Drops file in Program Files directory
PID:3752
-
C:\Program Files (x86)\Common Files\System\csrsss.exe"C:\Program Files (x86)\Common Files\System\csrsss.exe"1⤵
- Modifies firewall policy service
- Executes dropped EXE
- Drops file in Program Files directory
PID:2096
-
C:\Program Files (x86)\Common Files\System\csrsss.exe"C:\Program Files (x86)\Common Files\System\csrsss.exe"1⤵
- Modifies firewall policy service
- Executes dropped EXE
- Drops file in Program Files directory
PID:4696
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5670f69a6374b461d123ed616314d480b
SHA15d648ef1c6a5620e67b65205b250079fdd2881df
SHA2567923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c
SHA512f8660b913725070f3523dc4a96b2ed10893f232b1b1568e1f431e554c10bc7ae1b50856fd7c88957bb3fda8f7063d66e88d1e46c4b247d6ee75b2298dd0f6afe
-
Filesize
80KB
MD5670f69a6374b461d123ed616314d480b
SHA15d648ef1c6a5620e67b65205b250079fdd2881df
SHA2567923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c
SHA512f8660b913725070f3523dc4a96b2ed10893f232b1b1568e1f431e554c10bc7ae1b50856fd7c88957bb3fda8f7063d66e88d1e46c4b247d6ee75b2298dd0f6afe
-
Filesize
80KB
MD5670f69a6374b461d123ed616314d480b
SHA15d648ef1c6a5620e67b65205b250079fdd2881df
SHA2567923cb36fae8a824dfe9e415ebf00325265dc2c047ff74ae036311965be5249c
SHA512f8660b913725070f3523dc4a96b2ed10893f232b1b1568e1f431e554c10bc7ae1b50856fd7c88957bb3fda8f7063d66e88d1e46c4b247d6ee75b2298dd0f6afe