Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2022, 05:15
Static task
static1
Behavioral task
behavioral1
Sample
3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
-
Size
1.7MB
-
MD5
046b4fd749fc319e3cb2fd82ed51c3d3
-
SHA1
f158a9713af368eb9fe62b147cf41b7ec0e7cc5a
-
SHA256
3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43
-
SHA512
677adb1fca386fcd3407d155946051827c1122cc1cec2d5674915bf5f88fbb12a206b476d1461fe8b1113780d1526a4c9af127613918de71ae863d1c9fe390ac
-
SSDEEP
24576:PaF1H6CedUX5UQFcaoWBM1OnxloV2XnJ0844Jkj:inH6CedUZcDW8O7I2XnK4J0
Score
6/10
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\eyegaze 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\eyegaze\ = "URL:eyegaze" 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\eyegaze\URL Protocol 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4288 3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe"C:\Users\Admin\AppData\Local\Temp\3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43.exe"1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4288