Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/02/2023, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe
-
Size
440KB
-
MD5
d8ee85db8cd8e6a43580a4ca00941586
-
SHA1
e183a6eea8fed323858f6439d89b191a27fe7e43
-
SHA256
c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e
-
SHA512
0fb5b9f467f406fe592c490349290a1016ec2a518e1332e076a85a86e673f2c588869a83cbbca73f34b493ed890f04272e1651a944bd01f0457884911ff8c37c
-
SSDEEP
6144:5AF4mcxORJ6dyOZVdZLpY+3/J0yfghEVXorMGPT8laonvhX0lXOO+5t/AUHT:5DiJdIZFPy+
Score
1/10
Malware Config
Signatures
-
Modifies registry class 44 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE} c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\TypeLib c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\ = "innercuteword.innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\Clsid c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\FLAGS\ = "0" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ = "innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib\ = "{12C040DF-8DCA-4558-A21E-29F79163B3D7}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib\Version = "1.0" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7} c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\Programmable c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\TypeLib\ = "{12C040DF-8DCA-4558-A21E-29F79163B3D7}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib\ = "{12C040DF-8DCA-4558-A21E-29F79163B3D7}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE} c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid32 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\VERSION\ = "1.0" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\Implemented Categories c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\0 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\ = "CuteWordFuncs" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\FLAGS c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\0\win32 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\HELPDIR c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid32 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib\Version = "1.0" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\ = "innercuteword.innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\innercuteword.innerfunctions\Clsid\ = "{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\TypeLib c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\ProgID c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\LocalServer32 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\VERSION c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ = "_innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA} c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\ProgID\ = "innercuteword.innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{12C040DF-8DCA-4558-A21E-29F79163B3D7}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F30785D1-95FD-4899-BA38-BE9AB3EC8CCA}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A4EC5A3-BF02-46D9-8E27-6E86423C49DE}\ = "_innerfunctions" c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1172 c7728ac2abd83b517d1ac8ea1ab081ce68676f8884f4a14e384208fbc20f6f8e.exe