Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
16/03/2023, 03:42
General
-
Target
图片20233155168jpg.cmd.exe
-
Size
602KB
-
MD5
50e0dc8b208f29699d895388d2441cc0
-
SHA1
be4376a162f4f1a00da2124645e55301e641c440
-
SHA256
59c99ff6fe40a2d811eeebd5c63f5ddf96107a890cd6c4b41821adbcf97f9204
-
SHA512
8c29774e16686417fe6a552dfecb9ce2ee8d138c916f7f13b78dd974a10847b68f6fbb2452ab6a579e621ef66a47dda16b4ff8cc6d6a96bfcb1eff27bef4e1aa
-
SSDEEP
12288:DGHCnaomAEg3uPdkgOX+tZdxJsq1al2NyCGtN/NazPT46om5vGq:DGHCm8uPdJFdzakYBNazxoq
Malware Config
Signatures
-
Detects PlugX payload 23 IoCs
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Blocklisted process makes network request 2 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\图片20233155168jpg.cmd.exe"C:\Users\Admin\AppData\Local\Temp\图片20233155168jpg.cmd.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\ProgramData\googleupdate\TraceIndexer.exe"C:\ProgramData\googleupdate\TraceIndexer.exe" 100 7561⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\ProgramData\googleupdate\TraceIndexer.exe"C:\ProgramData\googleupdate\TraceIndexer.exe" 200 01⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exeC:\Windows\system32\msiexec.exe 201 02⤵
- Blocklisted process makes network request
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exeC:\Windows\system32\msiexec.exe 209 14483⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
113KB
MD596237e8adaff3cb27fc02b5cc2a817b7
SHA16c5a43e26a30b401e5657c56eb8a0fbfe9916859
SHA256ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f
SHA512b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c
-
Filesize
113KB
MD596237e8adaff3cb27fc02b5cc2a817b7
SHA16c5a43e26a30b401e5657c56eb8a0fbfe9916859
SHA256ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f
SHA512b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
113KB
MD596237e8adaff3cb27fc02b5cc2a817b7
SHA16c5a43e26a30b401e5657c56eb8a0fbfe9916859
SHA256ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f
SHA512b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
33KB
MD5ae8091b6a252a2c34033eaac7e1001d6
SHA1f2de8d84d51a1cbb9f0100f94361c13a341f7163
SHA256ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542
SHA512616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
457KB
MD507321f91bad9653b4fa737e5c993de90
SHA19b0e7f445739825816e970205fe92adf7d3e1fc8
SHA256c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3
SHA512c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
4KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
1024KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
4KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
8KB
-
Filesize
108KB
-
Filesize
4KB
-
Filesize
180KB
-
Filesize
180KB