Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
19/03/2023, 13:49
General
-
Target
Clip1.exe
-
Size
3.4MB
-
MD5
7c3ba41716690f6d5bca3520700e894c
-
SHA1
d8112039a130dd3d406c8b2386cce5ef8a745ce0
-
SHA256
4e45051d214af572935596233db47eee57ceb6600841815dc51171dee15840f5
-
SHA512
a3f6251d657d7abd982d68252c5085fe0393384c3edb37c19a750afbe95adeb926d5586f54be4f3ea1b314b533bd0676de35f7bd22460f1c0cefc464c8cbf23b
-
SSDEEP
49152:rr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVlo9:gKvfd94XayMT5sH9M0aS8o9uWyUhHyk
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Modifies file permissions 1 TTPs 3 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 44 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Clip1.exe"C:\Users\Admin\AppData\Local\Temp\Clip1.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "admin:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /CREATE /TN "TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1" /TR "C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe" /SC MINUTE3⤵
- Creates scheduled task(s)
-
-
C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe"C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {6EBBD3DF-3593-4F23-A809-4CB9AE79AA71} S-1-5-21-3499517378-2376672570-1134980332-1000:MLXLFKOI\Admin:Interactive:[1]1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exeC:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280.5MB
MD55d5f4b2e4d5ec9fa04d5670f5aff074b
SHA14b4895abd5a776116145c6a38ce1e823f0fbf649
SHA256437a20b7e4e281657df618eafcfffe50dc31360d1f2ddbb6c3557d61e043c5c8
SHA51228619b9ea75920b11c7f8c16b81b53b1dd1f685373db6dfdb5e81702f2236ea362ad64e6d8eda726f7e41927f0868a64bd934f5a9072f3fdceae225a4a2556eb
-
Filesize
313.9MB
MD597d1cff6606df19eea9901368c140cda
SHA1280fb3c414e74f75657c3b7c37a2129f3ecbde5d
SHA256153578e8c7326e6ed087d223f58bac608db18efccdaa3df9934f11169a4fe57c
SHA51290f4e4732a5307acfbcd8e64da3ff52348b52b24595bbe514a75784660a83e01f1e4666605a5814a24db9f1e6053d28b77135bd7531888270c71ec5275f296b9
-
Filesize
299.5MB
MD5079e738a1d5dd6437e330b47330f3358
SHA1d361cba3052e19828cbc810e44a36aed99274326
SHA25601b9241f6f3bed1d5b161a65e42ada3e9fe65307c98a94ffbf939a503d99b9ea
SHA5122bbe05dc8d7ba0e472b459bf369bdbd5a163f438d2566e51828cd6e0e820f21a4629777f2f43df53594d9656ecb48e0deb4c214c40481a0d443727efd1473af6
-
Filesize
105.5MB
MD530731721226a7a9c676aa13abbfaae78
SHA13d09082f2ff35763dd76e3ff14d456a7c7c240b6
SHA2569183eab7b7559ee00891526db12ee90dea06725caf84af386e711bc13e273bdf
SHA512ae917a98bf801b3e975619ac3879cb33f86d7f7ef95bf39e75f58c1db878fea8e191150f60f093c73d988985cb1eac731c602598f47ab11eefc2a88a28cd36ea
-
Filesize
285.9MB
MD5dd8c80346ec5e68798fe051f47389ac3
SHA1c8641f8f91f550b4ef1394232038e3fcd263e950
SHA256b3f35d7bf9469a9ac7824ca87973222d6f8a86ce94ab417078eab0b20c5c8471
SHA51223a983420b186c630dd6086f3642348b0c596f8942f2890e301dd4cf9de93c8459c1368a01303e22c8d7d3cf0ed4ea69bef7be9c87f32388dd0446728f84c0dc
-
Filesize
296.2MB
MD5dd61484655a0001e5a29370e696f3d00
SHA1b960c8e78285c2ab8423f656fbd77792d47cf88f
SHA256088ccc66f6617046b3d4cb15b123c3a6b5a418b73e6d22355283c4397ffccb1e
SHA512a855c75dae4a3d87ca6cacc87a82e082bac733257a792ca3ad502b26942595fb6c6eafb018c54a59dced8570d460f6600fdfb68521d1b8e4b0162e908cf16e88
-
Filesize
109.7MB
MD51ae5237732ea2810941a4f87ee4cca6a
SHA1f5f5eadcce18269a6934ba1357ac594fd359c4d1
SHA25695cb9fa083e019e8a98630266a7f7f1868c605ad3a1cbd58c1f6fe3ba8ccd375
SHA512e682530a5b17f7b78006db08b1982e9247028f2fe52ba638ac1a699334d5cd562b255ffb36e09e9a6bd58e0340521788937058b3bce81ddc1749e164a8b21e5c
-
Filesize
93.9MB
MD50e9c394795cce6bace5aa639de8ccbc2
SHA1c701947ae4e35bcce7790e54608a407013837629
SHA256ba9c22f1dcf8ff1efc78cbdd38819072c9a64291b8a002dc6b578ef26dc3a57b
SHA5122cd2c0579efcc154985fcd3fbb88c3c3191dfc264f1e6098ba3332cd1e06639352ce4a5fa6fbcbf19efbaf461bf503127cb902ecdbc4f10eb0aa76954904eb39
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
4KB
-
Filesize
3.4MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
3.4MB
-
Filesize
256KB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB