Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
31/05/2023, 15:39
230531-s3qrvagc31 931/05/2023, 11:18
230531-neex8aee66 927/11/2022, 11:41
221127-ntgeladh62 9Analysis
-
max time kernel
1798s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
31/05/2023, 11:18
General
-
Target
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d.exe
-
Size
2.2MB
-
MD5
55c447191d9566c7442e25c4caf0d2fe
-
SHA1
646762cee3a5caab9accd21efcb100cd49b8ef8a
-
SHA256
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
-
SHA512
9da8d4eb744308253f9befc238f4d1bd3122e06aa578b50ad2d27cb7a11d76fd1a95428df66ef287783139e5d3c8bf10d6fca6833867f8285cd06637843faa7e
-
SSDEEP
49152:ZQwS6fiVzAdAqfR8K+CQmh2l2qf4LSQmCRnXhRaNQRWGNfbzQUo:+N6aVzAyqfnzQf4LptnXasW4fwU
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Identifies Wine through registry keys 2 TTPs 2 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 12 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d.exe"C:\Users\Admin\AppData\Local\Temp\5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /delete /TN Microsoft\Windows\Shell\Init /F2⤵
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /F /sc onstart /tn Microsoft\Windows\Shell\Init /tr "\"C:\Windows\System\5qsEmP\6INmKW6.exe\"" /ru system2⤵
- Creates scheduled task(s)
-
-
C:\Windows\System\5qsEmP\6INmKW6.exe"C:\Windows\System\5qsEmP\6INmKW6.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in Windows directory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\5B7E02~1.EXE >> NUL2⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
106KB
MD5d6ce4b6db8407ca80193ede96d812bb7
SHA10a181d703e3adf1b3b9f043559e1952446a0b0cd
SHA2567127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
SHA51225a1e5f60571486c1fd23dde44ca565a3bac051542831d9a24484a9c160e5ca9322daa376ab3a5bdc397113b61227955d4d951987cc01e9b18556f3513a9ab87
-
Filesize
106KB
MD5d6ce4b6db8407ca80193ede96d812bb7
SHA10a181d703e3adf1b3b9f043559e1952446a0b0cd
SHA2567127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
SHA51225a1e5f60571486c1fd23dde44ca565a3bac051542831d9a24484a9c160e5ca9322daa376ab3a5bdc397113b61227955d4d951987cc01e9b18556f3513a9ab87
-
Filesize
106KB
MD5d6ce4b6db8407ca80193ede96d812bb7
SHA10a181d703e3adf1b3b9f043559e1952446a0b0cd
SHA2567127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
SHA51225a1e5f60571486c1fd23dde44ca565a3bac051542831d9a24484a9c160e5ca9322daa376ab3a5bdc397113b61227955d4d951987cc01e9b18556f3513a9ab87
-
Filesize
36KB
MD5761388ca8095173f6963b1d23ad8a68b
SHA141e2693d0efc36cb0b97ea215d554932c46464ab
SHA256369a2323cb569b44970884d5af3d70e38c9cfb59a54d929fabb51ba46593aa06
SHA5122db4576927b4325dc51ce1755d55b00f7153a10424ca79fb7f32f8c92a5dec899c3961b44a15a129f1e5234b53a89c8946192703b88b10e70e86670e5831ebdf
-
Filesize
14KB
MD5c01eaa0bdcd7c30a42bbb35a9acbf574
SHA10aee3e1b873e41d040f1991819d0027b6cc68f54
SHA25632297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40
SHA512d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7
-
Filesize
29KB
MD5c929148666c94119da5e8db56cec59bb
SHA14d836a36f1492b44b8b36282f52631c9a710d529
SHA256d6b67cba59300e90594c75acea7e72eefc90bc123999cdce0be566cb5a9d77e7
SHA512fda5bc06f5742c7e47ed448a7f982a187138d0679afb6aa690d77d5700ff6adee2d0c5e684d01d715a7afee9a77daa826f1fc4ed035860d2d4e67f6e8e9dda67
-
Filesize
29KB
MD515deb7b9828d097656f60f00e1cbfdb8
SHA101c7252a8279669444a1dd58757d3277a766d262
SHA2564a7d77a4ae8e3d92e2171592136c9c3df6665e5829c9f54d9cd0caa1637a6de0
SHA51292be21c50115d6ecb6f0835ce82d086140b00d1a6a4d84bc8fa607517ec37708499c38217c4c1b26b8f194b27707fa6e623a1302465cbc3f0ecbf6cd40ebcb24
-
Filesize
29KB
MD5d8c276aecd7b1f962f73b681119139ac
SHA16c720ad7fe69de6b8ed5bdb148da55103a9843de
SHA2568c757ca6b3ba146ca85acb4280c6d1d846669cbfd1534d16a9ae965a92f94fba
SHA5129177f575226be53fa76574dc2f038b2ae4645a423053ca82515c7565b15ef79856bac0469e3a27d51b0d56454ab17387a127485bd1cff06579e6f800f9467fd1
-
Filesize
29KB
MD51269b588793ce3057badbe8736d89c4d
SHA1d0f6aa21d9ed901764e923b3f6592f0eb3c76759
SHA256a208ae85cf458884be474230d8eae8e3a1d0b3b1eda40097a4a086cac131e315
SHA512fb6460eede963d9d044a9d0ebbfcf7f6305f5e6d457fcf06876456a6c4601a58b51f568e23d1369844d3ac27c6848fdb94a1afc41169ccd5cfdaf839f64ed09d
-
Filesize
29KB
MD5503132b546c06a82b4dc073358e2527e
SHA12bd15f255f1eab3410cea873ae19c1a1923abac9
SHA256ffc501968530c9241b6273fbe5fea02b07a2b070f6d17d670fc8bcf5d462e3e1
SHA51275dfe4337733f0a3558ab8f83a13a65de6e9bcd1320bc2a6c28510dd52fe21dd32adb57ebadfde5caf75ca1a8964718cdb043b46bde1a602d7d2bf0381d31209
-
Filesize
29KB
MD5e4411d3677c5dc7677cba3ad194b9537
SHA1512da530d9914ae0c8f66809ee72d80b32b5626e
SHA2560957686d3ebc866bffa5c379763dc0b3f2cb241459c58de2900d1aaa0de6ca84
SHA512e2b811253667977def27c340ae757a0a02bdbc3d933d5b540f229f346f88501b6261b305af10fe45a2254612ad30a68c726cfc94431db3e7126c9aad0912057e
-
Filesize
29KB
MD5c109dce09a7edfc7178dd91f6a121da8
SHA1f8eb6beec31b42cd6230b5d13b9c13716f5b00f5
SHA256ca414bd208462d3d2ee382d7e089f00dfe2aad0995f1e65c65dd12645f90423b
SHA512c0342b4d6cc5156c81cbe089b99cf5b3288983ec67589e008753234d365b6e6645eb413e9b824443941bf296df5576f51de728705bbd9e6631b8f2d81ebab71f
-
Filesize
29KB
MD534fcb4d53ace3df2667167df98e380f7
SHA1c3d7ed98c0dce7933deb0be6396d393d336b37db
SHA25679e579dbab26f20ee96bd74bc5c05a2bcb06508ab31abc05548c06b340bceb7d
SHA512a9a7e11e7ca4c298191d5ee66d0c513bbaece69920dead10bd5547cce26818f0f8ade4b4c4884a9affcdbea6a00a1f095556ff4b19740f5f7f6a3e7386414865
-
Filesize
29KB
MD5656d8bfe71fb197c4e2eefdaececab50
SHA143d56c26e5cc268e7474cd4563a0e7cf65990fff
SHA2566801e6ebd2a5d9b0adb0e2490bd060d95eb9e2d134497bc73af5ed0b44f2cebe
SHA51230d740a3b07e2dc9e34627f83487cb247fbc22dcced0a7af72fe26704013a147939db205279b34d1f7aa0f4374de7abede527daf9c6dd8eb779d52a4fa76d8fe
-
Filesize
29KB
MD5ff84b11856096080aefefd268a3fb14e
SHA1f4005b5a135340ea6651f4849d7df31661d62e50
SHA2563894254fc885038cbfd6020a2696add1dda438f73513aae41d44b8af5d74effa
SHA512e590e63cebae5530c24581183c10165b64c4b8015a0f2b889d0a94f398e971a6d4c865e6a9f4b0f0c86a8e122fc45e0e418d07ccc18232ec58365bc140875553
-
Filesize
29KB
MD5ff23c930c4daa72025630a45595008f7
SHA191d84cc40ebbcfcf58980831c70094d84489fe68
SHA2564df445b10f496677e15f855598250f3b979fe18f11804a207c990b5774ba7b9d
SHA5122e454da46e4e3802a3d1a41d1cce9107b11cd28483444b8f8961e27ede1db487916bc2aeb3b207bb43ac1240393c11c6aff850ee66ab6d77396d95abfd130194
-
Filesize
66KB
MD5a7b940f02afc249407be77af0b23ed7e
SHA1b69e0e0618d31fd25721ae57c72c4d7ffa3f7b63
SHA256832205f3c2fcf1ff5abefc1bb00b6f72f03b931a424ecf3ba3d3a79b745ea841
SHA512cdb36847ee5eba789c8723c8034ece8fbe11486ac0905364055cb416972974c29ef64758176c4b431e46e81b50edf61c324954ab9ba8b0b51cc6e858d14f843a
-
Filesize
66KB
MD525fa72b9309504337a2baa141b954704
SHA1866f68ed99ad96b88be4f8ac2ae5fa1d8dfda80e
SHA25689c80a7950e79782c64f24a13b67a3293e166f85015dfc28dfcd7025ffd9aedb
SHA5125a2bc3ae89334bb3bc2dce5d1b1c8ffe1a299dff1f3da8cca0379480c4126253b9f6d3b7f171ac8b2ba559ef0080224e57b9cf9349a0da548bc2ffffe7dbc48f
-
Filesize
66KB
MD5e2dcb6d87862fd078f98998406b8baf2
SHA1639138d5ad75a0e72f506e42bc72c89979964649
SHA2560dc05f69c46f0ea883d4295678a343ba04b592b9d11062680e780912af78436d
SHA5123d1ce7cb184816cea79cdb6defda01d849c02f1f6fc73c25644cba349771cc1961f55a27015d1dd1857c68317f913499e8ecdb5c7d1ac768426a03d4b7fe545e
-
Filesize
66KB
MD5ce68fc82f5c36651aa8a89ffd22874be
SHA1604c23f7fb6e611b2045707d300d004379fcdbcf
SHA2565aa3d3c1339a7712a09a2372a9cad34fc6832b026e35b371e5abddf7e4c37289
SHA512c81654ef2ad768e0e5c2b4437ae471db58fc7cd2cb2010fcc246287c271561d51f336ad634f25f1a6006c72bef31d326719e92d834f97683b0331591591f1233
-
Filesize
66KB
MD53b632ba832fc326d779d952e5acc3ce8
SHA1d632ad41058769f5b4fe543915172210d9cd05e1
SHA2560b495d52144817f37906661f31da722eb063173eca47d88b9b3bac4c9f581535
SHA51248b39e34344d64d18e7a7a0e477ae69df658af9400321c212edf6793eb45e545c11b4f1038a7b12f52e5636052b95d219529fb52ed4e1397c14057a83ca94fd9
-
Filesize
66KB
MD51eefe6ea6c5c0f2324ed6df58f02d5b1
SHA184c8860256268d0b92fe81d5ab43856b5436ec0e
SHA25687c22090636dd6d0cd56d342da891eaedbc8120a430851e6228b4ea0bff76c73
SHA51290df0b12de89141984db9b2ead437c1cab267c7d2086174c3aaf3dd985c2f06f5d2b363c4bcd88d6898b378e1dd391e2bb18d40d9544f0ce51a8886e4740d1d8
-
Filesize
66KB
MD5023a68e3584081033c056c7004257df2
SHA1142c3d525b1e2c754305b519fdc2fdc2420f79c0
SHA256510e561681731e0294512650de8c3d1a7a4f3bf71c035a0a21032259403ef5cf
SHA5126d10767be15145b625dd66ff6d6ede6b4363d7408c9c4967e66d92443f24deed5a2c4f235c4a2dbc13017786f91a0e2e2993569d7dc69437f3636f61f3cd56ea
-
Filesize
66KB
MD5526c52062c2c72820896736746a0bb72
SHA11b09ea9f77bc252cb455636ef0ae48a575d08538
SHA256474209874c78f0822c8a5bee12396462a72bc92304e38c606b5515354005d1cf
SHA512713c511385a23dbf54d96aadce7da61e14ca2c2c34eaea4d3fc7220195e925dde2773996c12a2a8b11e5afdf70b9dbfdc542ebceb76c8b96c033c566d6e3a01f
-
Filesize
66KB
MD530b289efd25bdcebc3a911193a393f4a
SHA136a6739fbeaa1993adc086b36a1746f320500c2b
SHA256cf89e53d1790def9e900723569e5f5a5abc8c970e5dcbd9df39ae9d2673dfbdd
SHA5123eb5044157251963e59a43c10962dd81c054c8d762edf6c036cdacb24ef3627f4cd7d118147cf8fe7ccf3a879940c7848655dd8cf1d5bd296976a7c84a842713
-
Filesize
66KB
MD56771f31213fb95ad6e3383903fd49bc5
SHA1cef7c626dc552cacd5738076d742d46f92afcc91
SHA2562583488bdaa9b8db7371c4a6268f1c00666e4151a00624de15352ab37ac77b44
SHA5123f630233c4d5d041a093fe4bf5b460e3bdbbf3853a962da27bef42c096407c3d94f74a83cae1b0120394f716c26c07ab6f7c4ea1e9b96fe502ab8b6e74920f5b
-
Filesize
2.2MB
MD555c447191d9566c7442e25c4caf0d2fe
SHA1646762cee3a5caab9accd21efcb100cd49b8ef8a
SHA2565b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
SHA5129da8d4eb744308253f9befc238f4d1bd3122e06aa578b50ad2d27cb7a11d76fd1a95428df66ef287783139e5d3c8bf10d6fca6833867f8285cd06637843faa7e
-
Filesize
2.2MB
MD555c447191d9566c7442e25c4caf0d2fe
SHA1646762cee3a5caab9accd21efcb100cd49b8ef8a
SHA2565b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
SHA5129da8d4eb744308253f9befc238f4d1bd3122e06aa578b50ad2d27cb7a11d76fd1a95428df66ef287783139e5d3c8bf10d6fca6833867f8285cd06637843faa7e
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB