Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
04/07/2023, 15:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe
Resource
win7-20230621-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe
-
Size
111KB
-
MD5
b4634653b44ec169337d2cc79f34f99e
-
SHA1
7ff60ff2dfff5f8d4440d68d3a15fdfec023f948
-
SHA256
698e88b494bf8522fc9ae4af0cd0f031b29c47cabde96a5ca5fe0157229bcdef
-
SHA512
51c9452a55b01e86bbcf4ba3e52a4908d3bb6481cebd638b29283c82e4c1dbef31cc56a6fb111891825a38bb7868684d92e79643dcc288a61abfc00c7633bce3
-
SSDEEP
1536:kaiqH1s+kCtrA2UMT0mTFibDKa1XTWmh2AgOv3BWf4tVjeXY52UOglXM:t1B31bdBob2QX6mh2t4BTVjeoUUOgl8
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe sIRC4.exe" easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\sIRC4.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\msinfo32.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\MSOXMLED.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\idlj.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\java.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\7zFM.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\Uninstall.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\InputPersonalization.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\chrmstp.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\javadoc.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\iexplore.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\extcheck.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jarsigner.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\java-rmi.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaw.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\sIRC4.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\Uninstall.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\master_prefere.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaws.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java-rmi.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXE620.tmp easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\TabTip.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\elevation_service.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\jabswitch.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javac.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javap.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\appletviewer.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXE583.tmp easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\javaws.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\7zG.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\setup.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\master_prefere.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\xdccPrograms\mip.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\chrmstp.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\javap.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\TabTip.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\idlj.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\javac.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\elevation_service.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\jarsigner.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\extcheck.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\javafxpackager.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\apt.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXE4E5.tmp easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jar.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\chrome.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\ieinstal.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXE4A5.tmp easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\appletviewer.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jabswitch.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe File created C:\Windows\SysWOW64\DC++ Share\jar.exe easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe"C:\Users\Admin\AppData\Local\Temp\easy_Malicious_070ce55d0627a56ea50232535643302537fcb64e023028733b75d1e1a689a81c.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
PID:1572
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD5b126345317624479f78fbf30b3a1fe5a
SHA1655c966bf7bbf96ee49c83062d30b9dba17d693c
SHA2568723d2d97d52f6d3b63968594c93bf2c5b5300b306c9670be4616cb134964301
SHA512d0be6d608b5f4e482287d16e6587e00be1b4390f78efc3ce63008f99be7358e65f0eef9eba330d845462b64fa7a86cc3f1395b863ad0f8d01c0b790fc2f4c02d
-
Filesize
111KB
MD5260d5b6f707d4791d25a40700225c4a2
SHA106afe325a16b77b15cc6dd98f82e1b90c75c5412
SHA256e409ccf1b730aa27f851adcfc14e3f237bd1692bb1f7d5457a30fe4d28788a6f
SHA5129a9d084cc5f0ac493d5c7641adf1739fd41a998818e32748194222ba186d34faec861184fb0f9e5e54ef8410c304d6ac85631c70040a7c48b0dcec6608073f55