Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
-
submitted
06/07/2023, 17:01
General
-
Target
4104a3469da45fexeexeexeex.exe
-
Size
204KB
-
MD5
4104a3469da45fb0020ebbbd6eab7b0a
-
SHA1
4db8f05d3d496ad2c3f9ea3370af69e6a981913b
-
SHA256
f66ffe9563e0208901a5d3da3d990f5f0c96ddc970920329b45effed7847c192
-
SHA512
571ca9118c978cb6953fe2795b3fc8ef052bd50d82273eb63c21b7184785531c369beb3c2e46a4eb724f424cd89a98e6b4e7c163fb3952ba51139965722e003a
-
SSDEEP
1536:1EGh0oxYl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oCl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 26 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 13 IoCs
-
Drops file in Windows directory 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4104a3469da45fexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\4104a3469da45fexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF42E913-2B71-47d9-9A25-C520F5A80A1E}.exeC:\Windows\{EF42E913-2B71-47d9-9A25-C520F5A80A1E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{28DC3993-F932-442d-A202-D933CDD6220C}.exeC:\Windows\{28DC3993-F932-442d-A202-D933CDD6220C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{122E8F4A-B96C-47e5-B509-1FD47EB701B0}.exeC:\Windows\{122E8F4A-B96C-47e5-B509-1FD47EB701B0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6066EC43-25A1-46b6-A082-EABB01DFB620}.exeC:\Windows\{6066EC43-25A1-46b6-A082-EABB01DFB620}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50C68E9C-EC6E-4a4b-B288-F0F30FD54616}.exeC:\Windows\{50C68E9C-EC6E-4a4b-B288-F0F30FD54616}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0980FE8-8EE1-4ab8-9AE1-C3E0EDB4AB89}.exeC:\Windows\{E0980FE8-8EE1-4ab8-9AE1-C3E0EDB4AB89}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59371F5B-52C4-4df8-B37A-0772B1C96BE9}.exeC:\Windows\{59371F5B-52C4-4df8-B37A-0772B1C96BE9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{629C3AA1-85A1-46d7-B31F-F6291DD787D2}.exeC:\Windows\{629C3AA1-85A1-46d7-B31F-F6291DD787D2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5A88C1F2-5A70-478e-96B4-6F7543B26E75}.exeC:\Windows\{5A88C1F2-5A70-478e-96B4-6F7543B26E75}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E068560C-8019-4f0a-8DF7-05D22479CD39}.exeC:\Windows\{E068560C-8019-4f0a-8DF7-05D22479CD39}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DD7FB6FE-C07F-46c0-A8A1-CCDCBF2F263E}.exeC:\Windows\{DD7FB6FE-C07F-46c0-A8A1-CCDCBF2F263E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4D65F2FD-05D5-40db-A864-B90ED6FF00DB}.exeC:\Windows\{4D65F2FD-05D5-40db-A864-B90ED6FF00DB}.exe13⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{57699AA0-0615-4304-A7D2-641274964775}.exeC:\Windows\{57699AA0-0615-4304-A7D2-641274964775}.exe14⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4D65F~1.EXE > nul14⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD7FB~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0685~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5A88C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{629C3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59371~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0980~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50C68~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6066E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{122E8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28DC3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF42E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\4104A3~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD51263d05319e276cb57bb9c58d55cb4e1
SHA1fc7c41c45822e102f03057fda473961dcc205a57
SHA25638a6f6c76cd8e14e1c1ec086dd3c7e5af81f10b356ad56eb0f7689eb37cdd158
SHA512225bd87aaac7eae022800c85733a2b64d6019ecf3c11bdd2da19297e7a59cad0fed611c8419258edde78a7de38a6640c255356e9c13835fb920d34dba357d837
-
Filesize
204KB
MD51263d05319e276cb57bb9c58d55cb4e1
SHA1fc7c41c45822e102f03057fda473961dcc205a57
SHA25638a6f6c76cd8e14e1c1ec086dd3c7e5af81f10b356ad56eb0f7689eb37cdd158
SHA512225bd87aaac7eae022800c85733a2b64d6019ecf3c11bdd2da19297e7a59cad0fed611c8419258edde78a7de38a6640c255356e9c13835fb920d34dba357d837
-
Filesize
204KB
MD512bdc3bd68309321076c5ed6196bc875
SHA102a7a8e9f15419c609517b8cab6faf35b2b4503a
SHA256fc7f956118b15701c87380038f311c57feae3485b9cbc833e312cb6290ae277a
SHA5128b38931a86a7ec527b2d255c230c55069176b298bc8ac7e4f9915418c9ad9a3c806ed437157f08b2e873ad507361c4306b5fecec8ebb34d9dc0e7ecce48f1948
-
Filesize
204KB
MD512bdc3bd68309321076c5ed6196bc875
SHA102a7a8e9f15419c609517b8cab6faf35b2b4503a
SHA256fc7f956118b15701c87380038f311c57feae3485b9cbc833e312cb6290ae277a
SHA5128b38931a86a7ec527b2d255c230c55069176b298bc8ac7e4f9915418c9ad9a3c806ed437157f08b2e873ad507361c4306b5fecec8ebb34d9dc0e7ecce48f1948
-
Filesize
204KB
MD5de3cedaede1a6fb165bb6fc69e6cd5f0
SHA10cfb4bc41bcef7c27815d12615f1dbf1b910c65f
SHA25638ea94973a596fc3715dc18e2e312ceb1ab8ecee52a32d9b24a1a5f5e6a665f2
SHA5121716ecf3a08059677515813f34ff5defad1818a661ffb67e16e5c4f3936d65f7d851904900b3236ad5234a67fe3d314cb7355390476bd82a59d2be6ff8fe72b5
-
Filesize
204KB
MD5de3cedaede1a6fb165bb6fc69e6cd5f0
SHA10cfb4bc41bcef7c27815d12615f1dbf1b910c65f
SHA25638ea94973a596fc3715dc18e2e312ceb1ab8ecee52a32d9b24a1a5f5e6a665f2
SHA5121716ecf3a08059677515813f34ff5defad1818a661ffb67e16e5c4f3936d65f7d851904900b3236ad5234a67fe3d314cb7355390476bd82a59d2be6ff8fe72b5
-
Filesize
204KB
MD5f0224b4e57d6fefd2f828169bf293513
SHA1daaf2d33eebc03669ed3de4d66c68ccf9bbfb8bf
SHA2566db5bb0f47940f3e427a8a6b5ec0430270024df68662547320202482f6e41d77
SHA51258e7249db3ab91f3bdf34a3871cb04bcb7543bc7461ca20640112a7605a1ce622057fbc1e627cc643a44f9d103f0c5d152ea937122baca060cbb2ba2560eb1d0
-
Filesize
204KB
MD5f0224b4e57d6fefd2f828169bf293513
SHA1daaf2d33eebc03669ed3de4d66c68ccf9bbfb8bf
SHA2566db5bb0f47940f3e427a8a6b5ec0430270024df68662547320202482f6e41d77
SHA51258e7249db3ab91f3bdf34a3871cb04bcb7543bc7461ca20640112a7605a1ce622057fbc1e627cc643a44f9d103f0c5d152ea937122baca060cbb2ba2560eb1d0
-
Filesize
204KB
MD58daa5700cfde69109b18ed6cbd52177a
SHA1c1f20e368d49cf77bea80efc42fce7f35a2262c0
SHA256c77881af9be86616bbed11a1901b69254e5b081eb34b2b73bebe192da69958e3
SHA512ee65b9bfdead04b1f061fd6922bad4deb9dd45ecef7a7cc3b68c2cba87f5697f185b7bd80280fa3a068ea48db3d447b315e929f9e073f24a4698a117d0f63b8f
-
Filesize
204KB
MD58467111e2d48956a1a4d71a2b56b0824
SHA1d8ee94fafa0041b29d76206b506fa38baed75f77
SHA256922cb809da71ae7f85fdaafb70a329446d2e709458789a8adf2ac7eed613d57c
SHA512f77919df3cfbda272f505cc8c7d4c90d8410fc671d5d7b2399b45b51e305f299161e5a0e54b62c3088373f9d6f98aac08b805bbf8bf176c850a85c1400be5170
-
Filesize
204KB
MD58467111e2d48956a1a4d71a2b56b0824
SHA1d8ee94fafa0041b29d76206b506fa38baed75f77
SHA256922cb809da71ae7f85fdaafb70a329446d2e709458789a8adf2ac7eed613d57c
SHA512f77919df3cfbda272f505cc8c7d4c90d8410fc671d5d7b2399b45b51e305f299161e5a0e54b62c3088373f9d6f98aac08b805bbf8bf176c850a85c1400be5170
-
Filesize
204KB
MD51c524ab1c4ede43ae1f8d6ab91d0f10d
SHA1371b308a39f9552e89747da493ce2d56419fce92
SHA2563abc38600c210170aeddedd7649c45c4e7f6dc0e5bf3f782bffa8834ff241486
SHA51250a1fa4fe95c4d11f3bd7ea0347bac2418602968ff7ebea961c57f97df93166ec831f7e92a67c7723c478dcbf635e1e9f1c07787b83342884bf877496d88b02f
-
Filesize
204KB
MD51c524ab1c4ede43ae1f8d6ab91d0f10d
SHA1371b308a39f9552e89747da493ce2d56419fce92
SHA2563abc38600c210170aeddedd7649c45c4e7f6dc0e5bf3f782bffa8834ff241486
SHA51250a1fa4fe95c4d11f3bd7ea0347bac2418602968ff7ebea961c57f97df93166ec831f7e92a67c7723c478dcbf635e1e9f1c07787b83342884bf877496d88b02f
-
Filesize
204KB
MD536dda4b419b7f1889b8280df84662a4a
SHA1d9b4d7993e15ff1e69a91f8f0539d3defb7f6e50
SHA256228faf703e00cd120f26e0167d758af8dfae10e5e644b75acded1106ff6c235f
SHA512284945f5a1af15f578dcf00c0730b09433b4669013b2b7cf6e9718c5b382af288c03ac0cea9fa1f39567a2e9832ef83ef522000fc15b1cc08f9c1d76eb452aa3
-
Filesize
204KB
MD536dda4b419b7f1889b8280df84662a4a
SHA1d9b4d7993e15ff1e69a91f8f0539d3defb7f6e50
SHA256228faf703e00cd120f26e0167d758af8dfae10e5e644b75acded1106ff6c235f
SHA512284945f5a1af15f578dcf00c0730b09433b4669013b2b7cf6e9718c5b382af288c03ac0cea9fa1f39567a2e9832ef83ef522000fc15b1cc08f9c1d76eb452aa3
-
Filesize
204KB
MD526360066aaf4e635b61d55376ea46dc1
SHA1b0d50fecba0b47acb10ff7df1c9714838e343f40
SHA256df881d42edbed26bf0b6081e047d03b012695db406e57dfba6ebc7dc98257165
SHA512aa1af755626899a38095138e3e5c3395feb711031dc93bbcbc54f29c2d8aedea0b95a58ebfe409fa9beb4ead486faf8d562a3d5fdde30c6d1f00b94f42129836
-
Filesize
204KB
MD526360066aaf4e635b61d55376ea46dc1
SHA1b0d50fecba0b47acb10ff7df1c9714838e343f40
SHA256df881d42edbed26bf0b6081e047d03b012695db406e57dfba6ebc7dc98257165
SHA512aa1af755626899a38095138e3e5c3395feb711031dc93bbcbc54f29c2d8aedea0b95a58ebfe409fa9beb4ead486faf8d562a3d5fdde30c6d1f00b94f42129836
-
Filesize
204KB
MD5c51599c43dd7cfebcde666fca0b8d5db
SHA189c33ae4f600d9fd1cf573a656b915c107a20743
SHA2565ec3a6ee049a1791d55c4bf2ee19bfdb855e80669e9d44464edf186ba04eee45
SHA512e40f66a23c1afd90b47aa559c5c49958ba3c6311cebbba408c1f5e7f03b70e2a11d82a05e0fefc98c2af31f761eca49f93d7a854a8b76040e0b680ad0059eaa5
-
Filesize
204KB
MD5c51599c43dd7cfebcde666fca0b8d5db
SHA189c33ae4f600d9fd1cf573a656b915c107a20743
SHA2565ec3a6ee049a1791d55c4bf2ee19bfdb855e80669e9d44464edf186ba04eee45
SHA512e40f66a23c1afd90b47aa559c5c49958ba3c6311cebbba408c1f5e7f03b70e2a11d82a05e0fefc98c2af31f761eca49f93d7a854a8b76040e0b680ad0059eaa5
-
Filesize
204KB
MD5d16925d98d3150fe57a06392f75b1ca8
SHA189497819a471e5b6009d323d6233fe4cfd5f17c4
SHA256b30759481c4316b2887bcb5798463753894933d4da8ddc41efb513bfa00e7d34
SHA5120121650fc3963eb5969187957b6d164b61fe41aafd14743fe51205f803d3dc3a56333d01195d9391aa6dd5a0c9fbf2b1acac3c42daa91d07e22ed8b2fd730a17
-
Filesize
204KB
MD5d16925d98d3150fe57a06392f75b1ca8
SHA189497819a471e5b6009d323d6233fe4cfd5f17c4
SHA256b30759481c4316b2887bcb5798463753894933d4da8ddc41efb513bfa00e7d34
SHA5120121650fc3963eb5969187957b6d164b61fe41aafd14743fe51205f803d3dc3a56333d01195d9391aa6dd5a0c9fbf2b1acac3c42daa91d07e22ed8b2fd730a17
-
Filesize
204KB
MD5a89ed64b6e15407cf20180ab7d1e8154
SHA18c4bfd9b7f8ecd099418ade256beef55842a7392
SHA2563472fc78dd4498756dfbbe966c4c608434e353b1826e5b4a3347c7c16208c0bf
SHA512598d01b73ba8e2424c4052b019750e1e75b33e073b5dfa20527ead6c1996356ace93b4939f72a1abcf094b20892b43098671424810eedf513ac9f3b19871fa44
-
Filesize
204KB
MD5a89ed64b6e15407cf20180ab7d1e8154
SHA18c4bfd9b7f8ecd099418ade256beef55842a7392
SHA2563472fc78dd4498756dfbbe966c4c608434e353b1826e5b4a3347c7c16208c0bf
SHA512598d01b73ba8e2424c4052b019750e1e75b33e073b5dfa20527ead6c1996356ace93b4939f72a1abcf094b20892b43098671424810eedf513ac9f3b19871fa44
-
Filesize
204KB
MD5459ac9c2c610db6683898cd8aa2afaee
SHA1dd4c9b4dd7e394e6d3cb6c47e92155f14ad51795
SHA256057f5268c35dfa7ee45892b407d40b6d4d176fdec3527fd87a1520c8758e0227
SHA512d774682849ced7fec8cf417132879f6c9430cf387ff082256d9a153f39aa6ed5dfbcf37e3951529c020371df6dbabd73085e9bc4bd8fa5dfef9d88e52b3bb66d
-
Filesize
204KB
MD5459ac9c2c610db6683898cd8aa2afaee
SHA1dd4c9b4dd7e394e6d3cb6c47e92155f14ad51795
SHA256057f5268c35dfa7ee45892b407d40b6d4d176fdec3527fd87a1520c8758e0227
SHA512d774682849ced7fec8cf417132879f6c9430cf387ff082256d9a153f39aa6ed5dfbcf37e3951529c020371df6dbabd73085e9bc4bd8fa5dfef9d88e52b3bb66d
-
Filesize
204KB
MD5459ac9c2c610db6683898cd8aa2afaee
SHA1dd4c9b4dd7e394e6d3cb6c47e92155f14ad51795
SHA256057f5268c35dfa7ee45892b407d40b6d4d176fdec3527fd87a1520c8758e0227
SHA512d774682849ced7fec8cf417132879f6c9430cf387ff082256d9a153f39aa6ed5dfbcf37e3951529c020371df6dbabd73085e9bc4bd8fa5dfef9d88e52b3bb66d