Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
08/07/2023, 09:53
General
-
Target
69fd63ba7a784eexeexeexeex.exe
-
Size
168KB
-
MD5
69fd63ba7a784e689fde4b61fb311484
-
SHA1
25b9b48fdd9fb774ad61a6946a4fe5a2b5cd4e25
-
SHA256
582755448ca6b13c05d4c1f4f5d6aebbf7cae05a8f8c2f15ca031b4c8e92ba64
-
SHA512
693dbc886d39bbcf3cbdcb169269a0de8e7504d0dbd017740a9e812cb741ccd52e9e9cf0d7bc656b21c0595dc5285f6cb5dffaa263dbcf462bcd25cfb836b2c2
-
SSDEEP
1536:1EGh0o3lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o3lqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\69fd63ba7a784eexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\69fd63ba7a784eexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{41546900-5C05-4b7a-99E6-B535AEAE3AAE}.exeC:\Windows\{41546900-5C05-4b7a-99E6-B535AEAE3AAE}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{145EA88D-4FA0-4486-B112-B29D8444CBF7}.exeC:\Windows\{145EA88D-4FA0-4486-B112-B29D8444CBF7}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A890371D-60D1-449c-97D3-04B80368A8EF}.exeC:\Windows\{A890371D-60D1-449c-97D3-04B80368A8EF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B13634A5-133D-4127-A829-2D8EE2E958C0}.exeC:\Windows\{B13634A5-133D-4127-A829-2D8EE2E958C0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB7683EE-DD9C-4f01-BF0B-30C51DB08DE4}.exeC:\Windows\{AB7683EE-DD9C-4f01-BF0B-30C51DB08DE4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{34A83A9F-8C98-4ef5-A727-C2361215AE47}.exeC:\Windows\{34A83A9F-8C98-4ef5-A727-C2361215AE47}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E24CE93-4ABE-4112-8326-FBF564C2961F}.exeC:\Windows\{7E24CE93-4ABE-4112-8326-FBF564C2961F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44F5EC13-3C35-48ee-8308-DA7ECB6BC66B}.exeC:\Windows\{44F5EC13-3C35-48ee-8308-DA7ECB6BC66B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{150E80BD-B816-4027-8D59-D7B93DC41698}.exeC:\Windows\{150E80BD-B816-4027-8D59-D7B93DC41698}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B70282C4-53D9-4c35-A092-4B2BB8FF7BDF}.exeC:\Windows\{B70282C4-53D9-4c35-A092-4B2BB8FF7BDF}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B4FF066-42F5-4b54-B436-A954743CE4B2}.exeC:\Windows\{9B4FF066-42F5-4b54-B436-A954743CE4B2}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7E094F8A-5780-480e-A427-87351394A017}.exeC:\Windows\{7E094F8A-5780-480e-A427-87351394A017}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B4FF~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7028~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{150E8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44F5E~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E24C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34A83~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB768~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1363~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8903~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{145EA~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{41546~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\69FD63~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5b59ab4a2b86e347af2d6f86f7b944d6a
SHA173f242d667b8e615ee616f33a1b84fe78f665db8
SHA256ad14e1bb8b0146669c6ef468c89f6a2d241b5a9fc88579ffe0d2787c53640c0d
SHA512c144b3da6a35f2854250ee89f45c3508f4e60f8c904ea4c85de1b16ce1c49587b721dc837d61325dcc2ebf841c904fcc484745a68c2157d621b930687513b8c9
-
Filesize
168KB
MD5b59ab4a2b86e347af2d6f86f7b944d6a
SHA173f242d667b8e615ee616f33a1b84fe78f665db8
SHA256ad14e1bb8b0146669c6ef468c89f6a2d241b5a9fc88579ffe0d2787c53640c0d
SHA512c144b3da6a35f2854250ee89f45c3508f4e60f8c904ea4c85de1b16ce1c49587b721dc837d61325dcc2ebf841c904fcc484745a68c2157d621b930687513b8c9
-
Filesize
168KB
MD51e7412dc4d986fbb261e88589c1224f3
SHA1fc0df74e95b625c6487d0ba0faa3456134dd74eb
SHA25639c001946dd81c4932752b560b1a6f17ae3b52ab167ed5177c9b06817dfbbd1c
SHA5126749ce9c65dc75f85d88143c2ee0dea986516605f41d5f37102a57510067582d95656d7bbb8bffe06139a4a1b7c685c380c00309c28b1e88eafdc0a4476a01b4
-
Filesize
168KB
MD51e7412dc4d986fbb261e88589c1224f3
SHA1fc0df74e95b625c6487d0ba0faa3456134dd74eb
SHA25639c001946dd81c4932752b560b1a6f17ae3b52ab167ed5177c9b06817dfbbd1c
SHA5126749ce9c65dc75f85d88143c2ee0dea986516605f41d5f37102a57510067582d95656d7bbb8bffe06139a4a1b7c685c380c00309c28b1e88eafdc0a4476a01b4
-
Filesize
168KB
MD5d9cae9ad3b64ed7ace5f7baececf549a
SHA180a095f23209b9d4a3aef6aa5698cfb28dbc2323
SHA256bc213676cbb953c07233963511e0a8ba030fb75a00668ab70e3b3b8db2c20704
SHA512a4f735d866e49e410af88aa9716b3c91432864c3ef53ff412f7a485f5ae23d3b63a32881cca22cd7d05fddb37ff96bbd73c1ddc60e78723b83f74ba326b37b28
-
Filesize
168KB
MD5d9cae9ad3b64ed7ace5f7baececf549a
SHA180a095f23209b9d4a3aef6aa5698cfb28dbc2323
SHA256bc213676cbb953c07233963511e0a8ba030fb75a00668ab70e3b3b8db2c20704
SHA512a4f735d866e49e410af88aa9716b3c91432864c3ef53ff412f7a485f5ae23d3b63a32881cca22cd7d05fddb37ff96bbd73c1ddc60e78723b83f74ba326b37b28
-
Filesize
168KB
MD5935cece92b1c34559252fde8b43dbe29
SHA193d686ab79a36b94a9a09b5e4e46960e6859d284
SHA256cb91ad041c3e6ca1a9449e6a54d9b3fb7f0e8bafee3adad59551070aaa7f1b89
SHA51229342feab5b08377d77ca651a7d06378b0543f95716719717294d08d4046a4b0f2d392bd929022c1386bd75de695e67b8e1800f78025b5e6e214b945ff7bc15a
-
Filesize
168KB
MD5935cece92b1c34559252fde8b43dbe29
SHA193d686ab79a36b94a9a09b5e4e46960e6859d284
SHA256cb91ad041c3e6ca1a9449e6a54d9b3fb7f0e8bafee3adad59551070aaa7f1b89
SHA51229342feab5b08377d77ca651a7d06378b0543f95716719717294d08d4046a4b0f2d392bd929022c1386bd75de695e67b8e1800f78025b5e6e214b945ff7bc15a
-
Filesize
168KB
MD528c303ca580f049adaf359656471d2e5
SHA162dbc806787b0b222b4e50c1347de9d4005b7aca
SHA256985e45c2846d987f45f8c73d82ea0aa5eb8a315cad296fb2c14e6afd3363ef30
SHA5125bceaaf357a74e7cc65ed06e502a2cef4f4dd9cde8577c8eb8a1b764ccd6ac61deb60c08f475429da0fb18a6c94a5f85a30dfcf1744908041e8e28583c3d3ca8
-
Filesize
168KB
MD528c303ca580f049adaf359656471d2e5
SHA162dbc806787b0b222b4e50c1347de9d4005b7aca
SHA256985e45c2846d987f45f8c73d82ea0aa5eb8a315cad296fb2c14e6afd3363ef30
SHA5125bceaaf357a74e7cc65ed06e502a2cef4f4dd9cde8577c8eb8a1b764ccd6ac61deb60c08f475429da0fb18a6c94a5f85a30dfcf1744908041e8e28583c3d3ca8
-
Filesize
168KB
MD57e7b47c193d51e0e850b8950015a513c
SHA1e93b3f7b532f02932637469ae6d8810c0617ad95
SHA256853a98ff653c1b580752db0042b29dfb5dc75418609e6e6708c688c06f9dbe8b
SHA512382a2c9fe575d645a3de434583fa5276839373d60cc8a2170e07e05e5270190d4144315e04d76940ce9eadb784633c3a4357cdb4fbc78cc953b58919e0c88d04
-
Filesize
168KB
MD57e7b47c193d51e0e850b8950015a513c
SHA1e93b3f7b532f02932637469ae6d8810c0617ad95
SHA256853a98ff653c1b580752db0042b29dfb5dc75418609e6e6708c688c06f9dbe8b
SHA512382a2c9fe575d645a3de434583fa5276839373d60cc8a2170e07e05e5270190d4144315e04d76940ce9eadb784633c3a4357cdb4fbc78cc953b58919e0c88d04
-
Filesize
168KB
MD5d659ce6ebbced92544ddbdab2778d1ff
SHA1a59a1cb837ada27703d8f726987d3d80ef639f13
SHA2568ae273e019a519391b353b43063e8c368a59f849eb86f56fe2b10c55102c3517
SHA51244ffc73210bfeb359d6b355cc7acd014fa7ebbd373116ad9ba18695ef446bec95670da03abcce87ebaa4045cc7625d5a4d66f86c751d3ba8dae65650b2737820
-
Filesize
168KB
MD5d659ce6ebbced92544ddbdab2778d1ff
SHA1a59a1cb837ada27703d8f726987d3d80ef639f13
SHA2568ae273e019a519391b353b43063e8c368a59f849eb86f56fe2b10c55102c3517
SHA51244ffc73210bfeb359d6b355cc7acd014fa7ebbd373116ad9ba18695ef446bec95670da03abcce87ebaa4045cc7625d5a4d66f86c751d3ba8dae65650b2737820
-
Filesize
168KB
MD5981391b05c03b8505722ebc6c4ac78da
SHA123b9e227bf5f2b51406e3d2ae6be9652efab4ddb
SHA2560cccfddfa288868556512f67fcb6e89f966d074d91117cd863f3c2d0f99b28a6
SHA5128b9b294e225742e17c1481276c26b4d52ed1b6251cd377c9b69a326fff0977379610afc6e54bc8deca93650a91457047c8190d7401a244f03edfafb8d146d9b8
-
Filesize
168KB
MD5981391b05c03b8505722ebc6c4ac78da
SHA123b9e227bf5f2b51406e3d2ae6be9652efab4ddb
SHA2560cccfddfa288868556512f67fcb6e89f966d074d91117cd863f3c2d0f99b28a6
SHA5128b9b294e225742e17c1481276c26b4d52ed1b6251cd377c9b69a326fff0977379610afc6e54bc8deca93650a91457047c8190d7401a244f03edfafb8d146d9b8
-
Filesize
168KB
MD50765714af4a1af896abf2023156a842a
SHA1ecf4726d6c80c0f13ce5a9b03783aeeccf56e9b8
SHA2568de9c7210a9bf61c585d997f1e0b067f10e4d03bb6e12c080d25c8182bf0d071
SHA512740d43a99f495163fa4eb73a51b15057ac97197a4cd37d0fbcbf1416258344a6f865a0e9f8a1920d880748a2e7350359d36a17aa94b059bf3e371bc4b4f424a8
-
Filesize
168KB
MD50765714af4a1af896abf2023156a842a
SHA1ecf4726d6c80c0f13ce5a9b03783aeeccf56e9b8
SHA2568de9c7210a9bf61c585d997f1e0b067f10e4d03bb6e12c080d25c8182bf0d071
SHA512740d43a99f495163fa4eb73a51b15057ac97197a4cd37d0fbcbf1416258344a6f865a0e9f8a1920d880748a2e7350359d36a17aa94b059bf3e371bc4b4f424a8
-
Filesize
168KB
MD50765714af4a1af896abf2023156a842a
SHA1ecf4726d6c80c0f13ce5a9b03783aeeccf56e9b8
SHA2568de9c7210a9bf61c585d997f1e0b067f10e4d03bb6e12c080d25c8182bf0d071
SHA512740d43a99f495163fa4eb73a51b15057ac97197a4cd37d0fbcbf1416258344a6f865a0e9f8a1920d880748a2e7350359d36a17aa94b059bf3e371bc4b4f424a8
-
Filesize
168KB
MD59c5ab80244c91b9996801f6713912432
SHA1564b45c1ff45bc795209ae15b144f7c897a47793
SHA2564ec1d4a6aa2ea297ebee95e2b5a0aaa12e3f23357200abfb686f4c221c0245f8
SHA512188f8805a979baf11b416dcd34acd4b20b398365a727f31158a246095b97f2656ab0dcf936922240ffafce4d3b487b4d7f8d46b2e5e63421fb750abf5e13ef49
-
Filesize
168KB
MD59c5ab80244c91b9996801f6713912432
SHA1564b45c1ff45bc795209ae15b144f7c897a47793
SHA2564ec1d4a6aa2ea297ebee95e2b5a0aaa12e3f23357200abfb686f4c221c0245f8
SHA512188f8805a979baf11b416dcd34acd4b20b398365a727f31158a246095b97f2656ab0dcf936922240ffafce4d3b487b4d7f8d46b2e5e63421fb750abf5e13ef49
-
Filesize
168KB
MD5029f37772ef8c23c2c6976f2316c3d43
SHA1bcdfda70d9bd0063b8e245ad5aec015c67b226af
SHA256184b5db6db81171c8e36c1f833c337c9eddab711c96f174ab66b9ba8e811f35d
SHA5128adaf55d710ac3a09aa7378468a277b152e9628a639f65278606effd1850548cb2f468dfd9177eb2b7c712015f014e3aee050ddab02c76265e844a3816066277
-
Filesize
168KB
MD5029f37772ef8c23c2c6976f2316c3d43
SHA1bcdfda70d9bd0063b8e245ad5aec015c67b226af
SHA256184b5db6db81171c8e36c1f833c337c9eddab711c96f174ab66b9ba8e811f35d
SHA5128adaf55d710ac3a09aa7378468a277b152e9628a639f65278606effd1850548cb2f468dfd9177eb2b7c712015f014e3aee050ddab02c76265e844a3816066277
-
Filesize
168KB
MD57d293fb6b05e43d8211e2c605767cd6e
SHA18d0a4c8b59bfcfd757f667e488ad073d71557423
SHA256a312e869cc130da79a469da371fecf9ba097e93f8f04276d45152a832693336c
SHA5124f066f2a1c7bfd2a99f56015e3c3a708256378d3da252fd9981f79a7e033197b88469f7d22ece547d6b05c549e95ab87211876ddd2a3610693fddeddfe9f6d89
-
Filesize
168KB
MD57d293fb6b05e43d8211e2c605767cd6e
SHA18d0a4c8b59bfcfd757f667e488ad073d71557423
SHA256a312e869cc130da79a469da371fecf9ba097e93f8f04276d45152a832693336c
SHA5124f066f2a1c7bfd2a99f56015e3c3a708256378d3da252fd9981f79a7e033197b88469f7d22ece547d6b05c549e95ab87211876ddd2a3610693fddeddfe9f6d89