Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
10/07/2023, 17:37
General
-
Target
d5350317f4f773exeexeexeex.exe
-
Size
192KB
-
MD5
d5350317f4f773b328a918adcc4cfdc5
-
SHA1
efb5e1a876187cec0a6a86e5bbe0c2246211101d
-
SHA256
6d8c6d7e20f62b890e54c1c3b41d5faab625784c5f0158f6f2c380d614bb5067
-
SHA512
44f940d256f5676c32dc2ffed722c59471295957edd7c9c13bb8edaf23684862c705977283fc11498b5d3bfe85b3a54828a6c56a81fa29cbb66a5e8a43089b3b
-
SSDEEP
1536:1EGh0oRl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oRl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5350317f4f773exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\d5350317f4f773exeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CACD81EF-73AE-421e-8CBF-7E031BC4966A}.exeC:\Windows\{CACD81EF-73AE-421e-8CBF-7E031BC4966A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A1F20E26-AEA2-4b65-A1E4-A22A7D0BBDD2}.exeC:\Windows\{A1F20E26-AEA2-4b65-A1E4-A22A7D0BBDD2}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5EF7A3BB-737A-4a81-A640-30320205C5E0}.exeC:\Windows\{5EF7A3BB-737A-4a81-A640-30320205C5E0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7EEACE74-8214-45c7-87B4-28D6AC0EDA5B}.exeC:\Windows\{7EEACE74-8214-45c7-87B4-28D6AC0EDA5B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{357A6DC6-3382-4b25-AECF-415A65A554F4}.exeC:\Windows\{357A6DC6-3382-4b25-AECF-415A65A554F4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9F2ECDD1-7A8D-4121-A163-E5C1767B9536}.exeC:\Windows\{9F2ECDD1-7A8D-4121-A163-E5C1767B9536}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BDFB5E09-41EE-40f3-BBCB-F48F4B8DAB0B}.exeC:\Windows\{BDFB5E09-41EE-40f3-BBCB-F48F4B8DAB0B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D10F0B9-5D61-4fa7-97D6-A6FD09A214BE}.exeC:\Windows\{5D10F0B9-5D61-4fa7-97D6-A6FD09A214BE}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5C63405E-05B5-455d-A60B-94A2C15A4E85}.exeC:\Windows\{5C63405E-05B5-455d-A60B-94A2C15A4E85}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{814DEF9E-E78C-459a-B408-2D6E7D96F900}.exeC:\Windows\{814DEF9E-E78C-459a-B408-2D6E7D96F900}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{814DE~1.EXE > nul12⤵
-
-
C:\Windows\{24A90118-9C5D-448d-A29C-E4207A84E270}.exeC:\Windows\{24A90118-9C5D-448d-A29C-E4207A84E270}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F37CC7A4-ABEC-47c2-A916-3294A6890EC0}.exeC:\Windows\{F37CC7A4-ABEC-47c2-A916-3294A6890EC0}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24A90~1.EXE > nul13⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C634~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D10F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BDFB5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9F2EC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{357A6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7EEAC~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5EF7A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1F20~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CACD8~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\D53503~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD54d8856422ee590665e31309b839f86af
SHA15fe16d256909dd7497337479865b5a0739b87592
SHA256a50ad417735f4751b5c39332ae7238a6bb1f1832f8734d7601f1ea2e9023e01a
SHA51213aa82d77b5cd7b1daf53d8c4b82caea084cf26ed9f3bac873c55687b2dc074da8a509139c5d007bdee38f09227592e39c40fb4afd3aa00d7b780463c2fac484
-
Filesize
192KB
MD54d8856422ee590665e31309b839f86af
SHA15fe16d256909dd7497337479865b5a0739b87592
SHA256a50ad417735f4751b5c39332ae7238a6bb1f1832f8734d7601f1ea2e9023e01a
SHA51213aa82d77b5cd7b1daf53d8c4b82caea084cf26ed9f3bac873c55687b2dc074da8a509139c5d007bdee38f09227592e39c40fb4afd3aa00d7b780463c2fac484
-
Filesize
192KB
MD5e1abc93b9e92c0be5f2e75edbd9281e8
SHA1448ef577175015ec46e48ca42a8d367a1187c175
SHA25604432e1550deb7bb537192c566ca97597894a26805081da1e4c250ae17a8e36a
SHA512b2154f14f9419c05e483c58ba8da5acf2a55021e1e2c784569dd74dedb515f0186bdfc6b27cb5c9b9aba8001c8d4a54339c93db7d6ecb0760493eeb7a28ddb3a
-
Filesize
192KB
MD5e1abc93b9e92c0be5f2e75edbd9281e8
SHA1448ef577175015ec46e48ca42a8d367a1187c175
SHA25604432e1550deb7bb537192c566ca97597894a26805081da1e4c250ae17a8e36a
SHA512b2154f14f9419c05e483c58ba8da5acf2a55021e1e2c784569dd74dedb515f0186bdfc6b27cb5c9b9aba8001c8d4a54339c93db7d6ecb0760493eeb7a28ddb3a
-
Filesize
192KB
MD5ef23c6494861c59b5ba06366c96f5ab4
SHA1376c07f618d5fa3aef82063a3f5a777aa64a483c
SHA2564f3b782e88c0154eb038dc6bddf95a1ae17ab8e6a46e740f26458719ed6e7213
SHA51207bf76d69f940a7a2ff92e6c49d6d1ffedebf9329c00ebe26ac88a85e30dee36e2ea68b78dccfece9bf8c4511c82fbc72a25ffde7094a046fabaa228a61a5829
-
Filesize
192KB
MD5ef23c6494861c59b5ba06366c96f5ab4
SHA1376c07f618d5fa3aef82063a3f5a777aa64a483c
SHA2564f3b782e88c0154eb038dc6bddf95a1ae17ab8e6a46e740f26458719ed6e7213
SHA51207bf76d69f940a7a2ff92e6c49d6d1ffedebf9329c00ebe26ac88a85e30dee36e2ea68b78dccfece9bf8c4511c82fbc72a25ffde7094a046fabaa228a61a5829
-
Filesize
192KB
MD5e7eba1944f318b91e75536cf7148eb0f
SHA138a800314c21ceed41c66dcc2c552ab30b3d16ce
SHA25686d680ab4314f747870c4e888b67b61bbfdc6f7de993539fb0bfcf0a4f4de4d5
SHA512b67b7237bf02e0578433a78075701735f56c6246b687561a4c50d7d19e21d261b7fd0d7b8b79f677d0a54fd03e295efbdca9ded3944568f300a26d14b7b88d80
-
Filesize
192KB
MD5e7eba1944f318b91e75536cf7148eb0f
SHA138a800314c21ceed41c66dcc2c552ab30b3d16ce
SHA25686d680ab4314f747870c4e888b67b61bbfdc6f7de993539fb0bfcf0a4f4de4d5
SHA512b67b7237bf02e0578433a78075701735f56c6246b687561a4c50d7d19e21d261b7fd0d7b8b79f677d0a54fd03e295efbdca9ded3944568f300a26d14b7b88d80
-
Filesize
192KB
MD5232ee7d015d4c47eec84057be52c4a4b
SHA15d03ec4679a19bd70033ba0847a11176ad97a01a
SHA25684f358fdd18edb13624df73c62d4a063f548144e1db8e463fe637a9432e8e2a8
SHA512d095677285b92e151536a39d5480335920bdfe7d4feaaf73c91ceaf0b9503ceca5dc4403c0cd469884a1f56fe421101ffbdf81a4a7cdc0ea634934a7ffc4c560
-
Filesize
192KB
MD5232ee7d015d4c47eec84057be52c4a4b
SHA15d03ec4679a19bd70033ba0847a11176ad97a01a
SHA25684f358fdd18edb13624df73c62d4a063f548144e1db8e463fe637a9432e8e2a8
SHA512d095677285b92e151536a39d5480335920bdfe7d4feaaf73c91ceaf0b9503ceca5dc4403c0cd469884a1f56fe421101ffbdf81a4a7cdc0ea634934a7ffc4c560
-
Filesize
192KB
MD5232ee7d015d4c47eec84057be52c4a4b
SHA15d03ec4679a19bd70033ba0847a11176ad97a01a
SHA25684f358fdd18edb13624df73c62d4a063f548144e1db8e463fe637a9432e8e2a8
SHA512d095677285b92e151536a39d5480335920bdfe7d4feaaf73c91ceaf0b9503ceca5dc4403c0cd469884a1f56fe421101ffbdf81a4a7cdc0ea634934a7ffc4c560
-
Filesize
192KB
MD5633015ac2ae06ba044c39e8449c848be
SHA1fdc1d2b727aa355bb3437451e4ab2696bbbb6c52
SHA25693da838262bb88889b6e75db0e92dc580ce27c6f83923b31dec9d8d2f44a40f8
SHA512a64a8930eacfb7daf93916a8dbdf7ae58ead4fa2e8e5dd9c51f72cf55321a1cd84fb0f1dca2c5910c555e210f029de8103fd1f03d4dd5d88dbd5c4d324f1811b
-
Filesize
192KB
MD5633015ac2ae06ba044c39e8449c848be
SHA1fdc1d2b727aa355bb3437451e4ab2696bbbb6c52
SHA25693da838262bb88889b6e75db0e92dc580ce27c6f83923b31dec9d8d2f44a40f8
SHA512a64a8930eacfb7daf93916a8dbdf7ae58ead4fa2e8e5dd9c51f72cf55321a1cd84fb0f1dca2c5910c555e210f029de8103fd1f03d4dd5d88dbd5c4d324f1811b
-
Filesize
192KB
MD5d3273d0107b8c082f382c69ee62850f8
SHA167a00ee2a808ff54427d44835d62f6dfea35bdac
SHA256bf9e7b85e000b6e84c9bc85c38cab9ab5e719d38644f6ff4c0b7f6c1992793d2
SHA51210ab46af780450de883e4d0926969e2124d4b7e5bee7a0760256dd778ee0647e286e47c57fb6b54d1168d6936662935c3d9b0207113052c3c67739f7280d90e1
-
Filesize
192KB
MD5d3273d0107b8c082f382c69ee62850f8
SHA167a00ee2a808ff54427d44835d62f6dfea35bdac
SHA256bf9e7b85e000b6e84c9bc85c38cab9ab5e719d38644f6ff4c0b7f6c1992793d2
SHA51210ab46af780450de883e4d0926969e2124d4b7e5bee7a0760256dd778ee0647e286e47c57fb6b54d1168d6936662935c3d9b0207113052c3c67739f7280d90e1
-
Filesize
192KB
MD5816166d7575226f2d230ddc67b8450ca
SHA1de5f8a536ed2693fc5a4209ecdd455d510bccd1c
SHA256e9d2fbd72e5e8b11421ca32e53ad6015f53df4948b96f190ca3bf7775df0f767
SHA512d8131eb23b3b06046b48223b1eea556b5c29590fb033de5a15de6dba2e5229314abc800de30be2c2555864bf52ed9f623af204600327f6ad6cd6dec3f6db5308
-
Filesize
192KB
MD5816166d7575226f2d230ddc67b8450ca
SHA1de5f8a536ed2693fc5a4209ecdd455d510bccd1c
SHA256e9d2fbd72e5e8b11421ca32e53ad6015f53df4948b96f190ca3bf7775df0f767
SHA512d8131eb23b3b06046b48223b1eea556b5c29590fb033de5a15de6dba2e5229314abc800de30be2c2555864bf52ed9f623af204600327f6ad6cd6dec3f6db5308
-
Filesize
192KB
MD54717ab85216e94c89c2cb2291005d054
SHA1a757ab891a6f5add666b7016eb5a55629ed48aa6
SHA25682ac8e16576143049d9343347b4d9da356257a6990de5bebfdae874291b59e67
SHA5125d6763c5eb401ac961726a39f3c8844296ae1669023e5ac040c8f132c24344ec6274c5ee442ae285ea4101414cd7afc69d6561e2cb7c30a2f1235311380a7dea
-
Filesize
192KB
MD54717ab85216e94c89c2cb2291005d054
SHA1a757ab891a6f5add666b7016eb5a55629ed48aa6
SHA25682ac8e16576143049d9343347b4d9da356257a6990de5bebfdae874291b59e67
SHA5125d6763c5eb401ac961726a39f3c8844296ae1669023e5ac040c8f132c24344ec6274c5ee442ae285ea4101414cd7afc69d6561e2cb7c30a2f1235311380a7dea
-
Filesize
192KB
MD52e1f34956bf203425e9e77d9136b0aa9
SHA1e9c649dfb65cd22c920834869b36f71102cdd7ee
SHA256984dde3028425e129013c22e7eb216cacac4618c66a7970ad22e8b597ec2a335
SHA5123b6c7e2d554fd2c17f4a2b39ce626feb2c18fe2543da23edb76dab91c6629ba823f24031cdf9a7fdc61bee6d7513e2773adf4e1311473a8c7331a6d273838bb1
-
Filesize
192KB
MD52e1f34956bf203425e9e77d9136b0aa9
SHA1e9c649dfb65cd22c920834869b36f71102cdd7ee
SHA256984dde3028425e129013c22e7eb216cacac4618c66a7970ad22e8b597ec2a335
SHA5123b6c7e2d554fd2c17f4a2b39ce626feb2c18fe2543da23edb76dab91c6629ba823f24031cdf9a7fdc61bee6d7513e2773adf4e1311473a8c7331a6d273838bb1
-
Filesize
192KB
MD5a43f7a08eb5455d420d0814bd47c7d2d
SHA195f3e5a5b1086b428ecfebc86bd09205144d82aa
SHA256f928aa96f43e137a6b6666cb630cbb05c333787343c03d7a9fceb861aa44984b
SHA5125fe2f9c12e7380021d6dc14f635f4cd62be650c65e6880a6e04c41f7eff905638e9adf4d3c8dcc07f51ed4b8f703ed44b43de4710edc980c1ee9cac66a2e2687
-
Filesize
192KB
MD5a43f7a08eb5455d420d0814bd47c7d2d
SHA195f3e5a5b1086b428ecfebc86bd09205144d82aa
SHA256f928aa96f43e137a6b6666cb630cbb05c333787343c03d7a9fceb861aa44984b
SHA5125fe2f9c12e7380021d6dc14f635f4cd62be650c65e6880a6e04c41f7eff905638e9adf4d3c8dcc07f51ed4b8f703ed44b43de4710edc980c1ee9cac66a2e2687
-
Filesize
192KB
MD5b8ee51bdea7df96c61ec6b4126d284a8
SHA16a09ccb9d496129a4f66c4a5f376e995f9d9ce3c
SHA2565f6c55b8ca2140c47d35e7225bf6a2352f63db7558dd27c06881f6df4e2c47d5
SHA512385e4c8fbe4660118fbe250039aea469136be2272d95cadded1924d8ecba8b6ec023f2dc07b2751582ad3b353fd6ea7a62aac07987db5cda4907f55616f14bf0
-
Filesize
192KB
MD5b8ee51bdea7df96c61ec6b4126d284a8
SHA16a09ccb9d496129a4f66c4a5f376e995f9d9ce3c
SHA2565f6c55b8ca2140c47d35e7225bf6a2352f63db7558dd27c06881f6df4e2c47d5
SHA512385e4c8fbe4660118fbe250039aea469136be2272d95cadded1924d8ecba8b6ec023f2dc07b2751582ad3b353fd6ea7a62aac07987db5cda4907f55616f14bf0