Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
03/09/2023, 12:38
Static task
static1
Behavioral task
behavioral1
Sample
Device/HarddiskVolume4/Users/rafeeq/Downloads/PowerISO7-x64.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Device/HarddiskVolume4/Users/rafeeq/Downloads/PowerISO7-x64.exe
Resource
win10v2004-20230831-en
General
-
Target
Device/HarddiskVolume4/Users/rafeeq/Downloads/PowerISO7-x64.exe
-
Size
4.9MB
-
MD5
c45d4c2c85a97d4cfaab1632368489f7
-
SHA1
8f74a6ff6ce9a7d38507d4aa8971e769d8595d7f
-
SHA256
1404b7fc531f720cc27e1414b297097d1b6b6f8aab0b2afd1c19cabb322861fd
-
SHA512
2fb6aa4f7ebe3d5fee74f927f12edadb241b85cafb3b95ac19cf8ea2da29536e8339f80b9130eaca4803da3ef9c4b04d94dd5085b19cdcd3081121c1db7f5eeb
-
SSDEEP
98304:QOzubG1up2BRPKYvjCBCqgr/FK9A8pF9yz7S70nrPx:QOzu/p25ey/k9A8LQz7Y0nb
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion PowerISO7-x64.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2164-10-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-13-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-15-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-17-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-18-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-256-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-260-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-266-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-270-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-271-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-275-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-282-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-284-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-291-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-297-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-298-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-299-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-300-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-301-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-302-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-304-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-305-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx behavioral1/memory/2164-307-0x0000000003D70000-0x0000000003F7A000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\0F764376.log PowerISO7-x64.exe -
Loads dropped DLL 3 IoCs
pid Process 2164 PowerISO7-x64.exe 2164 PowerISO7-x64.exe 2164 PowerISO7-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 PowerISO7-x64.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString PowerISO7-x64.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer PowerISO7-x64.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName PowerISO7-x64.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS PowerISO7-x64.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main PowerISO7-x64.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2164 PowerISO7-x64.exe 2164 PowerISO7-x64.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2164 PowerISO7-x64.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2164 PowerISO7-x64.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2164 PowerISO7-x64.exe 2164 PowerISO7-x64.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\Users\rafeeq\Downloads\PowerISO7-x64.exe"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\Users\rafeeq\Downloads\PowerISO7-x64.exe"1⤵
- Checks BIOS information in registry
- Drops file in Program Files directory
- Loads dropped DLL
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156B
MD51ea9e5b417811379e874ad4870d5c51a
SHA1a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa
-
Filesize
6KB
MD59b27e2a266fe15a3aabfe635c29e8923
SHA1403afe68c7ee99698c0e8873ce1cd424b503c4c8
SHA256166aa42bc5216c5791388847ae114ec0671a0d97b9952d14f29419b8be3fb23f
SHA5124b07c11db91ce5750d81959c7b2c278ed41bb64c1d1aa29da87344c5177b8eb82d7d710b426f401b069fd05062395655d985ca031489544cdf9b72fe533afa61
-
Filesize
10KB
MD557ca1a2085d82f0574e3ef740b9a5ead
SHA12974f4bf37231205a256f2648189a461e74869c0
SHA256476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA5122d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c
-
Filesize
144KB
MD5889e8fe8a034acb4d4a33349e34907a9
SHA1e439458df040ec14002c67f0a863bb714a6241aa
SHA256d9b253e80eca58d3e2c5882359b5aa3257bd0b4bec5d02a7874004466ef77c57
SHA512a604e3f8c385af9b2f29e82fa411b220a71bc234521d1194de1a2a09cca567f31c33c887a1f69ffb33fb2db91519a99e84ef064d507af16646db6919dd712d94
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
991KB
MD56f840a6f2b621670507c222086aaccd3
SHA1a540821e88deed7d7cd48ed4891c15081c61fe0c
SHA2568923c6d8fa4b43651671f74cd38f6b6a57985533e3fd0b8450a7a347469941f4
SHA512a7b68373a038ab958874a97d2f2fa482a8538e3c949d000aee871b3aec5d70a07e257b476af010e9298896e12130fca0b372cc583759d3705b2092d5b0012b84