Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12/10/2023, 21:58
General
-
Target
f4477008189483d361baa6c49512e0be_JC.exe
-
Size
275KB
-
MD5
f4477008189483d361baa6c49512e0be
-
SHA1
04241acb44ec4e406770f60ed3c3ae2124c67804
-
SHA256
e9915ad4981291b3416376389f6fea4e0149c77ee64d7a8a4e9e81c88f89f739
-
SHA512
779d27669e96c505e92a4027d23116902cc2ec93b904ddc1f68641ba36802002e062e64af0445e52cebe9f0f8cda955b48d7b11775a39283cf75c848efd0e861
-
SSDEEP
6144:HFjkR9zrZXH6tkgzL2V4cpC0L4AY7YWT63cpC0L4f:lgR9mL2/p9i7drp9S
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f4477008189483d361baa6c49512e0be_JC.exe"C:\Users\Admin\AppData\Local\Temp\f4477008189483d361baa6c49512e0be_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Haoimcgg.exeC:\Windows\system32\Haoimcgg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Haafcb32.exeC:\Windows\system32\Haafcb32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjlkge32.exeC:\Windows\system32\Hjlkge32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Injcmc32.exeC:\Windows\system32\Injcmc32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Inmpcc32.exeC:\Windows\system32\Inmpcc32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ikqqlgem.exeC:\Windows\system32\Ikqqlgem.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Inainbcn.exeC:\Windows\system32\Inainbcn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Igjngh32.exeC:\Windows\system32\Igjngh32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iqbbpm32.exeC:\Windows\system32\Iqbbpm32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnhpoamf.exeC:\Windows\system32\Jnhpoamf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jklphekp.exeC:\Windows\system32\Jklphekp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnmijq32.exeC:\Windows\system32\Jnmijq32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjdjoane.exeC:\Windows\system32\Jjdjoane.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kghjhemo.exeC:\Windows\system32\Kghjhemo.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgjgne32.exeC:\Windows\system32\Kgjgne32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgmcce32.exeC:\Windows\system32\Kgmcce32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kilpmh32.exeC:\Windows\system32\Kilpmh32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kniieo32.exeC:\Windows\system32\Kniieo32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Liqihglg.exeC:\Windows\system32\Liqihglg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnpofnhk.exeC:\Windows\system32\Lnpofnhk.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljgpkonp.exeC:\Windows\system32\Ljgpkonp.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljilqnlm.exeC:\Windows\system32\Ljilqnlm.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pefhlaie.exeC:\Windows\system32\Pefhlaie.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Peieba32.exeC:\Windows\system32\Peieba32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Papfgbmg.exeC:\Windows\system32\Papfgbmg.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkhjph32.exeC:\Windows\system32\Pkhjph32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhlkilba.exeC:\Windows\system32\Qhlkilba.exe10⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qepkbpak.exeC:\Windows\system32\Qepkbpak.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akoqpg32.exeC:\Windows\system32\Akoqpg32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahcajk32.exeC:\Windows\system32\Ahcajk32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alqjpi32.exeC:\Windows\system32\Alqjpi32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afinioip.exeC:\Windows\system32\Afinioip.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akffafgg.exeC:\Windows\system32\Akffafgg.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acokhc32.exeC:\Windows\system32\Acokhc32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkkple32.exeC:\Windows\system32\Bkkple32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkmmaeap.exeC:\Windows\system32\Bkmmaeap.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bfbaonae.exeC:\Windows\system32\Bfbaonae.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bcfahbpo.exeC:\Windows\system32\Bcfahbpo.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bmofagfp.exeC:\Windows\system32\Bmofagfp.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjbfklei.exeC:\Windows\system32\Bjbfklei.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bopocbcq.exeC:\Windows\system32\Bopocbcq.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cihclh32.exeC:\Windows\system32\Cihclh32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cjgpfk32.exeC:\Windows\system32\Cjgpfk32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckilmcgb.exeC:\Windows\system32\Ckilmcgb.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfnqklgh.exeC:\Windows\system32\Cfnqklgh.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ckkiccep.exeC:\Windows\system32\Ckkiccep.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbeapmll.exeC:\Windows\system32\Cbeapmll.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckmehb32.exeC:\Windows\system32\Ckmehb32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cjnffjkl.exeC:\Windows\system32\Cjnffjkl.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckpbnb32.exeC:\Windows\system32\Ckpbnb32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfefkkqp.exeC:\Windows\system32\Dfefkkqp.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpnkdq32.exeC:\Windows\system32\Dpnkdq32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkdliame.exeC:\Windows\system32\Dkdliame.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djelgied.exeC:\Windows\system32\Djelgied.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpbdopck.exeC:\Windows\system32\Dpbdopck.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djhimica.exeC:\Windows\system32\Djhimica.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpdaepai.exeC:\Windows\system32\Dpdaepai.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dmhand32.exeC:\Windows\system32\Dmhand32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebejfk32.exeC:\Windows\system32\Ebejfk32.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Elnoopdj.exeC:\Windows\system32\Elnoopdj.exe43⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eiaoid32.exeC:\Windows\system32\Eiaoid32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eplgeokq.exeC:\Windows\system32\Eplgeokq.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eidlnd32.exeC:\Windows\system32\Eidlnd32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eciplm32.exeC:\Windows\system32\Eciplm32.exe47⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fpggamqc.exeC:\Windows\system32\Fpggamqc.exe48⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ffaong32.exeC:\Windows\system32\Ffaong32.exe49⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmkgkapm.exeC:\Windows\system32\Fmkgkapm.exe50⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fbhpch32.exeC:\Windows\system32\Fbhpch32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmndpq32.exeC:\Windows\system32\Fmndpq32.exe52⤵
-
C:\Windows\SysWOW64\Fdglmkeg.exeC:\Windows\system32\Fdglmkeg.exe53⤵
-
C:\Windows\SysWOW64\Fjadje32.exeC:\Windows\system32\Fjadje32.exe54⤵
-
C:\Windows\SysWOW64\Glcaambb.exeC:\Windows\system32\Glcaambb.exe55⤵
-
C:\Windows\SysWOW64\Gjdaodja.exeC:\Windows\system32\Gjdaodja.exe56⤵
-
C:\Windows\SysWOW64\Gdlfhj32.exeC:\Windows\system32\Gdlfhj32.exe57⤵
-
C:\Windows\SysWOW64\Gmdjapgb.exeC:\Windows\system32\Gmdjapgb.exe58⤵
-
C:\Windows\SysWOW64\Gbabigfj.exeC:\Windows\system32\Gbabigfj.exe59⤵
-
C:\Windows\SysWOW64\Gmggfp32.exeC:\Windows\system32\Gmggfp32.exe60⤵
-
C:\Windows\SysWOW64\Gmiclo32.exeC:\Windows\system32\Gmiclo32.exe61⤵
-
C:\Windows\SysWOW64\Gphphj32.exeC:\Windows\system32\Gphphj32.exe62⤵
-
C:\Windows\SysWOW64\Hloqml32.exeC:\Windows\system32\Hloqml32.exe63⤵
-
C:\Windows\SysWOW64\Hgdejd32.exeC:\Windows\system32\Hgdejd32.exe64⤵
-
C:\Windows\SysWOW64\Hgfapd32.exeC:\Windows\system32\Hgfapd32.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hlcjhkdp.exeC:\Windows\system32\Hlcjhkdp.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hginecde.exeC:\Windows\system32\Hginecde.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hlegnjbm.exeC:\Windows\system32\Hlegnjbm.exe68⤵
-
C:\Windows\SysWOW64\Hgkkkcbc.exeC:\Windows\system32\Hgkkkcbc.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hlhccj32.exeC:\Windows\system32\Hlhccj32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hcblpdgg.exeC:\Windows\system32\Hcblpdgg.exe71⤵
-
C:\Windows\SysWOW64\Hildmn32.exeC:\Windows\system32\Hildmn32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Idahjg32.exeC:\Windows\system32\Idahjg32.exe73⤵
-
C:\Windows\SysWOW64\Ikkpgafg.exeC:\Windows\system32\Ikkpgafg.exe74⤵
-
C:\Windows\SysWOW64\Iphioh32.exeC:\Windows\system32\Iphioh32.exe75⤵
-
C:\Windows\SysWOW64\Ijqmhnko.exeC:\Windows\system32\Ijqmhnko.exe76⤵
-
C:\Windows\SysWOW64\Idfaefkd.exeC:\Windows\system32\Idfaefkd.exe77⤵
-
C:\Windows\SysWOW64\Ijcjmmil.exeC:\Windows\system32\Ijcjmmil.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Icknfcol.exeC:\Windows\system32\Icknfcol.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ijegcm32.exeC:\Windows\system32\Ijegcm32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Idkkpf32.exeC:\Windows\system32\Idkkpf32.exe81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jjgchm32.exeC:\Windows\system32\Jjgchm32.exe82⤵
-
C:\Windows\SysWOW64\Jdmgfedl.exeC:\Windows\system32\Jdmgfedl.exe83⤵
-
C:\Windows\SysWOW64\Jjjpnlbd.exeC:\Windows\system32\Jjjpnlbd.exe84⤵
-
C:\Windows\SysWOW64\Jdodkebj.exeC:\Windows\system32\Jdodkebj.exe85⤵
-
C:\Windows\SysWOW64\Jkimho32.exeC:\Windows\system32\Jkimho32.exe86⤵
-
C:\Windows\SysWOW64\Jlkipgpe.exeC:\Windows\system32\Jlkipgpe.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jklinohd.exeC:\Windows\system32\Jklinohd.exe88⤵
-
C:\Windows\SysWOW64\Jlmfeg32.exeC:\Windows\system32\Jlmfeg32.exe89⤵
-
C:\Windows\SysWOW64\Jjafok32.exeC:\Windows\system32\Jjafok32.exe90⤵
-
C:\Windows\SysWOW64\Jqknkedi.exeC:\Windows\system32\Jqknkedi.exe91⤵
-
C:\Windows\SysWOW64\Jgeghp32.exeC:\Windows\system32\Jgeghp32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Knooej32.exeC:\Windows\system32\Knooej32.exe93⤵
-
C:\Windows\SysWOW64\Kclgmq32.exeC:\Windows\system32\Kclgmq32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Knalji32.exeC:\Windows\system32\Knalji32.exe95⤵
-
C:\Windows\SysWOW64\Kcndbp32.exeC:\Windows\system32\Kcndbp32.exe96⤵
-
C:\Windows\SysWOW64\Kdmqmc32.exeC:\Windows\system32\Kdmqmc32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kjjiej32.exeC:\Windows\system32\Kjjiej32.exe98⤵
-
C:\Windows\SysWOW64\Kdpmbc32.exeC:\Windows\system32\Kdpmbc32.exe99⤵
-
C:\Windows\SysWOW64\Kjmfjj32.exeC:\Windows\system32\Kjmfjj32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kcejco32.exeC:\Windows\system32\Kcejco32.exe101⤵
-
C:\Windows\SysWOW64\Lnjnqh32.exeC:\Windows\system32\Lnjnqh32.exe102⤵
-
C:\Windows\SysWOW64\Lgccinoe.exeC:\Windows\system32\Lgccinoe.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lnmkfh32.exeC:\Windows\system32\Lnmkfh32.exe104⤵
-
C:\Windows\SysWOW64\Ldgccb32.exeC:\Windows\system32\Ldgccb32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ldipha32.exeC:\Windows\system32\Ldipha32.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lekmnajj.exeC:\Windows\system32\Lekmnajj.exe107⤵
-
C:\Windows\SysWOW64\Lndagg32.exeC:\Windows\system32\Lndagg32.exe108⤵
-
C:\Windows\SysWOW64\Lenicahg.exeC:\Windows\system32\Lenicahg.exe109⤵
-
C:\Windows\SysWOW64\Madjhb32.exeC:\Windows\system32\Madjhb32.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgobel32.exeC:\Windows\system32\Mgobel32.exe111⤵
-
C:\Windows\SysWOW64\Maggnali.exeC:\Windows\system32\Maggnali.exe112⤵
-
C:\Windows\SysWOW64\Nnbnhedj.exeC:\Windows\system32\Nnbnhedj.exe113⤵
-
C:\Windows\SysWOW64\Nelfeo32.exeC:\Windows\system32\Nelfeo32.exe114⤵
-
C:\Windows\SysWOW64\Njinmf32.exeC:\Windows\system32\Njinmf32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nenbjo32.exeC:\Windows\system32\Nenbjo32.exe116⤵
-
C:\Windows\SysWOW64\Nlhkgi32.exeC:\Windows\system32\Nlhkgi32.exe117⤵
-
C:\Windows\SysWOW64\Naecop32.exeC:\Windows\system32\Naecop32.exe118⤵
-
C:\Windows\SysWOW64\Nlkgmh32.exeC:\Windows\system32\Nlkgmh32.exe119⤵
-
C:\Windows\SysWOW64\Nhahaiec.exeC:\Windows\system32\Nhahaiec.exe120⤵
-
C:\Windows\SysWOW64\Oeehkn32.exeC:\Windows\system32\Oeehkn32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-