Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 18:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe
-
Size
5.0MB
-
MD5
192386661cfced2138bac5206a37c4ca
-
SHA1
5ededa272466618591fc82240b1096e36d2fb8b0
-
SHA256
b38a871d2d73d7de8c96c7d6bb3b50b779922ba49707898b6360bc59b0f6abcc
-
SHA512
e033d2fc6c7d07194db3476cfc49594c4f566332a39fc53c53480f7b91e4a48950096c5af0bdadd0bafc35bebccf8a3dcad6000d51002501fd7609939513fc09
-
SSDEEP
98304:czzwfPuc30fU7nPpzGmS2CmMIO4fuvC+V8x/GWU9Qhpl:czzS0fU7nPpzGmS2CmMIO4fu3S/GWU9I
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A084728-B51E-46F1-BA5D-BD0AD3BD7E9C}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98EFDE76-07C1-47B2-A9EC-D526B2D44171} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C12F3B9-7530-4F9A-A04B-7D52822229D7}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5A357EC-59FA-4771-ACD6-D6640D979F34} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FAFB5E61-B30F-4F27-A0F0-F5F0A858C564} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FAFB5E61-B30F-4F27-A0F0-F5F0A858C564}\ = "provider" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A2950B4-FF05-4215-B6B2-7A589C4E767E}\ = "Readermonitor" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A77C324F-8BC5-4201-A900-232866501345}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{750D6A09-A605-4EC0-96ED-FE95340C09AD}\ = "_iCache" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D82D4714-8014-4709-8511-A62D02786837}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E80B6FE-521F-40FA-B332-15FCD5B0ADCC}\ = "provider" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC7B6E65-3067-4D8C-B2B1-AC3311982218} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2583F97-69DF-437F-A11A-B1234419AED0}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38462118-FB9C-4026-90BD-F62036BCDBC2}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C199E97-3734-4525-9881-D5D1BC05D7B0}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F1C3CC35-0E3A-42E3-ABF0-767D4F64F118}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07BE8E5F-2F14-4D8E-8CAC-34B324C7A73A}\Forward\ = "{3487B0CD-C4FB-4EB6-8B22-76BBCCB7E136}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C252F280-3A50-4950-AE6B-35AFF2D780E9}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F60B3F8-A1D3-4B0D-9C47-4B58AC65DFAE}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3A9279D-90F8-4777-9193-AA0704620D1E}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC68A03B-1EED-449C-9306-BB757748FCD5}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18497BCD-6146-47CF-8ABB-317D4616E94E} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23F451CD-0FB8-454D-9081-24EB7C17F8D9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8F0C1292-2D1B-4F95-8C34-2108951FD327} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D38CAC33-BE7D-4AB4-8503-84C8187EA5B6}\ = "provider" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D78DDCA3-F82B-4B1A-B0BA-A96ADFEF70A4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{310DA151-BDCC-428D-A5B9-4BDC22D7C220}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837C69F5-D18E-46F9-AA78-E98829229144}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF863808-BAF3-47EE-9EE5-7063C17AA310}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{922BB0F9-F013-4C9C-90DA-D516687AE026}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE25F27F-9458-4AF6-ADC5-480D4BE022C2}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61C2BFE0-A59F-49EA-8740-C4C85FD29A23}\ = "_Readermonitor" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01B92F36-3731-4D04-B6F9-4B0B0B410A71} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{750D6A09-A605-4EC0-96ED-FE95340C09AD}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98EFDE76-07C1-47B2-A9EC-D526B2D44171}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC68A03B-1EED-449C-9306-BB757748FCD5}\Forward\ = "{61C2BFE0-A59F-49EA-8740-C4C85FD29A23}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837C69F5-D18E-46F9-AA78-E98829229144}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCDF2E83-8867-4026-A40B-1F65B99857BC}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF9E4B73-132B-4B6E-A9C0-167F804791C6}\Forward SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B61ED5F-5C62-414A-8F00-2C0F37FE6094}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{902EB6E3-44D5-46AE-BC7B-9D939001597B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1685E96C-282E-408C-B2E7-AF3BB6BB7C28}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC7DF714-7446-4CEB-9483-260AA6F1D14C}\ = "AloahaCertInstaller.certserv" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01B92F36-3731-4D04-B6F9-4B0B0B410A71}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{377B1AC8-96D2-4ED3-89EC-C9E86D098AAE}\TypeLib\ = "{ADA8814B-4BC3-4E25-B8C0-0035BA7DCF0D}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AloahaCertInstaller.Readermonitor\Clsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A3665D89-8A05-4233-8E76-4E41FF5AE4DB}\ProxyStubClsid SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{144FB151-EC07-4304-98F9-30033ED517BE}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7587D69-2A1E-4F51-AEA8-B43716637EDB}\Forward\ = "{063BF4CF-0B7F-48B2-9D1C-384F154CAE77}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC889CEE-27E1-4BBC-8AE4-8402AD4D88F1} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AloahaCertInstaller.Readermonitor\Clsid\ = "{E67D210B-9494-4FB2-9C2E-33F342F5FE9A}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{902EB6E3-44D5-46AE-BC7B-9D939001597B} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFBC9108-D315-4BF1-885A-287189ABB771}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{049DFB59-97DA-4EC5-93D9-3929C86D03E0} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F67D64B-3E8B-47B5-8583-F12B6FE2D25C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{063BF4CF-0B7F-48B2-9D1C-384F154CAE77}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01B92F36-3731-4D04-B6F9-4B0B0B410A71}\ = "__Readermonitor" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABFCA226-08A9-4B05-8400-8DAA76F8B66F}\Implemented Categories SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5740A701-3CB7-4C2B-B2AD-FB008BAEA2A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BFACE70-9B42-417C-9277-0523F3BF09F9} SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5A357EC-59FA-4771-ACD6-D6640D979F34}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BFACE70-9B42-417C-9277-0523F3BF09F9}\ProxyStubClsid32 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{377B1AC8-96D2-4ED3-89EC-C9E86D098AAE}\VERSION SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C252F280-3A50-4950-AE6B-35AFF2D780E9}\Forward\ = "{3487B0CD-C4FB-4EB6-8B22-76BBCCB7E136}" SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4912 SecuriteInfo.com.BACKDOOR.Trojan.3757.13104.exe