Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12/10/2023, 19:15
General
-
Target
spooky-cleaner.exe
-
Size
15KB
-
MD5
c79ca8ddd76c54108754dca6fb880a00
-
SHA1
00065504f411c7a51d115058d38735fe204cf672
-
SHA256
6bfb6cc367163788d1f1af479187b55a222150af3edc427718dddb8172c4f757
-
SHA512
f5c9cdd128b581c9ddea4d6fe978df77d47f37aabb8a870146e85707cf8276b5f608f65886c6547551529f516d23fd25ea682e1667cac1aa5bcaa6339039294d
-
SSDEEP
192:5Zif8PLRDBalCNcdV4tmefZaNSNBtNplnhUvopB9/Zz8Q7cBtYiaAws681E3Q5tE:3DBaINcdVsmmZawNXz8Mcy3NT
Score
1/10
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Kills process with taskkill 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\spooky-cleaner.exe"C:\Users\Admin\AppData\Local\Temp\spooky-cleaner.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /FI "IMAGENAME eq Steam.exe" 2>NUL | find /I /N "Steam.exe" > NUL2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq Steam.exe"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\find.exefind /I /N "Steam.exe"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /S /Q "C:\Program Files (x86)\Steam\userdata\*"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /S /Q "C:\Program Files (x86)\Steam\dumps\*"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /S /Q "C:\Program Files (x86)\Steam\logs\*"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /S /Q "C:\Program Files (x86)\Steam\config\*"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /S /Q "C:\Program Files (x86)\Steam\steamapps\*.acf"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c timeout /t 4 /nobreak > NUL2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout /t 4 /nobreak3⤵
- Delays execution with timeout.exe
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Valve\Steam\Users" /va /f > NUL2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Valve\Steam\Users" /va /f3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd C:\2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.log /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.temp /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.tmp /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.bak /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.old /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.chk /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.mkd /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.pf /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del *.dlf /a /s /q /f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM steam*2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /IM steam*3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd "C:\Program Files (x86)\Steam"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q userdata2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q config2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q logs2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q dumps2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q appcache2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /A:H ssfn*2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd %localappdata%2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q EasyAntiCheat2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q "Facepunch Studios LTD"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd %appdata%2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q EasyAntiCheat2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q "Facepunch Studios LTD"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd LocalLow2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q EasyAntiCheat2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q "Facepunch Studios LTD"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd %UserProfile%2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q EasyAntiCheat2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c rmdir /s /q "Facepunch Studios LTD"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pause2⤵
-