Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 00:35
General
-
Target
8605debf5dd752d2448a0da7072e3f0a_JC.exe
-
Size
133KB
-
MD5
8605debf5dd752d2448a0da7072e3f0a
-
SHA1
dec42eb70164b16daea823bffe51b25f70e79bee
-
SHA256
38fed6a6624683684e06a0e1360dbb52d9ff37964a165daa45679ccd721d5ba5
-
SHA512
5259ef0d95f9d7b7ac25560d2b2af3e3df00f1b469e9207f3bace4655083a443add799911592fb44846a69e592465afadbf3986881369f275ef816b85f825c52
-
SSDEEP
3072:wiMpQAMrRr/75SEKG7UDd0pCrQIFdFtLwzTa:yujlTABG7Ux0ocIPF9wzG
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8605debf5dd752d2448a0da7072e3f0a_JC.exe"C:\Users\Admin\AppData\Local\Temp\8605debf5dd752d2448a0da7072e3f0a_JC.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kakmna32.exeC:\Windows\system32\Kakmna32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljdkll32.exeC:\Windows\system32\Ljdkll32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mokfja32.exeC:\Windows\system32\Mokfja32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njgqhicg.exeC:\Windows\system32\Njgqhicg.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmhijd32.exeC:\Windows\system32\Nmhijd32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ocgkan32.exeC:\Windows\system32\Ocgkan32.exe7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbhgoh32.exeC:\Windows\system32\Pbhgoh32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qfjjpf32.exeC:\Windows\system32\Qfjjpf32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aadghn32.exeC:\Windows\system32\Aadghn32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Babcil32.exeC:\Windows\system32\Babcil32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Baepolni.exeC:\Windows\system32\Baepolni.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccppmc32.exeC:\Windows\system32\Ccppmc32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Daeifj32.exeC:\Windows\system32\Daeifj32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpmcmf32.exeC:\Windows\system32\Dpmcmf32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgihop32.exeC:\Windows\system32\Dgihop32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edaaccbj.exeC:\Windows\system32\Edaaccbj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eqkondfl.exeC:\Windows\system32\Eqkondfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbdnne32.exeC:\Windows\system32\Fbdnne32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdiakp32.exeC:\Windows\system32\Gdiakp32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdnjfojj.exeC:\Windows\system32\Gdnjfojj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hgocgjgk.exeC:\Windows\system32\Hgocgjgk.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hnmeodjc.exeC:\Windows\system32\Hnmeodjc.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjfbjdnd.exeC:\Windows\system32\Hjfbjdnd.exe24⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Iencmm32.exeC:\Windows\system32\Iencmm32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Infhebbh.exeC:\Windows\system32\Infhebbh.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhfbog32.exeC:\Windows\system32\Jhfbog32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldbefe32.exeC:\Windows\system32\Ldbefe32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lahbei32.exeC:\Windows\system32\Lahbei32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkepineo.exeC:\Windows\system32\Mkepineo.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mojopk32.exeC:\Windows\system32\Mojopk32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkhfek32.exeC:\Windows\system32\Nkhfek32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofijnbkb.exeC:\Windows\system32\Ofijnbkb.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdqcenmg.exeC:\Windows\system32\Pdqcenmg.exe11⤵
-
C:\Windows\SysWOW64\Qifbll32.exeC:\Windows\system32\Qifbll32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aeopfl32.exeC:\Windows\system32\Aeopfl32.exe13⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Apimodmh.exeC:\Windows\system32\Apimodmh.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bcicjbal.exeC:\Windows\system32\Bcicjbal.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bmddihfj.exeC:\Windows\system32\Bmddihfj.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bmkjig32.exeC:\Windows\system32\Bmkjig32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe18⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ddhhbngi.exeC:\Windows\system32\Ddhhbngi.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmplkd32.exeC:\Windows\system32\Dmplkd32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ecidpiad.exeC:\Windows\system32\Ecidpiad.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjlpbb32.exeC:\Windows\system32\Fjlpbb32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaifbg32.exeC:\Windows\system32\Iaifbg32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjdgal32.exeC:\Windows\system32\Jjdgal32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmijnfgd.exeC:\Windows\system32\Jmijnfgd.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kagbdenk.exeC:\Windows\system32\Kagbdenk.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmppneal.exeC:\Windows\system32\Kmppneal.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhdqml32.exeC:\Windows\system32\Lhdqml32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Maaoaa32.exeC:\Windows\system32\Maaoaa32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Necqbo32.exeC:\Windows\system32\Necqbo32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnoefagj.exeC:\Windows\system32\Nnoefagj.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngnppfgb.exeC:\Windows\system32\Ngnppfgb.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okqbac32.exeC:\Windows\system32\Okqbac32.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ogjpld32.exeC:\Windows\system32\Ogjpld32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pocdba32.exeC:\Windows\system32\Pocdba32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbapom32.exeC:\Windows\system32\Pbapom32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkonbamc.exeC:\Windows\system32\Pkonbamc.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qomghp32.exeC:\Windows\system32\Qomghp32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qghlmbae.exeC:\Windows\system32\Qghlmbae.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qdllffpo.exeC:\Windows\system32\Qdllffpo.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agmehamp.exeC:\Windows\system32\Agmehamp.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afnefieo.exeC:\Windows\system32\Afnefieo.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akjnnpcf.exeC:\Windows\system32\Akjnnpcf.exe43⤵
-
C:\Windows\SysWOW64\Anijjkbj.exeC:\Windows\system32\Anijjkbj.exe44⤵
-
C:\Windows\SysWOW64\Agaoca32.exeC:\Windows\system32\Agaoca32.exe45⤵
-
C:\Windows\SysWOW64\Bpomem32.exeC:\Windows\system32\Bpomem32.exe46⤵
-
C:\Windows\SysWOW64\Bbbblhnc.exeC:\Windows\system32\Bbbblhnc.exe47⤵
-
C:\Windows\SysWOW64\Cnlpgibd.exeC:\Windows\system32\Cnlpgibd.exe48⤵
-
C:\Windows\SysWOW64\Cfedmfqd.exeC:\Windows\system32\Cfedmfqd.exe49⤵
-
C:\Windows\SysWOW64\Cblebgfh.exeC:\Windows\system32\Cblebgfh.exe50⤵
-
C:\Windows\SysWOW64\Chkjpm32.exeC:\Windows\system32\Chkjpm32.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dpglmjoj.exeC:\Windows\system32\Dpglmjoj.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Defajqko.exeC:\Windows\system32\Defajqko.exe53⤵
-
C:\Windows\SysWOW64\Dlpigk32.exeC:\Windows\system32\Dlpigk32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dpnbmi32.exeC:\Windows\system32\Dpnbmi32.exe55⤵
-
C:\Windows\SysWOW64\Efhjjcpo.exeC:\Windows\system32\Efhjjcpo.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Epehnhbj.exeC:\Windows\system32\Epehnhbj.exe57⤵
-
C:\Windows\SysWOW64\Eeaqfo32.exeC:\Windows\system32\Eeaqfo32.exe58⤵
-
C:\Windows\SysWOW64\Epgdch32.exeC:\Windows\system32\Epgdch32.exe59⤵
-
C:\Windows\SysWOW64\Efampahd.exeC:\Windows\system32\Efampahd.exe60⤵
-
C:\Windows\SysWOW64\Ehbihj32.exeC:\Windows\system32\Ehbihj32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fpnkdfko.exeC:\Windows\system32\Fpnkdfko.exe62⤵
-
C:\Windows\SysWOW64\Fofdkcmd.exeC:\Windows\system32\Fofdkcmd.exe63⤵
-
C:\Windows\SysWOW64\Fikihlmj.exeC:\Windows\system32\Fikihlmj.exe64⤵
-
C:\Windows\SysWOW64\Gccmaack.exeC:\Windows\system32\Gccmaack.exe65⤵
-
C:\Windows\SysWOW64\Ghqeihbb.exeC:\Windows\system32\Ghqeihbb.exe66⤵
-
C:\Windows\SysWOW64\Geipnl32.exeC:\Windows\system32\Geipnl32.exe67⤵
-
C:\Windows\SysWOW64\Glchjedc.exeC:\Windows\system32\Glchjedc.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hhleefhe.exeC:\Windows\system32\Hhleefhe.exe69⤵
-
C:\Windows\SysWOW64\Hohjgpmo.exeC:\Windows\system32\Hohjgpmo.exe70⤵
-
C:\Windows\SysWOW64\Hjpkjh32.exeC:\Windows\system32\Hjpkjh32.exe71⤵
-
C:\Windows\SysWOW64\Homcbo32.exeC:\Windows\system32\Homcbo32.exe72⤵
-
C:\Windows\SysWOW64\Iqaiga32.exeC:\Windows\system32\Iqaiga32.exe73⤵
-
C:\Windows\SysWOW64\Igkadlcd.exeC:\Windows\system32\Igkadlcd.exe74⤵
-
C:\Windows\SysWOW64\Ihmnldib.exeC:\Windows\system32\Ihmnldib.exe75⤵
-
C:\Windows\SysWOW64\Icdoolge.exeC:\Windows\system32\Icdoolge.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ijngkf32.exeC:\Windows\system32\Ijngkf32.exe77⤵
-
C:\Windows\SysWOW64\Jqhphq32.exeC:\Windows\system32\Jqhphq32.exe78⤵
-
C:\Windows\SysWOW64\Jmffnq32.exeC:\Windows\system32\Jmffnq32.exe79⤵
-
C:\Windows\SysWOW64\Jglkkiea.exeC:\Windows\system32\Jglkkiea.exe80⤵
-
C:\Windows\SysWOW64\Kfaglf32.exeC:\Windows\system32\Kfaglf32.exe81⤵
-
C:\Windows\SysWOW64\Kaflio32.exeC:\Windows\system32\Kaflio32.exe82⤵
-
C:\Windows\SysWOW64\Kgqdfi32.exeC:\Windows\system32\Kgqdfi32.exe83⤵
-
C:\Windows\SysWOW64\Kiaqnagj.exeC:\Windows\system32\Kiaqnagj.exe84⤵
-
C:\Windows\SysWOW64\Kplijk32.exeC:\Windows\system32\Kplijk32.exe85⤵
-
C:\Windows\SysWOW64\Kfeagefd.exeC:\Windows\system32\Kfeagefd.exe86⤵
-
C:\Windows\SysWOW64\Kciaqi32.exeC:\Windows\system32\Kciaqi32.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kmbfiokn.exeC:\Windows\system32\Kmbfiokn.exe88⤵
-
C:\Windows\SysWOW64\Kclnfi32.exeC:\Windows\system32\Kclnfi32.exe89⤵
-
C:\Windows\SysWOW64\Ljffccjh.exeC:\Windows\system32\Ljffccjh.exe90⤵
-
C:\Windows\SysWOW64\Lccdghmc.exeC:\Windows\system32\Lccdghmc.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ljmmcbdp.exeC:\Windows\system32\Ljmmcbdp.exe92⤵
-
C:\Windows\SysWOW64\Lagepl32.exeC:\Windows\system32\Lagepl32.exe93⤵
-
C:\Windows\SysWOW64\Lfcmhc32.exeC:\Windows\system32\Lfcmhc32.exe94⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Libido32.exeC:\Windows\system32\Libido32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ldgnbg32.exeC:\Windows\system32\Ldgnbg32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Npjnbg32.exeC:\Windows\system32\Npjnbg32.exe97⤵
-
C:\Windows\SysWOW64\Ogmiepcf.exeC:\Windows\system32\Ogmiepcf.exe98⤵
-
C:\Windows\SysWOW64\Oacmchcl.exeC:\Windows\system32\Oacmchcl.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ohmepbki.exeC:\Windows\system32\Ohmepbki.exe100⤵
-
C:\Windows\SysWOW64\Okpkgm32.exeC:\Windows\system32\Okpkgm32.exe101⤵
-
C:\Windows\SysWOW64\Oggllnkl.exeC:\Windows\system32\Oggllnkl.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oalpigkb.exeC:\Windows\system32\Oalpigkb.exe103⤵
-
C:\Windows\SysWOW64\Phfhfa32.exeC:\Windows\system32\Phfhfa32.exe104⤵
-
C:\Windows\SysWOW64\Pdmikb32.exeC:\Windows\system32\Pdmikb32.exe105⤵
-
C:\Windows\SysWOW64\Paaidf32.exeC:\Windows\system32\Paaidf32.exe106⤵
-
C:\Windows\SysWOW64\Phkaqqoi.exeC:\Windows\system32\Phkaqqoi.exe107⤵
-
C:\Windows\SysWOW64\Pacfjfej.exeC:\Windows\system32\Pacfjfej.exe108⤵
-
C:\Windows\SysWOW64\Pjoknhbe.exeC:\Windows\system32\Pjoknhbe.exe109⤵
-
C:\Windows\SysWOW64\Pafcofcg.exeC:\Windows\system32\Pafcofcg.exe110⤵
-
C:\Windows\SysWOW64\Phpklp32.exeC:\Windows\system32\Phpklp32.exe111⤵
-
C:\Windows\SysWOW64\Pahpee32.exeC:\Windows\system32\Pahpee32.exe112⤵
-
C:\Windows\SysWOW64\Qjcdih32.exeC:\Windows\system32\Qjcdih32.exe113⤵
-
C:\Windows\SysWOW64\Qpmmfbfl.exeC:\Windows\system32\Qpmmfbfl.exe114⤵
-
C:\Windows\SysWOW64\Qggebl32.exeC:\Windows\system32\Qggebl32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bbhhlccb.exeC:\Windows\system32\Bbhhlccb.exe116⤵
-
C:\Windows\SysWOW64\Bgeadjai.exeC:\Windows\system32\Bgeadjai.exe117⤵
-
C:\Windows\SysWOW64\Bnoiqd32.exeC:\Windows\system32\Bnoiqd32.exe118⤵
-
C:\Windows\SysWOW64\Bdiamnpc.exeC:\Windows\system32\Bdiamnpc.exe119⤵
-
C:\Windows\SysWOW64\Bkcjjhgp.exeC:\Windows\system32\Bkcjjhgp.exe120⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bbmbgb32.exeC:\Windows\system32\Bbmbgb32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-