Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
30/10/2023, 02:33
General
-
Target
5842f7649cea42dea4dc29ebdd843bd6d57ac802e812fb38e87cbe5a8734c890.exe
-
Size
1.4MB
-
MD5
1683df3bd83b4564dfc964e287089512
-
SHA1
78499a557db2f42ff5a441fa3d7aa032f6548889
-
SHA256
5842f7649cea42dea4dc29ebdd843bd6d57ac802e812fb38e87cbe5a8734c890
-
SHA512
a2f219917950b5051a98c54fa4a230556d86f8b5da84dd29be3c6f38f5fc0913291854e33fc554d04bf9e8e9b3588933e3ca05c240b9942b444e68508134ca4e
-
SSDEEP
24576:DU28CafNdyd2hXAgq6cnPkRrR/pDmvvUEgHbY9luCq4rS3+ouGKpVO:Q2KThXLq6T/pUvDgHxDuFO
Malware Config
Signatures
-
Drops file in Drivers directory 8 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 32 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Control Panel 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5842f7649cea42dea4dc29ebdd843bd6d57ac802e812fb38e87cbe5a8734c890.exe"C:\Users\Admin\AppData\Local\Temp\5842f7649cea42dea4dc29ebdd843bd6d57ac802e812fb38e87cbe5a8734c890.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies Control Panel
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\Driver_Setup.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exedevcon install VmtkmHid_0.inf "{8FBC4165-480D-4230-B1DF-7B86F3E5A3CC}\HID_DEVICE"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exedevcon update VmtkmMouFiltr_0.inf "HID\Vid_1bcf&Pid_05e3&Col02"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9d615563-f4b0-a74e-9e0f-79d3d506c916}\vmtkmhid_0.inf" "9" "4f780c9bb" "000000000000013C" "WinSta0\Default" "0000000000000154" "208" "c:\users\admin\appdata\local\temp\filedef20160419\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\HIDCLASS\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:b2fe4818386da1dc:VHidMini.Inst:1.0.0.1:{8fbc4165-480d-4230-b1df-7b86f3e5a3cc}\hid_device," "4f780c9bb" "000000000000013C"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f2727064-5c1c-dd43-aca7-4bce45feaa61}\vmtkmmoufiltr_0.inf" "9" "458dbf7d3" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "c:\users\admin\appdata\local\temp\filedef20160419\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "HID\VID_1BCF&PID_05E3&COL02\1&2D595CA7&0&0001" "C:\Windows\INF\oem4.inf" "oem4.inf:bcec1b19d8f58feb:HIDUAS_Inst:1.0.0.0:hid\vid_1bcf&pid_05e3&col02," "458dbf7d3" "0000000000000158"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
148B
MD5ffb0bbd1166100b72cc3823baa152b2f
SHA1dab9d0aee5ab7f2995feeacdbc6bf7710a372f0f
SHA256f107b57123cb427fce8d635f19e63483819d48876adf9ddc05174af80cce4229
SHA512dabe236a5df5f7d62dc8df9d8c8faf6ef27db96c43caf61d13aba5e9e9f82a5f9aa5e1fa92d239580da7e62356991c6e76f9884c66380f0e53cac68a89658fec
-
Filesize
3KB
MD5ac2a7db4b61118498e6d74e302335c2b
SHA185da16e595b994cd6e3cdcedc2ae2e5068a5640e
SHA25620ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0
SHA51225b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0
-
Filesize
87KB
MD541ba1bbdd9284e49701ee94a3f446c33
SHA16d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99
SHA256c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4
SHA512dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45
-
Filesize
87KB
MD541ba1bbdd9284e49701ee94a3f446c33
SHA16d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99
SHA256c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4
SHA512dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45
-
Filesize
87KB
MD541ba1bbdd9284e49701ee94a3f446c33
SHA16d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99
SHA256c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4
SHA512dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45
-
Filesize
316KB
MD50bc49d08a8c68225851da36cbf08a240
SHA1c508d74586eabe55b9d57288b075451836ea37a3
SHA256e4a94ef90f832cf05b84eb5a8970478b9c5d4a3aa1fa2c60f783887d6c6576a2
SHA5123baad58d47c37b0fa69a0294f2a2e6729e4e00fbf716ab7a8a9a82f2cdf58f59daf4093d4e53555d73f4031ab93517e5adf3fd4c175b2cefed0f77919445ab98
-
Filesize
316KB
MD50bc49d08a8c68225851da36cbf08a240
SHA1c508d74586eabe55b9d57288b075451836ea37a3
SHA256e4a94ef90f832cf05b84eb5a8970478b9c5d4a3aa1fa2c60f783887d6c6576a2
SHA5123baad58d47c37b0fa69a0294f2a2e6729e4e00fbf716ab7a8a9a82f2cdf58f59daf4093d4e53555d73f4031ab93517e5adf3fd4c175b2cefed0f77919445ab98
-
Filesize
316KB
MD50bc49d08a8c68225851da36cbf08a240
SHA1c508d74586eabe55b9d57288b075451836ea37a3
SHA256e4a94ef90f832cf05b84eb5a8970478b9c5d4a3aa1fa2c60f783887d6c6576a2
SHA5123baad58d47c37b0fa69a0294f2a2e6729e4e00fbf716ab7a8a9a82f2cdf58f59daf4093d4e53555d73f4031ab93517e5adf3fd4c175b2cefed0f77919445ab98
-
Filesize
8KB
MD569d398d45035ea070ad1d950947b8258
SHA1f389482e8f547f08f6637005cb0312ab1c94a9cb
SHA256f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097
SHA5126186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be
-
Filesize
11KB
MD515be41abe19a4c66d9e94ff5afee1822
SHA1e47dca6ade9843a5ee6d6f100d12bcc06bee5f06
SHA256da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb
SHA512dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41
-
Filesize
3KB
MD5ac2a7db4b61118498e6d74e302335c2b
SHA185da16e595b994cd6e3cdcedc2ae2e5068a5640e
SHA25620ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0
SHA51225b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0
-
Filesize
3KB
MD5ac2a7db4b61118498e6d74e302335c2b
SHA185da16e595b994cd6e3cdcedc2ae2e5068a5640e
SHA25620ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0
SHA51225b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0
-
Filesize
8KB
MD569d398d45035ea070ad1d950947b8258
SHA1f389482e8f547f08f6637005cb0312ab1c94a9cb
SHA256f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097
SHA5126186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be
-
Filesize
7KB
MD53eb7619b8440e9a003c4a5a9b8acde33
SHA15c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f
SHA256784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0
SHA512eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5
-
Filesize
2KB
MD5c96843464c7474150b481cb5f0075c22
SHA19fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5
SHA256006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40
SHA512303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4
-
Filesize
2KB
MD5c96843464c7474150b481cb5f0075c22
SHA19fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5
SHA256006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40
SHA512303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4
-
Filesize
3KB
MD5ac2a7db4b61118498e6d74e302335c2b
SHA185da16e595b994cd6e3cdcedc2ae2e5068a5640e
SHA25620ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0
SHA51225b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0
-
Filesize
2KB
MD5c96843464c7474150b481cb5f0075c22
SHA19fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5
SHA256006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40
SHA512303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4
-
Filesize
148KB
MD5ad949d73d20e4f9ec61d1af7f76b203a
SHA135a697f15a4b96411ffd72186b4a10512b0be54d
SHA2562bb30a8428469306131c73a97b3f739c4a47cd9137edcc7bd46a210e3e407348
SHA5124a7f481575c54d2deb5562dd4b46e7e1a194d7d467665e1a71a6af06b9ab460acf0e19b8234861ba9bd611c2715edc022355a30b372383402e76bd1c1e0b7946
-
Filesize
11KB
MD515be41abe19a4c66d9e94ff5afee1822
SHA1e47dca6ade9843a5ee6d6f100d12bcc06bee5f06
SHA256da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb
SHA512dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41
-
Filesize
7KB
MD53eb7619b8440e9a003c4a5a9b8acde33
SHA15c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f
SHA256784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0
SHA512eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5
-
Filesize
3KB
MD5ac2a7db4b61118498e6d74e302335c2b
SHA185da16e595b994cd6e3cdcedc2ae2e5068a5640e
SHA25620ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0
SHA51225b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0
-
Filesize
2KB
MD5c96843464c7474150b481cb5f0075c22
SHA19fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5
SHA256006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40
SHA512303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4
-
Filesize
7KB
MD53eb7619b8440e9a003c4a5a9b8acde33
SHA15c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f
SHA256784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0
SHA512eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5
-
Filesize
8KB
MD569d398d45035ea070ad1d950947b8258
SHA1f389482e8f547f08f6637005cb0312ab1c94a9cb
SHA256f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097
SHA5126186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be
-
Filesize
11KB
MD515be41abe19a4c66d9e94ff5afee1822
SHA1e47dca6ade9843a5ee6d6f100d12bcc06bee5f06
SHA256da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb
SHA512dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41
-
Filesize
11KB
MD515be41abe19a4c66d9e94ff5afee1822
SHA1e47dca6ade9843a5ee6d6f100d12bcc06bee5f06
SHA256da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb
SHA512dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41
-
Filesize
7KB
MD53eb7619b8440e9a003c4a5a9b8acde33
SHA15c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f
SHA256784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0
SHA512eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5
-
Filesize
8KB
MD569d398d45035ea070ad1d950947b8258
SHA1f389482e8f547f08f6637005cb0312ab1c94a9cb
SHA256f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097
SHA5126186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be
-
Filesize
2KB
MD5c96843464c7474150b481cb5f0075c22
SHA19fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5
SHA256006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40
SHA512303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
320KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB