Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 02:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5379be2782c997c07288897c9ca7a691.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
5379be2782c997c07288897c9ca7a691.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
5379be2782c997c07288897c9ca7a691.exe
-
Size
401KB
-
MD5
5379be2782c997c07288897c9ca7a691
-
SHA1
46d282856f8ff35e31f507152016daae3ba6c570
-
SHA256
f510d00b7e76acc0900dcfd9dce320bee26edbdb58f7ffcd9943bda235f576f2
-
SHA512
f3105aced092dd4dcc9812994c97d391ad9cddd7f170d5353f1ff234389901d128ed04563f695fd020c5608f80cd89a5b87d89e05074f7ff35c468c44813596d
-
SSDEEP
6144:NSbwHWwnIfqrbb1hq9UyqvwS4GclHuYS+12QyoISwMd7wvcY:cwrnIfqrQVGcRu612QyVSwM+P
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2788 5379be2782c997c07288897c9ca7a691.usa -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\UsaShohdi.asu 5379be2782c997c07288897c9ca7a691.exe File opened for modification C:\Windows\SysWOW64\UsaShohdi.asu 5379be2782c997c07288897c9ca7a691.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\7-Zip\7zFM.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaws.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\msoev.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\POWERPNT.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\7-Zip\7zG.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\GRAPH.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\protocolhandler.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\PPTICO.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jre-1.8\bin\javacpl.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\bin\javaws.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\bin\jconsole.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaw.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaws.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\bin\javaw.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\WORDICON.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javaws.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOSYNC.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\7-Zip\Uninstall.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javacpl.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.usa 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE 5379be2782c997c07288897c9ca7a691.exe File created \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.usa 5379be2782c997c07288897c9ca7a691.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msotd.usa 5379be2782c997c07288897c9ca7a691.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3864 wrote to memory of 2788 3864 5379be2782c997c07288897c9ca7a691.exe 15 PID 3864 wrote to memory of 2788 3864 5379be2782c997c07288897c9ca7a691.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\5379be2782c997c07288897c9ca7a691.exe"C:\Users\Admin\AppData\Local\Temp\5379be2782c997c07288897c9ca7a691.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3864 -
C:\Users\Admin\AppData\Local\Temp\5379be2782c997c07288897c9ca7a691.usaC:\Users\Admin\AppData\Local\Temp\5379be2782c997c07288897c9ca7a691.usa2⤵
- Executes dropped EXE
PID:2788
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41KB
MD591a893e44cb503769aebd44165708ca7
SHA18198724b6386952268bd796133f17e29a0991cb3
SHA256351f374fad14bd6ab816b84897168861c6f2931a12debb6860278ad616eef83d
SHA5128c82bcff7286e82fc1c5adc0de0c9dc9fe0c421101a2c7b1514e92716e1c95677a58811a406dc544cfdedb5294c57e6b93cc80f325ab764c9dd976bd64a69eca
-
Filesize
88KB
MD59b745f1621b76941c0a86c1dd5dc1658
SHA1e4d6a274b5cb7b5489f8cccf6f860073d2ddd130
SHA256ce2a7b6c51dfdf4cd3bb21a1d81d6bba33f0cfdca5e88242e9a1035aeec65e53
SHA512694b9ae357598e0686abba6bd4f2f09c42dbbad570b3844172320c1d40433cf5164a2f5dabb074ef1753bf55fe694d1b555d72b04851a5c3fcbba9d8a1aa07af