Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/12/2023, 23:04
General
-
Target
420c3fddb569a10e301d69dd05f1bd63.exe
-
Size
361KB
-
MD5
420c3fddb569a10e301d69dd05f1bd63
-
SHA1
39b84948f28695c2313822682e580c18803e2c9e
-
SHA256
7edf44694ea438f9f23a04f42f31adb7aadf2e887848a1f7e5c8b56bb04d3c7a
-
SHA512
0526f0dadaf16bf923d1d9ae38036537ccb0b5a7d79ae4942b255b0b2e8110ef436a5a1201673f9eb1e35bd733abd29cf1fe1924959f68442524634b6689b02d
-
SSDEEP
6144:CMflfAsiL4lIJjiJcbI03GBc3ucY5DCSjXJ:vflfAsiVGjSGecvX
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Gathers network information 2 TTPs 20 IoCs
Uses commandline utility to view network configuration.
-
Modifies Internet Explorer settings 1 TTPs 10 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\420c3fddb569a10e301d69dd05f1bd63.exe"C:\Users\Admin\AppData\Local\Temp\420c3fddb569a10e301d69dd05f1bd63.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17410 /prefetch:23⤵
-
-
-
C:\Temp\pjhbztrmjecwuomg.exeC:\Temp\pjhbztrmjecwuomg.exe run2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\wuomgeywro.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_wuomgeywro.exe ups_ins3⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\ljdbwtomge.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_ljdbwtomge.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\oigbytqljd.exe ups_run3⤵
-
C:\Temp\oigbytqljd.exeC:\Temp\oigbytqljd.exe ups_run4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_oigbytqljd.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\oigaysqlid.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_oigaysqlid.exe ups_ins3⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release4⤵
- Gathers network information
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\sqkidavsnl.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_sqkidavsnl.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\nkfdxvpnif.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_nkfdxvpnif.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\kfcxvpnhfz.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_kfcxvpnhfz.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\bzurmkecwu.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_bzurmkecwu.exe ups_ins3⤵
-
C:\Temp\i_nifaxsqkic.exeC:\Temp\i_nifaxsqkic.exe ups_ins4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\hbzurmjecw.exe ups_run3⤵
-
C:\Temp\kidavtnlfd.exeC:\Temp\kidavtnlfd.exe ups_run4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_hbzurmjecw.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\dbwtomgeyw.exe ups_run3⤵
-
C:\Temp\dbwtomgeyw.exeC:\Temp\dbwtomgeyw.exe ups_run4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_dbwtomgeyw.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\gbytrljdbv.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_gbytrljdbv.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\gaysqlidbv.exe ups_run3⤵
-
C:\Temp\gaysqlidbv.exeC:\Temp\gaysqlidbv.exe ups_run4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_gaysqlidbv.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\kidavtnlfd.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_kidavtnlfd.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\nifaxsqkic.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_nifaxsqkic.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\nhfzxspkic.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_nhfzxspkic.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\upkhcamkec.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_upkhcamkec.exe ups_ins3⤵
-
C:\Temp\i_upkhcamkec.exeC:\Temp\i_upkhcamkec.exe ups_ins4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\pjhbzurmke.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_pjhbzurmke.exe ups_ins3⤵
-
C:\Temp\i_pjhbzurmke.exeC:\Temp\i_pjhbzurmke.exe ups_ins4⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\pjhbzurmje.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_pjhbzurmje.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\ojgbztrlje.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_ojgbztrlje.exe ups_ins3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\qojgbztrlj.exe ups_run3⤵
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\Temp\i_qojgbztrlj.exe ups_ins3⤵
-
C:\Temp\i_qojgbztrlj.exeC:\Temp\i_qojgbztrlj.exe ups_ins4⤵
-
-
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release2⤵
- Gathers network information
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\wuomgeywro.exeC:\Temp\wuomgeywro.exe ups_run1⤵
-
C:\Temp\i_wuomgeywro.exeC:\Temp\i_wuomgeywro.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\ljdbwtomge.exeC:\Temp\ljdbwtomge.exe ups_run1⤵
-
C:\Temp\i_ljdbwtomge.exeC:\Temp\i_ljdbwtomge.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\i_oigbytqljd.exeC:\Temp\i_oigbytqljd.exe ups_ins1⤵
-
C:\Temp\oigaysqlid.exeC:\Temp\oigaysqlid.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\i_oigaysqlid.exeC:\Temp\i_oigaysqlid.exe ups_ins1⤵
-
C:\Temp\pjhbzurmke.exeC:\Temp\pjhbzurmke.exe ups_run2⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release3⤵
-
-
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\sqkidavsnl.exeC:\Temp\sqkidavsnl.exe ups_run1⤵
-
C:\Temp\i_sqkidavsnl.exeC:\Temp\i_sqkidavsnl.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\nkfdxvpnif.exeC:\Temp\nkfdxvpnif.exe ups_run1⤵
-
C:\Temp\i_nkfdxvpnif.exeC:\Temp\i_nkfdxvpnif.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\kfcxvpnhfz.exeC:\Temp\kfcxvpnhfz.exe ups_run1⤵
-
C:\Temp\i_kfcxvpnhfz.exeC:\Temp\i_kfcxvpnhfz.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\bzurmkecwu.exeC:\Temp\bzurmkecwu.exe ups_run1⤵
-
C:\Temp\i_bzurmkecwu.exeC:\Temp\i_bzurmkecwu.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\hbzurmjecw.exeC:\Temp\hbzurmjecw.exe ups_run1⤵
-
C:\Temp\i_hbzurmjecw.exeC:\Temp\i_hbzurmjecw.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\i_dbwtomgeyw.exeC:\Temp\i_dbwtomgeyw.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\gbytrljdbv.exeC:\Temp\gbytrljdbv.exe ups_run1⤵
-
C:\Temp\i_gbytrljdbv.exeC:\Temp\i_gbytrljdbv.exe ups_ins1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\i_gaysqlidbv.exeC:\Temp\i_gaysqlidbv.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\i_kidavtnlfd.exeC:\Temp\i_kidavtnlfd.exe ups_ins1⤵
-
C:\Temp\nifaxsqkic.exeC:\Temp\nifaxsqkic.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\nhfzxspkic.exeC:\Temp\nhfzxspkic.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\i_nhfzxspkic.exeC:\Temp\i_nhfzxspkic.exe ups_ins1⤵
-
C:\Temp\upkhcamkec.exeC:\Temp\upkhcamkec.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\pjhbzurmje.exeC:\Temp\pjhbzurmje.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\i_pjhbzurmje.exeC:\Temp\i_pjhbzurmje.exe ups_ins1⤵
-
C:\Temp\ojgbztrlje.exeC:\Temp\ojgbztrlje.exe ups_run1⤵
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release2⤵
-
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\Temp\i_ojgbztrlje.exeC:\Temp\i_ojgbztrlje.exe ups_ins1⤵
-
C:\windows\system32\ipconfig.exeC:\windows\system32\ipconfig.exe /release1⤵
- Gathers network information
-
C:\temp\CreateProcess.exeC:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release1⤵
-
C:\Temp\qojgbztrlj.exeC:\Temp\qojgbztrlj.exe ups_run1⤵