Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 04:28
General
-
Target
542125699bda1d6021af5ac4e6954ed2.exe
-
Size
16KB
-
MD5
542125699bda1d6021af5ac4e6954ed2
-
SHA1
ae486f186e3775920e092a095868f2f8ed3d59f8
-
SHA256
cfe15d2df1942fc342b5ff432385415b2986b0a1426aee36b1285b4d10d9867d
-
SHA512
bfd78f9dba3b4d7143bd316ec48f37ea9046f7a8f084dae077b799cb98826e38586b47a27233aa1c5caf70eef488123e7524017a21bf713d66a3f615c18ceacb
-
SSDEEP
384:Iy76FphlRGXtBYAeewY81XYMjpAp8lO3hcczrfZRI:WPDRktBYAwxju6lOnrfZ+
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 10 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 10 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 23 IoCs
-
Modifies registry class 18 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\542125699bda1d6021af5ac4e6954ed2.exe"C:\Users\Admin\AppData\Local\Temp\542125699bda1d6021af5ac4e6954ed2.exe"1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259409444.bat2⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259410131.bat3⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259410334.bat5⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259412564.bat6⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe6⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259414405.bat7⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe7⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259415560.bat8⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe8⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259418555.bat9⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe9⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259421581.bat10⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe10⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259431316.bat11⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe11⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259468335.bat12⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe12⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259502000.bat13⤵
-
-
C:\Windows\SysWOW64\stjxakin.exeC:\Windows\system32\stjxakin.exe13⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259543262.bat14⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259532420.bat12⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259498755.bat11⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259461752.bat10⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259455122.bat9⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259448008.bat8⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259446011.bat7⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259443687.bat6⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259442610.bat5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259440910.bat3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259448086.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259410209.bat1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
121B
MD509517fc62284f33e877a276463580bd1
SHA10b14fe1db4493818f9de0bf2a56ee5370b8d479a
SHA2566cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238
SHA5121b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d
-
Filesize
242B
MD58d3d0b11282ed7f1707c38bd28ac531f
SHA1aea382c85827e538a235ccccc86da2bad660f58c
SHA256c76899d4ce01e20d1a359f759cb3fd685ef732b76ce2838486182da5abcb26cc
SHA512d78cf15d7c4af99598b0151019e76b2d1a95056e6274d5e82f2bc276e6c31c8f64be0bbfa40c50102626c8e8e04c43a7e46f0ef2af0cfec02ad3d062e00eb2dd
-
Filesize
121B
MD5fbe040169fe8d8da373af471238e2139
SHA15bd0bb0f3da2df996354d666a2974cce7c790257
SHA25660cf091534f758a9c4514b4243fa1f31570187311cbabc136d9b5bfb1d71d0da
SHA512e342ebf3179f7f30527657868a663c2572ff2054adde49b2ff65f298a9188bece720d0f4cd696f8f255ec60cd3a51c66e8e09c2a62ad0e961198caae837ad569
-
Filesize
197B
MD5778aec69857727327591be9d4bb0b161
SHA15536f1db045eb982d8d2a3c10ae65bf522235c9a
SHA25674f778e3d9458e397db53b940eb26038029ea083c75c27285c05da52a3322d92
SHA51251d9f60b7839a63bf22c7b6f9671fb8fd1483bf85ab8396ef6f8535039afb0061497888f64f61585f34986d873f26f5842a0796839c1b511b9f201c250f935f3
-
Filesize
1KB
MD59c19410e8c397b363bd56a95c80fc8e9
SHA147636558fb5eba16f172c84bec44a86fefcc1f08
SHA2562bcd6f90c573d7bdbd7d4cf929267337a40c319c5e9c68b4acbb2dc3fba819fb
SHA512976670ab73ab66dfda687b1d0c92e308ed0afc2eb8ac7393910c90e61383498891f13869ae04ac3bb5a4d71e8a3b2a57d3375b3a726c1001554d267b1c7348c4
-
Filesize
1KB
MD584946dcbc1009b575361c86864c05f1f
SHA1122db35c2c18e16788a0af5d52d0d9a65d1157dd
SHA2567414d312341aaf8528c83ce7aad682fd64914e3906fb6d3772a515691be5221b
SHA5127f7f95c7678d2437ec969801dd253bc9c3797df26efa6d458ddae764865b04efe7181e3c1250414f88ec6d99b126f2fa3109397ba7cd58aee3776fd17182667f
-
Filesize
2KB
MD57601bdcf8e254cffb509e7ea05ceda68
SHA19c08720abf84b53bd67d60df25a3c8e31b34bd2d
SHA256f34de2a13c6040958880676fcf95652060e6805841d7a8e0549b9434a6e54b31
SHA51229ca7f142b74b37b2a5589164088f423b84337c5dee87be7bc8be0a6692d646a2d867c39fc5b4bd62dfbcaaf1196db26a39c3638395c7cb937fdebab33676a16
-
Filesize
2KB
MD5b9d9354290be26e3a2d4cc44e5c2662a
SHA1e4a08e23c816cac3bb1792fc64073673e675ca7b
SHA2566f5cd208d8a6ef3649b0995e195f53bfe03eb31b13efa61f701372c300e5fe1c
SHA5120d46eee985b4a4e7de4ddfc9c5cb233a66e7876928af0c93b95b2674056d4dfb3e03fa0f8d06a8b0108b037850f6867377592d3d3e079b33f74e817d93275fc5
-
Filesize
3KB
MD5126bf2bd81bd60cca8d26e7d39e4e05b
SHA1367fbc5925ef2b2bdf6c1e38d3bec7ee99429ba9
SHA2565d7c784b1f1c1a83b78a44bc87ff446585aad34c9b9575c8ce9629ef00b36dac
SHA512378de0d2273c8f19b46e162bd5d12f55d7ce5007407022c025aebcdd59ef360a52b92f70fbb2032dfc2bf79ae86503c7673696a4ddceecc54fc6b8f9c8511f4b
-
Filesize
3KB
MD516c21be145bed1e868738cf83b63f428
SHA16cf82cb1dbfbcb8170098f86a5669aa3926bb3d0
SHA256d593a0a0f4067c98151bc8b7a49bd8859fa6d9d8b061110689bebf4c03c784a5
SHA51277d95ed438941921ff0b0fe60d33ab3e47126e6750f2425c10aafb6c6d1eab27bfe2620a0bfc357ad26262886cdfae34f4e9efbbd30aa705e4b9ac2b2fb75b6a
-
Filesize
4KB
MD569a99134ede990b192f34dbd1a62df2d
SHA19d2714a600767721de0221d12dfda24a7c70a083
SHA25600f22ee5d42cc4fffced84d7d38ddd6b62f1ee193535448ac0d06a7633a677b3
SHA512cce156da8f4f88c7f0176c9438514031a849b57bbe532f993259189642d1cc598fc721777516be2383032d772e71b53e4dd0171f69d29f54d55a18d6bf717dd5
-
Filesize
4KB
MD5fae138adc26dcbd246d12c5e88d790a1
SHA176fe07148e774ae57fd48760bd951b9e5df34737
SHA25605a4ff0e59fea10b283ff3013c07bdba114050b845ca84377238b2f754ad1ece
SHA512c4eac1a7d848f13aecdae6c9c876f4b7aea2f77876c40ad072e027592af53d6bf109a1556ae8517f33beaf395b706a64c1546ef721b5b7774c09e5809fe7616e
-
Filesize
5KB
MD5561a97b7b991064a326c486d7423ab10
SHA113a0530164935e8ab4aa03b9d3408cd6ca694fd1
SHA2560d00eb39f787044e52a53f44e984198e29d638a869b93fc42c8018aa99d94aa0
SHA5125d3c76eb091642ede2fae188262536892843d30fffbf3e67b7890770e302ed62f524807acd835fb104933ae1befc35f0f375ec1eac3c5178e8087030ffd161b9
-
Filesize
5KB
MD51d230246b36043365992c1216e90aa82
SHA1d654eb34617c6b413569433c15022497fdf150c4
SHA256abff39eaa8982983204cc17f8c0089781b4db04c770f18499cb09b6dec17e229
SHA5122a49f75b32b0d700d8376a82638d4460936ffccd5b20b2724414ace028e14c913be3c82b64d0de0e28606e926f015291ef7b2445782671719832f538afd6fd52
-
Filesize
524KB
MD5a9fbf2fdb36b23407aaca4f78ca39094
SHA1678024c727517d112b8acec2cbbd9b55c30b6e29
SHA256567f162613f6258172d88231aed4db6402e93a80d9367b63b866040047c39a01
SHA5121e3ad3312e1412c85745bac2f0fc3364361ceae29a4a745f6a0f29d29f632b3392fbefa2f31ffc6a73b01d4135a3cac5d6aaf87c4453f52d22e27e9dc55276e6
-
Filesize
234KB
MD508b591c341872006fce34bf4133d7e93
SHA11dadcf903f477b7ba8474ca5532cecca2892bf25
SHA2566a91045b7cad2f29e51f04fb1818edbd88333f896ff009a65d3342ffd5ec90b1
SHA51290ab44bee5ed000be2188d927573cd94d1c1a22bbb032672f971f434234aab55a9104210d5a337d480a4421e50168669058e65413ce2a9b31f061fe2af740458
-
Filesize
16KB
MD5542125699bda1d6021af5ac4e6954ed2
SHA1ae486f186e3775920e092a095868f2f8ed3d59f8
SHA256cfe15d2df1942fc342b5ff432385415b2986b0a1426aee36b1285b4d10d9867d
SHA512bfd78f9dba3b4d7143bd316ec48f37ea9046f7a8f084dae077b799cb98826e38586b47a27233aa1c5caf70eef488123e7524017a21bf713d66a3f615c18ceacb
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB