Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 07:08 UTC
General
-
Target
5b906587a5be3427f67fbebf8c52743a.exe
-
Size
767KB
-
MD5
5b906587a5be3427f67fbebf8c52743a
-
SHA1
e0b09a152493c18a19442847189eb05652318654
-
SHA256
856e717d098a404466029967ca61644b48495599464d98a9b9b93ef5013fda9d
-
SHA512
5f9d47bee9f25b0dd3aa632d49b043acd5ad922b586daacbe9aaab5d5945b0acc9bcc0d0991ee2c5c4fe95a983c5f376079c579b39c3644c14d45c689d91e89f
-
SSDEEP
12288:IWDLGQ5voSnS2cKiU/kXXZEDQBFmNO1leA4LuUyr/wuZyc200rkWiyayfak2+g:BLGQ5vlnSCiUsnZcQFe5JyrYqEqrfP
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 11 IoCs
-
UPX packed file 18 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 40 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b906587a5be3427f67fbebf8c52743a.exe"C:\Users\Admin\AppData\Local\Temp\5b906587a5be3427f67fbebf8c52743a.exe"1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\csrss.exe"C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\csrss.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\hex.exe"C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\hex.exe" "mIRC DB" /hide3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
Network
-
DNSsv1.casti-team.comRemote address:8.8.8.8:53Requestsv1.casti-team.comIN AResponse -
DNSsv1.casti-team.comRemote address:8.8.8.8:53Requestsv1.casti-team.comIN A
-
DNSsv1.harceaparcea.orgRemote address:8.8.8.8:53Requestsv1.harceaparcea.orgIN AResponse
-
DNScasti20.hopto.orgRemote address:8.8.8.8:53Requestcasti20.hopto.orgIN AResponse
-
DNScasti21.hopto.orgRemote address:8.8.8.8:53Requestcasti21.hopto.orgIN AResponse
-
DNSsv2.harceaparcea.orgRemote address:8.8.8.8:53Requestsv2.harceaparcea.orgIN AResponse
-
DNSsv2.harceaparcea.orgRemote address:8.8.8.8:53Requestsv2.harceaparcea.orgIN A
-
DNSsv2.casti-team.comRemote address:8.8.8.8:53Requestsv2.casti-team.comIN AResponse
-
195.47.220.2:6666 -
195.47.220.2:6666
-
195.47.220.2:6666
-
194.109.20.90:6665 -
194.109.20.90:6667
-
194.109.20.90:6663
-
195.144.12.5:7000 -
195.144.12.5:6668
-
195.144.12.5:7000
-
161.53.178.240:6667 -
161.53.178.240:6667
-
161.53.178.240:6667
-
195.68.221.221:7000 -
195.68.221.221:6663
-
195.68.221.221:6663
-
193.109.122.67:6667
-
193.109.122.67:6667
-
193.109.122.67:6668
-
64.161.255.201:6667
-
64.161.255.201:6667
-
64.161.255.201:7000
-
8.8.8.8:53sv1.casti-team.comdns
DNS Request
sv1.casti-team.com
DNS Request
sv1.casti-team.com
-
8.8.8.8:53sv1.harceaparcea.orgdns
DNS Request
sv1.harceaparcea.org
-
8.8.8.8:53casti20.hopto.orgdns
DNS Request
casti20.hopto.org
-
8.8.8.8:53casti21.hopto.orgdns
DNS Request
casti21.hopto.org
-
8.8.8.8:53sv2.harceaparcea.orgdns
DNS Request
sv2.harceaparcea.org
DNS Request
sv2.harceaparcea.org
-
8.8.8.8:53sv2.casti-team.comdns
DNS Request
sv2.casti-team.com
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11B
MD52218df9cdffc814a3dc25c81dd8619dd
SHA10290f796218937f61331adc8803788e7cd4c2299
SHA256455831b583cfa9549746bcd296a60f5191d2eff7829d469e029b68768c5e56d1
SHA5127aa4c745dfce7b2c38c4930e8275885727a19480597f685f89ab0e536175c31a2d5ee61cfd84b483f73eb211970a1a4fefcc59d8ef97b9af7bf09b7dcf932efa
-
Filesize
42B
MD5ebd168066eaee15a37a50388364c6232
SHA1b8329223ca54729cbf768c652e1d1b7c0618c95d
SHA256fbdd704fd9ee031d53bf9d6f31a502d5da30e96af89193c7f5ca29aa17a61b2a
SHA51287e3e80b08b4e5e2c2bab762dfc7b730c0972cba4fb3085b70dd49fe8bbd25374f37505477f2e29e45082405cda7ac6cee1de4e4ea0bd77c282274a297bf0910
-
Filesize
61B
MD5f5d1a3af67f05f5af2b0fca009887a97
SHA1bddaa45a9849524c4648fb778b7e0601d35ecbed
SHA256d846844887cfecb6cfbf1fa51dd2380cd203b21d154e1938df15567c256f97a5
SHA51221d84f8fb1cc2c3abda0452704f45e3c79092b33e7bb3a5fdc3973cacc53014681ba7977df60818f0375353fdac4e58977048c4db275c1c689f6ed4aef2a3496
-
Filesize
33KB
MD500b41a87e536de8908af134692ceadf6
SHA10fca1c072a39e3c9b8b7e0efd1a18528fa52671f
SHA256825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434
SHA512a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb
-
Filesize
3KB
MD575fe3ee0f690a65809a87249c1942a8a
SHA1dbe5e5fc5a6edefaf7606eb5151a53d87f89c708
SHA256b31c6b1a5082b58d3354ff04e309902e3242991d66df4601bd816d5884baf17b
SHA5126da7ea44aab097fbd0a8f6b2eb923c5d2862ec8146ca8585d77ff5fab5b44df9a3ee7be43d9745a7404170cea8d94c78760d130b0c4f83d9bec5f2f2cc2abc28
-
Filesize
3KB
MD59bb64071826001fdce159ce9fd967b3c
SHA128ae48b1efc5510b561672de77fc0191a56f0f4f
SHA256a24e8c73fb8b82ad65a5de97f0eaaf284e1e6d4bae0a2cce5fe3d7cd1d5f4656
SHA5126c50a11c1867ea9e349004a93bb2e9bec5e59bd426808254a139ca9eec1e7cdbceb5c8751b471d4beb3ec05f4deed1da7180d00b2f072dab7b9e589f5b8d1f37
-
Filesize
3KB
MD570f9049e721e9bbcbe2ca0c75f089ee8
SHA165ccfdd649905d6ed6726dc67e1141945ced0057
SHA256a045136393c82afbbdc1eaf9ce3855fda53972c65f0ad0506405399b5cf37e52
SHA512f3d4d0c2af4e3af71618e740e4e433221a14cc20b6d873562e42b0d0b97a857c18501ca269d158536a1371d177758a8ebfbc346a3f160a17512588123c0e4473
-
Filesize
3KB
MD5776911e8f3c479ed2dcabea12d98de5b
SHA1fb75a003c60195df6cae9cbc4d87d2712d48ca10
SHA2567db34a547e5e90212a3954ca50a412b7310e6cef2870813f164ff98190e3fc28
SHA512e68ee868078c39c7aa6ac0cab90c1e0e40bf7a6b53c7d4edac2cb091fce4eb9fcbef530d024e3c5e0abc04782c16da4fd48e068dbbb1d7ce70edd76f9ff09560
-
Filesize
3KB
MD5d0e3dc1f63d55ee3a769bc2d1f4b3cc6
SHA15463b8f6b4d535e87142ca45d462865808d3eb4a
SHA256d7e358402bc1ff3446950167958d4a94a3426414745ef798a7aca43654b7f25d
SHA51271e175e31192f56cfee289895d14453851924cd61f24d1dc041b92adf62b304da720b08c00f49198f0b2bacc29f44971ef9d1c28ebf11a36ff73e683296a50da
-
Filesize
3KB
MD5fab6ed7ec490f110a5de526ba3d539b0
SHA1598c15a1d73c2b4c74f941a51c17c9255d54a962
SHA25631b95a152638e2de01a196aedb5e320bf098afab7ac9166fe7abc1615c976959
SHA512b2b9da2ab62459c0c56d4beef2cfb7361096d310b027533f3eea2a4300cf0171b6e860fd3e8548bc67a3c421b3bac8f153f4995e972a7e03a949288834d9691f
-
Filesize
3KB
MD511e5cb5018a5ab09464ed4cee8562979
SHA14d2c8d69fe4fee520b66a54df9f92caee4dfb8e8
SHA2563749c66f2a9c44a755b824eaa777e9ef23e86ddc00fb8f52a6a3e84a9773dfec
SHA512f906aa867521b135ea48eca52ba338850cf77d158e4131e87fcd3868cafc39934b1aba630a779b4d5b45ff51b0b9cec099f66b73e0a884056f5bd3a52cc5e40a
-
Filesize
3KB
MD5af6cc69c2d2d654558e3202c1fedf8a9
SHA18c1caed7d1d2f4a54888058678bffbd27faba613
SHA2568db236d17cac11c94641bb87ffbebac12c813cfa2daf09d571aa8cc009ca0882
SHA51251e501cb33bedba3217b2aed54e6ca54531b983d99be05ecc9cd45954b6e8cd5d7cf7c83c0c2433174464861d8e6f30bb38299333ff80ed45d87e8640c7ac6c0
-
Filesize
3KB
MD5752b13a1dd169e9187eb4d1c1cf8ef1c
SHA1376ca17e39d2d6c02de9755f5783bae30c2dd4e7
SHA256cca7f582fd39579914a33128e812eca9d62222f0fbb7df4844c49ac62c60f2b2
SHA512aa89e65e343ee13e85311b9de93cc3dcd629e22dac9edd95fa72e8ce6282ca5b168fa4cdee2f7b10282962c9402a4e67398de9940497628e569d5654313502c5
-
Filesize
3KB
MD596a023a37c5053f84474124fc8eb6b7e
SHA1c87f741549a527dd514e32ec38878dcc83f3bbcc
SHA2561dc24bd7e569ef096fed7f122b3c924f5fd8bea4d06ddc3c259db8ad8e26077a
SHA5122cba19538ea039821d266e86d00000729e4300488bcb2a7bec4c164f3ec97e8b145b7b57d9e4f0d37173b80d972f5b9184f12142c9b497a3b0b0d5f9d009d44d
-
Filesize
2KB
MD56a2ce79d28b432c2b4909926649ecb1c
SHA18787c5393711d2222e172f7c8886c8344e098843
SHA256bcf7180410ba287dfb2ce61fc8455b7dd935892c9f7d18f300f6f431b25f62c5
SHA512e6f8fb1d296e05705cfd75a720a3445e66ef993f9e1fbd3fda16275de50e64cdf454b390bc0aa8c5e2db995693cd8147291769f64eba13c08116215aed608873
-
Filesize
2KB
MD548ae0659005835ecca6ff6e4f317521e
SHA18887713c19f744cbb1c4ec06aca1c47d7e0c95f8
SHA2569bc1a950e92792a975ff25539d85fef285657cc988e9229ec47d5f244f7cc53f
SHA5127147f983ce2d688628b868dabf6d8de0e592bec79ee56414cc08c41f1ecf5aa75361901330a0ecc3349b65815cdc350102c5fba2ec87b0f655ddfd4b90885889
-
Filesize
16KB
MD5c571bca31ae93710f4e9d7f53f63ff42
SHA158606888034131d8cb1faf7c182450ca019cd70b
SHA256bd3f67757e75ff5120bbb13139cd4c873a41d6e9a9292fc8d576a3a6e9160f25
SHA5129aaf1d2c43a7138ff444408d64910e9f6e8dcba3b815faea70dad0a89057abbb76d25cac61f0b1ceff27dfe708183d631680bf922e1899df56f2fe5c43f54d71
-
Filesize
1KB
MD51d29e51b879b0461ead2dca830c92125
SHA19c15972479dd55bfc7635f032a629fdaa6280dba
SHA256e3df538a425b2b75479615c049f79db1facb475cb1745d04d7a58510694d06f5
SHA512fa31bd971178794c2cab5c999111d6179699d6a40a8d7c4554dce233270ef0f8ea5cc46837aa3bb154b104a355728c9c27c932265ae2ad027430b67fb1feaa6e
-
Filesize
353B
MD50e7428e05c5b7e7e503ab74abd34bca8
SHA1488b4b656ca04ffa43d5947aec434d4355aef3b7
SHA25685aa176c46a06782a8328d37f9a90d39852d5c998c404b57a9c2e9374600244a
SHA5128b160566d196eec86c2211de5d8817def61b2b3e7151f8c1fda3a8b67a2ef768df91f43f861f8c2ce27dc85a7ffb1fe96390da540ef3bad770366ea25fc1ed33
-
Filesize
592KB
MD590285a5088ce2fa0d125633d48e37de0
SHA118910f618319ba8119f4b437356e894e9816f12a
SHA256e8c923dde7dc35d8b4cabf4c2aecc4a22c23351c241849c9fcd6bc26b9bdc620
SHA5126a954e1e03d11ec4966757e2687bd65c30ef11672a0e844eedbb65b5cd399c400d5632dc413623e9f9d89269cc87443c24ba923c97d849b476c00b4a2dc95dbe
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
64KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
124KB