Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
250s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 08:24
General
-
Target
5f9127245473fbfdab735869bce40d88.exe
-
Size
484KB
-
MD5
5f9127245473fbfdab735869bce40d88
-
SHA1
4960afd3e5e88ec967973248b93b97a4743fa5d1
-
SHA256
9bff283edf384a62a8aab5d2827b1c8fd4514746fc7f2c3ce688a34b419a1a86
-
SHA512
4299e96e65b96b78bb84896c84fadcf321c7afff31b926988ca2ea0478f61724f015ac583b5a19bab6d3f3ae35a56cf31749478cb13ae8e5011e35438046f4b1
-
SSDEEP
12288:hoUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:R92ILECd0R15XZS3QafpDNUQ
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 6 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 32 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f9127245473fbfdab735869bce40d88.exe"C:\Users\Admin\AppData\Local\Temp\5f9127245473fbfdab735869bce40d88.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\LB9c4j3K.exeC:\Users\Admin\LB9c4j3K.exe2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\tmyah.exe"C:\Users\Admin\tmyah.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del LB9c4j3K.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\bshost.exeC:\Users\Admin\bshost.exe2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
-
-
C:\Users\Admin\aahost.exeC:\Users\Admin\aahost.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
-
C:\Users\Admin\dyhost.exeC:\Users\Admin\dyhost.exe2⤵
-
-
C:\Users\Admin\ekhost.exeC:\Users\Admin\ekhost.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 5f9127245473fbfdab735869bce40d88.exe2⤵
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 881⤵
- Program crash
-
C:\Users\Admin\aahost.exe"C:\Users\Admin\aahost.exe"1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212KB
MD5fa0eb2a8b561ea9afc6a51709ff0d7de
SHA14ef5265f5b5bb1a4857e7668f132405c799da155
SHA25699ecfb1bb7cdb1e8dd609e60b10d5346b90284172c854b6234631212dd501c4f
SHA5120e8b194cb0e65429b84ac32a0fa131d072f7f425804df192d7a90a7ec6eb7ce9991716ce5a9ca3bcd106181076832d5fa7d6f9cbe67fc80a427ef7980beb75c6
-
Filesize
117KB
MD543c99bf67c48176c701760893002746d
SHA13cbf102673509ae5aed066b9b49a568b750a2059
SHA2561022c33a5f3478958108383dd20e5780be769d902c629453e744bb174d893415
SHA512bfcc1c5d960aecc83bdc00dee998934d971a72880dd36a3627b1bc5a7054b473ac389e86f1df724b3a25a068d5fc80c2c60c8f98cf5aaef660a706eb2f8481da
-
Filesize
66KB
MD56f52665ef2bbf83d9edfe33a7e80e3bd
SHA1dcf3e3a5fbc8bfae41509280e4bca5d970da1402
SHA2565b0fb1cb095dde151e5ae940cf05d85b2a92e365a989d37aad3c0652b0d7d15a
SHA5121425480f9c8039b072c007160426cab8251e395037f54fb296f0a1595111468439d8069071c075d4339aa9576d19560d6c42efa809d61a9183985637cc692776
-
Filesize
111KB
MD5d91d589ed30573f2c6daf62210dbec2e
SHA15a1497383492f81b7f3292169b344c6c34407156
SHA2567714ecadf1892fae24b6455677b84d3e498609f2ea9abe7c7e2ff0c0bd175228
SHA51213b45867acd40a8511a90ce9a9d796dd34411709dd58aaeb6b716fe0ac88a64c485506c1879c0af0b13c7a9ea67431edbf07503667f3d3361611d445a5dc10e2
-
Filesize
72KB
MD534c327ee6ea75cc7d1aa11ac8d0ae4a5
SHA1513e6ad7d313a2d19835db8cbd7b0530f206f531
SHA256a2ada9917c23f9bae30a098ce24de9506b852cd2c6cb9351fdf29a369957c19c
SHA51277596f3b19f565afa572a8bc65f70539f67f7a8f04097f50707f37724afdec0dced47d67ae143700d57f75891fc40ec903ea96aa1a735b8e07a26074d7f9ad29
-
Filesize
169KB
MD56506e9979fba570a0dfb6e2ec2ec6ce9
SHA132cfb7305ee333442b2168a66e556986470ac209
SHA256ed32a9f59554de0540e191d35100ff5d155450c79223d24d24cf269ccc7108e3
SHA512b5472e322d6a4f897f6e506ea8e6bd54625e1ae3de018bd53e06bf9deee9d3d736912ab71bda8c51903a1172de92677e4f881173d00020b81bbd6e2bc64ae062
-
Filesize
100KB
MD577001fe4c2decf6b812ddb59323e3383
SHA162e01f48276dd781a88cd111b0e1bd92eea2bc3d
SHA256d78fd2b5c00029d04317f24ce623b467baf16af0271d97fe10586670605fa992
SHA512f5fd7960d4932266118bb8ac7f3fa9bc8e2ef4e8d44352504f46c820689400391e08c111eafb397b6ff6a8db31b8062a48c3bcc5e0b22f14b87ac7b0fa35c314
-
Filesize
45KB
MD56ec2109e262502d3b593097bae01ede3
SHA1cdc296a45d126e9269d5becefab8ec568aabdcd1
SHA2567c7621c1b8d555cbac9c9c4c719ad3f6e38b7ca74401ac974d2506872dc7db7e
SHA51243ed8b173bf4577b7cbcd60cba7a81f52ba7de4dd010940dcca80100cf09f7b16b2b44dbb9590825c84c222194f635c3d32edb8bdebe0ef98aaaeedeedf31e5f
-
Filesize
24KB
MD59fe0e5252dc24fc1788b0d8b26026807
SHA121e3063a0fac1157b9707861048c5f7fbd070ceb
SHA2569c99c968d969c2d5c1570c6066957d726bc19ffe9e0562242ce1bf79514c1b40
SHA512613f5c821dfcef8124ecb7c9b118cda14be4d72a26f1a21ffde81c4d8aae4f315740d66c298e5963b0647f0ecd9e2d63d9bbb8df4e0c731019896e7ac0391d5c
-
Filesize
180KB
MD55cca5c61a74c0997d39d25970c33df6e
SHA1ba6c0dfc6d47054ec53ed7fee2fa9d6803ffa7e8
SHA2565c1421955be8be5ad19b9eb1d8f211105b3361f40da13a9aef7d333006d3dc0c
SHA5126a4e65ec360a37a17b9e5d03bb660aec187946eb56ee7e5275407d37415ecdc9f913a8398f03e30b979a4bc37ccb63a3c18696a1de1a90ca1c58740452239eb4
-
Filesize
64KB
MD57726ddbbaadb2037c6f9f230d7733b5e
SHA1dc95c9a7cc2587f03169f3dabe8734f9e9bb20d9
SHA256565fe50437a5d4e079dc8633b11ca2027b1542c1654b540f4fc4b721fd412803
SHA5129678caff111607bdde694223dc2a60eba538140d464a57801b34a22555d5221c39d9c9ee89c641ec67a96f4db316f8f0fa9da1d39605a20ee783c3b7256469e3
-
Filesize
140KB
MD593ea44e078cb0477614729636866a84b
SHA1f9752413d48fd98a77cfce8fff04a7a0d72c26d8
SHA256c16c3df8b6b4187e04a6abb49a15eb02ccefdce86068960ab3afeb088bf4ba27
SHA512351bafb9dc5395a9cd1393b76cba405312a5d85a59e5b1c0e891c2de1343b2bc2765a40077e4155fbd9a5578db3be66ace35e27ff02cb32f813ba01db4fc1113
-
Filesize
61KB
MD564fbd1163670fe3dfad8b8435c46bfaa
SHA1f9d758e127cb46d72a425cd35945df14a34ba022
SHA256d714e8ea064f25b338c229370b4d92e62c5737a37f170ae21d289cd438514f94
SHA5121130ebc26312145cf08831545cd202088651cc3ca5a38eb83ebb317300eb80affbdc667a10e49b0be4c4c029404942f34be67b2c0f5bc8966726dcbe5d5894a6
-
Filesize
126KB
MD564e55902803895f34bd14c056584f8b3
SHA16f4ce71c950f8f853a04983d34890c35c5ce61dc
SHA25668abee57ca070d8284e3428528becd2e601fcf2201c59969f785e7c11512899e
SHA5129651c898bda0a0b84af6a75a05a89e5be6607b3d998ee27630247feeeb073a3936ba74b4bc5ddb2b8c28014061c4c39eb7b81da6926fbac9d61e2db9f83fe096
-
Filesize
139KB
MD50998db688987c8e70da30668fe36b531
SHA1f55f3a4be69782f06d89e61b738beb4078dda8ad
SHA2568f723cfa8232de543b83a513fc328ed109f85820e64e52fc613aee8407dd92f0
SHA5129a9eddb1e61896081c7168f3bbb34e8cc8245fc9133be58fbb43a35a192c1ff151ead53d13d1bc2ee3304f4a41ed88750b1677abbdf1972d2cdfdcaf238068d0
-
Filesize
33KB
MD53c848d71d0515218cb9ae7ae5944b282
SHA1d6c166451adb34e064790a50de8f3fd61f8a208a
SHA256882bd48cf8f4767a986f66d0b523d71977f477dd643f41b68850ba3440f22d84
SHA512693a89063bc6e1047c3ca77f587aa3b011f83f6a23a6a59761c42cb45ec65e52032b271ed1cea432199c6e7e8e06cbdee080e08d8b3d5e4f9f9927aca25d0c9f
-
Filesize
117KB
MD5b462acf9b519bdb453e704c38eb732b1
SHA11d7ad9ac72b4a22d8ab44ed4320a028aff07e92d
SHA256858772b731d59129655cb35e80329108b5f6717466eec1ccc31857a6e60b8f0b
SHA512233edc59b7d9361fce72c2c7001ed2a1712fb6f27883f03b8651b5f3979b5bf4128a34fcfb70d13594206ae972826a5c8ac7207148e8edf4a46310db7dcc15d4
-
Filesize
90KB
MD5bbaf50924e051d3ac266cad37812cfb7
SHA1215b8621d0583b7023e900edc2c784d408e8a457
SHA2564957fcbbdb4ba477d9006db648f14a6388d9c0b54ab92ec1703e30d927c67222
SHA5123d6024bdeb28c72dabfca73d2e112ae8706f8526e1a64398c01bad4e3fa13790f5eeea9f7725292c6389ccd7606e4f3eb4eeb5be44381928ddfc5fd87a40a372
-
Filesize
76KB
MD557f29310a3fabf2ff1c4558aa293fdac
SHA1518a729c1882e78364353e08674755d2a09157ca
SHA256383886125ad6c6539c3b9fdb0e4390a0e95fca2eb61a631f1e614a51f96f9000
SHA512505b27288718030d0c0b84a2531246c36e179976c9452128bc16738402b5888d766b887c9329a5f66dfa7fed91f43a053474572f9f0681ae0367aeb50f3ab0ef
-
Filesize
64KB
MD55adce3de0be504f78f740e3afea3ad27
SHA1b6fad3091d3108646d0f4ec5bf7f2e171c5c6933
SHA2568210e6d025f08998f59ecb9f185871cb0a126615b4f42d5e2fb5d598367d3050
SHA5121d160fff97b24cdd7e0a1168a7b1edeb0e5387942a67cb450e2a3a85f814eeeb84fb35f0f7ea1bcdd185e711f1c88cf78e89ea66c8e3355d6e20bc36fa8e6a5d
-
Filesize
88KB
MD5747a4326df8f926c58d09de9bd135c9e
SHA1202a9123a7ed7898bea566123c9b8dab8aacee41
SHA25632830f74c99397449604bd8f5502bd931303041bef01d412a9812f72b48cd8c7
SHA5123b83179230221eab7e37fa452947d54432c30ceddecd0f269e993b492e9b7ee0115ee0b6b05c10f02d44c098e1d168bc2e352477166f74f5692d248d26ae3113
-
Filesize
48KB
MD5d46eb4bf816ed9978636de7955245323
SHA1c474df60a83302e0d010d11dcebd7cdb3cc22866
SHA2562ae9b936feeade89c9074c379efedd21d15a1cf247207afe5381f437e41ca4bd
SHA512e46a604a96345b1b6800cb22c8c870dfa62dbdd8bd5b6ff43ddce9b080d1af180db498dad23561c0116b4dadbc44617b26840e67bc0afde01439e4c70632d7ef
-
Filesize
212KB
MD529d31418bbc19fb248f746617ede9386
SHA13726eb51fefb3fa09ff826457cc24104c7799313
SHA2562da765bfa6317da7b8baed7be1c56f3bced543cd819c2795e09aea8d3fa6cf5c
SHA512bc2b971ea4b4408090237effb487186dc96a8a2db8fb7a89a72bddd0f1ecadf7c1ce0ae5057b1fc71bccfbad636a945864f55300b23f39a75af808e87d1bd690
-
Filesize
102KB
MD5a3da9bf73b028363f69baeeb21422203
SHA1a56b47f9cd8e49e10b3c06e2eebd1f8cc9c666b7
SHA2563dc40e91055c1072a64f24a30fa2e2c75306e1e81e067d546f1db1e7c6769c50
SHA5122b51a033bb115f996dcf830bbe9b5a19784c5f34d4a4f090a1523a1133e7e564da5f87d1cfefab973fa4a05f85f843f303c0890ccc73d6d57fdf65c49880ade2
-
Filesize
53KB
MD54d7cde615a0f534bd5e359951829554b
SHA1c885d00d9000f2a5dbc78f6193a052b36f4fe968
SHA256414fdf9bdcae5136c1295d6d24740c50a484acd81f1f7d0fb5d5c138607cb80a
SHA51233d632f9fbb694440a1ca568c90518784278efd1dc9ee2b57028149d56ebe1f7346d5b59dcfafee2eeaa10091dda05f48958e909d6bfc891e037ae1cfbd048d4
-
Filesize
5KB
MD59d7ec1e355ac35cbe6991721ef5ae3b8
SHA1c35a00bd35c6e4a7516b93947be08ead966347e8
SHA25668a3cec42215323100398a8eb2cbb37da7d58fe0fa9c6312e954e0f50a95ca98
SHA512b7c4be28d8e179974672205a50e72fa1ec9e2e8170b3b8ee763e1751a3397c35afec7a72c88f0a79a8566749b2af1ff054660a96c3a6d6508c545d316a035dc0
-
Filesize
4KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
8KB
-
Filesize
56KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
248KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
4KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
248KB
-
Filesize
4KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
272KB
-
Filesize
248KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
10.7MB