Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
201s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 14:56
General
-
Target
773ad14bd9e7e2fbb5f76cf6ebfc8224.exe
-
Size
746KB
-
MD5
773ad14bd9e7e2fbb5f76cf6ebfc8224
-
SHA1
e809f9bff7b24ae387475381cd06b5d73516327f
-
SHA256
49d45a60bc679dd8205b6653bb9e36b20904ed76c2ff245b7204b668e5952663
-
SHA512
523921f6e6357276b998fdbba97b405629bf8138eeaa98c0e482c39ee9817220db6eeba93a6acaee99d6980968464cf635147cfc472ed8bb1689bb702c3199c6
-
SSDEEP
12288:uYd+DN2QzXqUgYVhLLNO931vK1ifzNvZA4VVvHd+Lck5BLZrtDp/HeEikYL6DZj1:LIEQzXXLLq3RMEvpHkLd5ZZNp/H9izWP
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 30 IoCs
-
Loads dropped DLL 20 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 35 IoCs
-
Drops file in System32 directory 13 IoCs
-
Suspicious use of SetThreadContext 22 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 11 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exe"C:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exeC:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exeC:\Users\Admin\AppData\Local\Temp\773ad14bd9e7e2fbb5f76cf6ebfc8224.exe3⤵
- Modifies Installed Components in the registry
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe4⤵
- Deletes itself
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe4⤵
- Modifies Installed Components in the registry
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\system32\Google Chrome\Google.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\SysWOW64\Google Chrome\Google.exe"C:\Windows\SysWOW64\Google Chrome\Google.exe"7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exesvchost.exe8⤵
-
-
-
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
746KB
MD556340cd04defaa4856f35103d6d74c8b
SHA16eeba342ba1bc0f6b8ad068c82292dfffc0a8416
SHA256f120f4e2dd708e5a08566773344d7c89a476ae87be76627ec8e9f8b4e8fe93f7
SHA5124603e45fe8d619094ef0a2ff26f00c67216ef23527b00786f8412450c006b4d5fa51724eab1941f20aecd61deb8bbe696e276d8df17ce323d323bb5f74b606f3
-
Filesize
746KB
MD5ccad4d183ad673d2bdf722545a8793bd
SHA192afb0771c36dcab6c59abf915f9bb0aa720fd4c
SHA25670bdb7df57d4bd48443a2af73a20b65ae4759d97a218a92109afe20565de7e34
SHA5120577fd7ef53f209bf3ce791c97e79b23101dfa9864f7e85844ffd6e50a41a4e92c330e070cf3a1101126bd3a447881ab789624077130d4689045aa7e60b2a8ca
-
Filesize
746KB
MD5773ad14bd9e7e2fbb5f76cf6ebfc8224
SHA1e809f9bff7b24ae387475381cd06b5d73516327f
SHA25649d45a60bc679dd8205b6653bb9e36b20904ed76c2ff245b7204b668e5952663
SHA512523921f6e6357276b998fdbba97b405629bf8138eeaa98c0e482c39ee9817220db6eeba93a6acaee99d6980968464cf635147cfc472ed8bb1689bb702c3199c6
-
Filesize
448KB
MD55fd90e2b4ad4ecb972a89d2092b21a04
SHA1ea530f94bfa270b933c5ba6d43ac34b66b52b7e6
SHA256c175ad62847e09a6341d104e8802a172e16f9f6578aa9fec457d0164271dfbec
SHA51288cefa6a20ac2e57b3ca3677428a1273144d60e190285d9d61f814bd0e4a9a5c1c985d3e2f5f36526e523b604bfb1a095c7da45fd79baa65614be3bdced579d3
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
3.1MB
-
Filesize
767KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
3.1MB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
3.1MB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
3.1MB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
3.1MB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
3.1MB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
767KB
-
Filesize
768KB
-
Filesize
767KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
4KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
768KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
767KB
-
Filesize
767KB
-
Filesize
3.1MB
-
Filesize
3.1MB