Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
3Fastcopy 5...py.exe
windows7-x64
6Fastcopy 5...py.exe
windows10-2004-x64
6Fastcopy 5...11.dll
windows7-x64
1Fastcopy 5...11.dll
windows10-2004-x64
4Fastcopy 5...64.dll
windows7-x64
4Fastcopy 5...64.dll
windows10-2004-x64
4Fastcopy 5...t1.dll
windows7-x64
4Fastcopy 5...t1.dll
windows10-2004-x64
4Fastcopy 5...sh.exe
windows7-x64
1Fastcopy 5...sh.exe
windows10-2004-x64
1Fastcopy 5...py.chm
windows7-x64
1Fastcopy 5...py.chm
windows10-2004-x64
1Fastcopy 5...cn.chm
windows7-x64
1Fastcopy 5...cn.chm
windows10-2004-x64
1Fastcopy 5...cp.exe
windows7-x64
6Fastcopy 5...cp.exe
windows10-2004-x64
Fastcopy 5...0.appx
windows7-x64
Fastcopy 5...0.appx
windows10-2004-x64
Fastcopy 5...1.appx
windows7-x64
Fastcopy 5...1.appx
windows10-2004-x64
Fastcopy 5...2.appx
windows7-x64
Fastcopy 5...2.appx
windows10-2004-x64
Fastcopy 5...3.appx
windows7-x64
Fastcopy 5...3.appx
windows10-2004-x64
Fastcopy 5...up.exe
windows7-x64
1Fastcopy 5...up.exe
windows10-2004-x64
1Fastcopy 5...py.exe
windows7-x64
6Fastcopy 5...py.exe
windows10-2004-x64
6Fastcopy 5...11.dll
windows7-x64
1Fastcopy 5...11.dll
windows10-2004-x64
4Fastcopy 5...64.dll
windows7-x64
4Fastcopy 5...64.dll
windows10-2004-x64
4Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 12:50
Static task
static1
Behavioral task
behavioral1
Sample
Fastcopy 5.4.3/FastCopy/FastCopy.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
Fastcopy 5.4.3/FastCopy/FastCopy.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Fastcopy 5.4.3/FastCopy/FastEx11.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Fastcopy 5.4.3/FastCopy/FastEx11.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Fastcopy 5.4.3/FastCopy/FastEx64.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Fastcopy 5.4.3/FastCopy/FastEx64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Fastcopy 5.4.3/FastCopy/FastExt1.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Fastcopy 5.4.3/FastCopy/FastExt1.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Fastcopy 5.4.3/FastCopy/FcHash.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
Fastcopy 5.4.3/FastCopy/FcHash.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Fastcopy 5.4.3/FastCopy/doc/FastCopy.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
Fastcopy 5.4.3/FastCopy/doc/FastCopy.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Fastcopy 5.4.3/FastCopy/doc/FastCopy_cn.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
Fastcopy 5.4.3/FastCopy/doc/FastCopy_cn.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Fastcopy 5.4.3/FastCopy/fcp.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
Fastcopy 5.4.3/FastCopy/fcp.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy0.appx
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy0.appx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy1.appx
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy1.appx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy2.appx
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy2.appx
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy3.appx
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
Fastcopy 5.4.3/FastCopy/msix/fastcopy3.appx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Fastcopy 5.4.3/FastCopy/setup.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
Fastcopy 5.4.3/FastCopy/setup.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Fastcopy 5.4.3/FastCopy64/FastCopy.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
Fastcopy 5.4.3/FastCopy64/FastCopy.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Fastcopy 5.4.3/FastCopy64/FastEx11.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
Fastcopy 5.4.3/FastCopy64/FastEx11.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Fastcopy 5.4.3/FastCopy64/FastEx64.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
Fastcopy 5.4.3/FastCopy64/FastEx64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Fastcopy 5.4.3/FastCopy64/FastEx64.dll
-
Size
270KB
-
MD5
b5598e5ddf2f4ab3aec6fb6c84d3e280
-
SHA1
29fdce6fccbbdad5e1ea76deb7a0c33bf339e461
-
SHA256
f366436e1257def38eaecb08e607aadb630c8759cc43ccd1c262068ce6df1c08
-
SHA512
bfed9b788a4dc6aafb555e41f08e02ca6e02e71afbf6ae11aebaa643e535ce018959b2593931b93d3e4d565df66fdc23820a588c65df05792f638c60cc1595d3
-
SSDEEP
6144:s2n7m7fGtlqd5GNSwTa9gN9M2OazzxQ3O2:OGtlqYTa9sXOazN32
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Fastcopy 5.4.3\\FastCopy64\\FastEx64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 38 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\ = "FastCopy" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Fastcopy 5.4.3\\FastCopy64\\FastEx64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1