Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0301216591...37.exe

windows7-x64

7

0301216591...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0301216591b4517bd05fb027980d4437.exe

  • Size

    1.8MB

  • MD5

    0301216591b4517bd05fb027980d4437

  • SHA1

    36a8ff59be4ed5febd41ba18d6ebd8138f15bc66

  • SHA256

    4ff79d1fb0bd76e3e39033cf60e4900ca5ced496fd156253c7af95ff92927d55

  • SHA512

    294c7c14276fd21f989826024ac51a27fdce78f4be2b4c2e3ada043362b2d920da1d0a852d23b3ff915bce93447093904617d2c0a0656d62c30fd9c9426e1201

  • SSDEEP

    24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqd:SCqm2Jpr0nNM7Dus7NxY

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 24 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0301216591b4517bd05fb027980d4437.exe
    "C:\Users\Admin\AppData\Local\Temp\0301216591b4517bd05fb027980d4437.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7-zip32.dll
    Filesize

    1.2MB

    MD5

    29117eabb84ad1e70c72a5d5c95b1f02

    SHA1

    425ffb98e895021d9d036dddef1b289850d39f1d

    SHA256

    4d3233be3da49b5dfb85aba3d50c8484e209fe65de3939c4c78b51d07e576401

    SHA512

    a61b47874e2b97d5c7014459bd8679cc61ad1c26fc1a4fe4f74611d49ea45138ebb6c9ed54562559d164b22ca9d495cd03dfcb22da91a1a9a91da8f2a1f2246b

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    57KB

    MD5

    592ed26d1474b537e10de47e62c44714

    SHA1

    117761c11409b3d37f6ee5052d80a409e5859880

    SHA256

    b053bd2c47fd2a80817b61500c1882df912face0ce29491d327aafa8f13c09f2

    SHA512

    6ac699367813974953680a6d8ba1833d94e22d147b18b1a60e978923c796a5317d209cabc64e8cd82da9d8901990baa66b217d285594dacf23c0a7a18b8b5ba6

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    74KB

    MD5

    c525dfddbdd4ae21d0b5219b130c38d3

    SHA1

    b13281232a12004833479191770e068c8ce95b83

    SHA256

    7bb6c5e9496657b88a103030a0cb4ad4b1078d0c29e6a724f6ecd885d991c780

    SHA512

    e2a57aca6a407a160f5a66bb0b786872a0e7a36dcc7023a63ac9d5edd02b2c9a278a1370a03d2d5ad03a106f63b0eaed1b0da8e465e5ee67c4857c2d48209ea2

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    36KB

    MD5

    dbdddf79f458a7c60ae8909c2ee49a6b

    SHA1

    37c6376ccaa3bc4efc2dd4e57c22cd1aa69383d1

    SHA256

    b0987f5cd2e2e4554e7930726b8cd6bb6321823fbe097637c8f38bb0c7148ffb

    SHA512

    adafab5b2bae98824f3d7ee9f734a33d79b230ad6d4466a45ee7eb1e91bac1e0aec68b079e5a5a859065d427f8b826231dab1e5deda60ec6d257e8eedf6448b4

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    49KB

    MD5

    e2015960dba02eda428cc3a449a34f37

    SHA1

    dfd38281ac5b85f86f03a312ce47edf0c75a3b3a

    SHA256

    89a382db1cbb97265850e2cf3aec2de425bce7d6851fdada9e77b4b3971e456d

    SHA512

    8e4107e80e936399c9aa55c8fcf26a88364eb8ff4828d79081b916fa1ba60a5f7519c5c0e1135421e006946d985042c9e94c16c711a07f9bf23e1d27802deb87

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    81KB

    MD5

    ae258c7c6d5be9dd8e7a4be409c3a040

    SHA1

    4b59e55336f5d9e0b5e2df60a68c09fed2f91e20

    SHA256

    bdfb6e0d0cde47e4fa8303f28d8b70bebf7e0184420a466a7445907fc972ee28

    SHA512

    7bd2249357fb43c7481eec220661fdc32f39244fbf55ccefebee645521010db51913a10bab1a533c46cd76fe2b2660a67c353f0bf10c8656981f54364bd85910

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    58KB

    MD5

    3812bad3c6dff78d09a62041609bee85

    SHA1

    cebd2f6dfccb52070759b76e0face25d13f12433

    SHA256

    9b4570ec60ecd1f958af1cf1f64b1dfc8ab677bd14582e875e3d94f32594acb9

    SHA512

    09987ded5ab95b94e0d595eb52638a86d18c230ac8c726065fdfa5663d90665670133e49f53cfc43c8c3928ee62974ce5b38fe57a0fceb3736fe70688b07dc28

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    25KB

    MD5

    5cc60b9adee591920fcef58bb2f6711d

    SHA1

    fa859d98a43a3d5fccd1cb3ee7a0a3651b3be5f3

    SHA256

    81e95e0d18ec4043cdc196dd6c30ca91468b9e1233c8948516a3d3d0b5c0869d

    SHA512

    308ea649b92b243afa78c742debbd9fa00fba0f8bb35a52c5e6afe6b6d3f5e5e2ed8874e06e998278a274a1be1c410e25d03602a66dcee4596126e68db00d0db

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    27KB

    MD5

    8461bfd029a6901fcb443820606e9ca3

    SHA1

    2a34659f706cc1c977304c977d9cec0da072748b

    SHA256

    58e18275acb02631885ade0b808f56a2b8d3a6c68bed4d0b5105a3c46caf4f5c

    SHA512

    34bef280d37a9acaa662fd6e20b4d94ac5d93bc0b5333d92f1d141214ede9fcb24e5730c1a4d7958c16c2985f1890322f063293a928628ec61f1c90d1795f3d4

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    17KB

    MD5

    4be0d698a908a0e0d6a7758b9ec227f6

    SHA1

    0976b8558e1397c8adb25e79b63178e430f2aa7e

    SHA256

    d3b0a47175554c28e6daa747d58346387fa504f45fb994f04ae600f77f8ca8b8

    SHA512

    38d9276d0447873cd4ddb1686baba309ae2de24ce4cd5fe9c81c4a7adebd95497e1a3019af76466b5eff80d9f865a809fea7ed93cbe14f3c1a75d5197e62bbe1

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    34KB

    MD5

    adb197d3368bc8851199935960fd6cdf

    SHA1

    4c2e4996cea054c561931c39b298e6e929b7af5e

    SHA256

    b957e639cc5343743aa0f370a4262cb73166e8be18aa1686d9765988aaefa6e2

    SHA512

    053e6762c883996f75fddf34a34aa975b2f0691949362919c52ed950838d23ee91b3c1922bcc7decad738471cf9a30712c9ae18bfe29b95afebce0c8e844c853

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    1KB

    MD5

    b2137d95f05ce3a88174d28d7502383f

    SHA1

    4d8bf0ba77a6828d0a951949cc7aa2540d616900

    SHA256

    69125a5ff0fd84f7cf40ff20f1be93b08032de5df50a7334e39a60c481cb6948

    SHA512

    4d1562f7f65d4fd6e28bb2747fc1bac7f0d7b1055f495ee4010ec23ab422d6acdac3fc2f3220d4e0742a90950959a12c0e3f026c2b937ddf089f372b6152cd81

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    26KB

    MD5

    dad1feaa9f022677848c38f4274337f0

    SHA1

    ee986e1bcfe535479cadfe61853f017142fce1b9

    SHA256

    397b696d83c07274a354067d61fe3671e1973fa974ad8e49fcca28d87d253f14

    SHA512

    a955a70c58d02b1d21549fbfa43da1932f7a2303e5fc2e56622b218167309c393d8cd59b6be5baa34935621c8225232a11d32351a685ea240293c12e320b7ae9

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    42KB

    MD5

    f9d39ba8d3fcf4a372941f971691cc39

    SHA1

    f475095f64a494014c4a3a9c114308676e8afe76

    SHA256

    f5c4a90cfd8918963a1c0e33c2a16d469f371ce7ee7cf020f1c9fa1753a6afa9

    SHA512

    48e9c92ca662c41957659aba66eb54bc716312f5aacce09b2fb497ae458bfc748aaff97d9e21a94ffa35f377d71fe9cebc1d0225c5b1a8cc856f83811395defe

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    76KB

    MD5

    fc0b1ebaf26537ee8a33a890617141bb

    SHA1

    578f9fb3ca7fc3e7910f4bb7eb10a514a72ec933

    SHA256

    84e2beca8a31b914dd5e7f84d8bd5d924903872a6f66550cfc18b0eb35a07f11

    SHA512

    7dd01762bea180727b638d31e6f2c229a6b5f61bff9e5b501920858f881ae6b7b5b0847f00ab5c8d985efd4557f48dfd20526e6b8f7d0e0f57d13025b37ad061

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    40KB

    MD5

    ccb904c79bf762677c1e5e34ec1b2f4e

    SHA1

    52015da5c8c0b848dee96a35f955b6d5feb65d97

    SHA256

    62faf67a409ee02eb21e623f39e2baf5971c9e3e2e43c334193e6cdc44322544

    SHA512

    2a20a42af8270ae30bca56f805ab61e181ca75db17aacb0b63a4c56e38499101176bba70a7e3069690ca790c688483a68513bb9f46f0e2f8f0743bca2bf00fef

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    115KB

    MD5

    da2a858401f389e868ecd8e5304f2828

    SHA1

    75495802362b27d163ead02b4f47a3ec3f7c9d58

    SHA256

    062857787ead48c08d8d93bbcd16893c8b8cc8ac9a81a9d31958e1b1225dffc6

    SHA512

    06f616d12db881c17c9d35633585d0639c087c3b80e6dae854fdf7a1bb199677e85a7244e2b23106897a347ac031289bccf35cf2a5a04b7262d149da5bea89b7

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    50KB

    MD5

    2455e803575c4ac70037b0826b37e7fc

    SHA1

    afaedb9cccff5aafc9202320cbe1b4ccbb37bf27

    SHA256

    8beafb37ae1c406d2cd32c3ae13fb2db14182f6c4a8f98ab794c914c7c89622a

    SHA512

    af0bbeb3b2ba06ed7dfb9db5f8b64a49a79228c3347e8d00e1af98bf666044ba0d6516529430ab518e251f3fae7dbd0ccd5c07bddd768ce41d76f557c3e4d6ec

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    18KB

    MD5

    5c704af27993234c010e19d1b685033b

    SHA1

    0a83cc1dcdea35ba882ff175867b908287d746c0

    SHA256

    9fe35a0ee950177f41d0f29d1cd943de59997db1bac35b0532b5eaaa302dda4a

    SHA512

    51db95c0b1c3de18325aaf6074ed5c2b1ad0ea9e55777b5142d2e24600befebda9892a453470180306e3f8bcff2cba9ddf8f86ce02b374bcdc054617f5d3a2fd

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    10KB

    MD5

    61a0ebed489174a272e4504a206bdb20

    SHA1

    89326eec52b66c52fe9e3f18eef6bf011f86c582

    SHA256

    37bf5792d61d861115349927a119a39c1200e3f92f0eb483dbe97630d7c69110

    SHA512

    ff0bc47f0c2d94c0f0a16a575f4f2f8c3062be31a79382601611d468520d6eb8bab8cb7996de357c39ad9487ae8c2e083ad2194b2696b069e8766041f3bb7e93

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    26KB

    MD5

    9a7336d5e2b2bbcb715c3ba56085091e

    SHA1

    16502e7c701eaf0efa3bd996b3d3f062f0177832

    SHA256

    b12b7cbc82966bde63846acacefdebeb1c8a5ff4ea6fc5ffffb59efa1c8f63a0

    SHA512

    7b05ee4f18c445aab73d2c26b93dc16e2c8fa84f656476a2eaf94a82309ebc429bbf8b6de943005bc37d6515fcd467f795e717e8532b7351f7317215feec1b66

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    30KB

    MD5

    994af00599fca8ec6a99dc7cb8001785

    SHA1

    8f8b76c9e0878f58ef578c2ac78d1107e213b029

    SHA256

    ea1ac8e60285074a6a7f0517db73a1db5212d3fcd087b4129e7a0bb628aa8236

    SHA512

    37c3e2b86bec672d01a8685535e55ff0ba074dfde36b9175ef3cbc278c3653d65f465f806f2e7b4f303785668f88428bfd3d5cd773cc8cb31b314b55f110854c

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    21KB

    MD5

    c898d34a101a85727b6b70d422e2e71a

    SHA1

    efd006ab7c9d96c25322f1027d42a9cbf7dcc494

    SHA256

    ff88b23829434aca3db7f338b678507cca32381ed1ef0085b95376f4656edfd0

    SHA512

    4d8cb382862ca95c0c9bb72283df6a482e5066a0cf1fc4c5867bd16d7fa3eff0dc1e1c00faf8c7ee8a6c6c43138fdd8d1a4c359ed08b4fb4f89a7925a851e16f

    Download Submit

  • memory/2680-5009-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2680-0-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2680-13437-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download