Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01/01/2024, 20:38
General
-
Target
ab2b0259bbde72bbf3633925ce628b06.exe
-
Size
59KB
-
MD5
ab2b0259bbde72bbf3633925ce628b06
-
SHA1
75e132a9ba1e018d047768deaf30d412b169f523
-
SHA256
53244f5f10adf7ea0cb9da77bdd087b6807f163c6189975c65cd7b054c133211
-
SHA512
4cf934e8f53b4f734a358ed5659615125b1928679dcb356e21f528e1a24d1ee28dce4a63127223262bba3e57acb02861c801d4f1e5bc5dca9e8e7d250ada2e9a
-
SSDEEP
1536:juJN+bxLYlfuvnUVE4m5CHdr42dtIr52LmO:juAxLYlgUVd9Hdr4+tRmO
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab2b0259bbde72bbf3633925ce628b06.exe"C:\Users\Admin\AppData\Local\Temp\ab2b0259bbde72bbf3633925ce628b06.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phneqf32.exeC:\Windows\system32\Phneqf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gccmaack.exeC:\Windows\system32\Gccmaack.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gipbck32.exeC:\Windows\system32\Gipbck32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gheodg32.exeC:\Windows\system32\Gheodg32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hgkimn32.exeC:\Windows\system32\Hgkimn32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hlhaee32.exeC:\Windows\system32\Hlhaee32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hhehkepj.exeC:\Windows\system32\Hhehkepj.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ijjnpg32.exeC:\Windows\system32\Ijjnpg32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jokpcmmj.exeC:\Windows\system32\Jokpcmmj.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jginej32.exeC:\Windows\system32\Jginej32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgqdfi32.exeC:\Windows\system32\Kgqdfi32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kfhnme32.exeC:\Windows\system32\Kfhnme32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kclnfi32.exeC:\Windows\system32\Kclnfi32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lpjelibg.exeC:\Windows\system32\Lpjelibg.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhmmieil.exeC:\Windows\system32\Mhmmieil.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mphamg32.exeC:\Windows\system32\Mphamg32.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nieoal32.exeC:\Windows\system32\Nieoal32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pnenchoc.exeC:\Windows\system32\Pnenchoc.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahinbo32.exeC:\Windows\system32\Ahinbo32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bilcol32.exeC:\Windows\system32\Bilcol32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlobmd32.exeC:\Windows\system32\Dlobmd32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fiheheka.exeC:\Windows\system32\Fiheheka.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hkodak32.exeC:\Windows\system32\Hkodak32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikjcmi32.exeC:\Windows\system32\Ikjcmi32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kofheeoq.exeC:\Windows\system32\Kofheeoq.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjcccm32.exeC:\Windows\system32\Kjcccm32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lobhqdec.exeC:\Windows\system32\Lobhqdec.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lflpmn32.exeC:\Windows\system32\Lflpmn32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfcfnm32.exeC:\Windows\system32\Lfcfnm32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjjbjjdd.exeC:\Windows\system32\Mjjbjjdd.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncbfcp32.exeC:\Windows\system32\Ncbfcp32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nffljjfc.exeC:\Windows\system32\Nffljjfc.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odnfonag.exeC:\Windows\system32\Odnfonag.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obfpejcl.exeC:\Windows\system32\Obfpejcl.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Obkiqi32.exeC:\Windows\system32\Obkiqi32.exe36⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pgknlg32.exeC:\Windows\system32\Pgknlg32.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pcaoahio.exeC:\Windows\system32\Pcaoahio.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qkpmcddi.exeC:\Windows\system32\Qkpmcddi.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qckbggad.exeC:\Windows\system32\Qckbggad.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acpkbf32.exeC:\Windows\system32\Acpkbf32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmkehicj.exeC:\Windows\system32\Cmkehicj.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dgjmkqke.exeC:\Windows\system32\Dgjmkqke.exe43⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eegpkcbd.exeC:\Windows\system32\Eegpkcbd.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejkndijd.exeC:\Windows\system32\Ejkndijd.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhhaclqc.exeC:\Windows\system32\Fhhaclqc.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghmkol32.exeC:\Windows\system32\Ghmkol32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gmnmbbgp.exeC:\Windows\system32\Gmnmbbgp.exe48⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hobcgdjm.exeC:\Windows\system32\Hobcgdjm.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Helkdnaj.exeC:\Windows\system32\Helkdnaj.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlkmlhea.exeC:\Windows\system32\Hlkmlhea.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ionbcb32.exeC:\Windows\system32\Ionbcb32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikechced.exeC:\Windows\system32\Ikechced.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jknfnbmi.exeC:\Windows\system32\Jknfnbmi.exe54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jehcfj32.exeC:\Windows\system32\Jehcfj32.exe55⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kdbjbfjl.exeC:\Windows\system32\Kdbjbfjl.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kklbop32.exeC:\Windows\system32\Kklbop32.exe57⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Loaafnah.exeC:\Windows\system32\Loaafnah.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmjkka32.exeC:\Windows\system32\Lmjkka32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbpfig32.exeC:\Windows\system32\Mbpfig32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nejbaqgo.exeC:\Windows\system32\Nejbaqgo.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Olfgcj32.exeC:\Windows\system32\Olfgcj32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oimdbnip.exeC:\Windows\system32\Oimdbnip.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oefamoma.exeC:\Windows\system32\Oefamoma.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppnbpg32.exeC:\Windows\system32\Ppnbpg32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pekkhn32.exeC:\Windows\system32\Pekkhn32.exe66⤵
-
C:\Windows\SysWOW64\Ppeipfdm.exeC:\Windows\system32\Ppeipfdm.exe67⤵
-
C:\Windows\SysWOW64\Pfoamp32.exeC:\Windows\system32\Pfoamp32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qlpcpffl.exeC:\Windows\system32\Qlpcpffl.exe69⤵
-
C:\Windows\SysWOW64\Abodhpic.exeC:\Windows\system32\Abodhpic.exe70⤵
-
C:\Windows\SysWOW64\Amdiei32.exeC:\Windows\system32\Amdiei32.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Agmmnnpj.exeC:\Windows\system32\Agmmnnpj.exe72⤵
-
C:\Windows\SysWOW64\Bpodmb32.exeC:\Windows\system32\Bpodmb32.exe73⤵
-
C:\Windows\SysWOW64\Cpcnhbjj.exeC:\Windows\system32\Cpcnhbjj.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Copajm32.exeC:\Windows\system32\Copajm32.exe75⤵
-
C:\Windows\SysWOW64\Dgieajgj.exeC:\Windows\system32\Dgieajgj.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dncnnd32.exeC:\Windows\system32\Dncnnd32.exe77⤵
-
C:\Windows\SysWOW64\Dfclmfhl.exeC:\Windows\system32\Dfclmfhl.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcgemhic.exeC:\Windows\system32\Fcgemhic.exe79⤵
-
C:\Windows\SysWOW64\Fjanjb32.exeC:\Windows\system32\Fjanjb32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcibchgq.exeC:\Windows\system32\Fcibchgq.exe81⤵
-
C:\Windows\SysWOW64\Gfodpbpl.exeC:\Windows\system32\Gfodpbpl.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Haphiiee.exeC:\Windows\system32\Haphiiee.exe83⤵
-
C:\Windows\SysWOW64\Ihcclb32.exeC:\Windows\system32\Ihcclb32.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jahgpf32.exeC:\Windows\system32\Jahgpf32.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kdfmcobk.exeC:\Windows\system32\Kdfmcobk.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lkgkqh32.exeC:\Windows\system32\Lkgkqh32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mbkfcabb.exeC:\Windows\system32\Mbkfcabb.exe88⤵
-
C:\Windows\SysWOW64\Ondleo32.exeC:\Windows\system32\Ondleo32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Oijqbh32.exeC:\Windows\system32\Oijqbh32.exe90⤵
-
C:\Windows\SysWOW64\Opdiobod.exeC:\Windows\system32\Opdiobod.exe91⤵
-
C:\Windows\SysWOW64\Oeqagi32.exeC:\Windows\system32\Oeqagi32.exe92⤵
-
C:\Windows\SysWOW64\Onifpodl.exeC:\Windows\system32\Onifpodl.exe93⤵
-
C:\Windows\SysWOW64\Oecnmi32.exeC:\Windows\system32\Oecnmi32.exe94⤵
-
C:\Windows\SysWOW64\Plapdb32.exeC:\Windows\system32\Plapdb32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Plifea32.exeC:\Windows\system32\Plifea32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ahfmka32.exeC:\Windows\system32\Ahfmka32.exe97⤵
-
C:\Windows\SysWOW64\Abqjci32.exeC:\Windows\system32\Abqjci32.exe98⤵
-
C:\Windows\SysWOW64\Bpnncl32.exeC:\Windows\system32\Bpnncl32.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Clnanlhn.exeC:\Windows\system32\Clnanlhn.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cibagpgg.exeC:\Windows\system32\Cibagpgg.exe101⤵
-
C:\Windows\SysWOW64\Dfphmp32.exeC:\Windows\system32\Dfphmp32.exe102⤵
-
C:\Windows\SysWOW64\Ehekjk32.exeC:\Windows\system32\Ehekjk32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ebnocpfp.exeC:\Windows\system32\Ebnocpfp.exe104⤵
-
C:\Windows\SysWOW64\Ehlakjig.exeC:\Windows\system32\Ehlakjig.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fqfeag32.exeC:\Windows\system32\Fqfeag32.exe106⤵
-
C:\Windows\SysWOW64\Fifdqhal.exeC:\Windows\system32\Fifdqhal.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gmkbgf32.exeC:\Windows\system32\Gmkbgf32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gcdkdpih.exeC:\Windows\system32\Gcdkdpih.exe109⤵
-
C:\Windows\SysWOW64\Gcggjp32.exeC:\Windows\system32\Gcggjp32.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfoflj32.exeC:\Windows\system32\Hfoflj32.exe111⤵
-
C:\Windows\SysWOW64\Ifcpgiji.exeC:\Windows\system32\Ifcpgiji.exe112⤵
-
C:\Windows\SysWOW64\Iiffoc32.exeC:\Windows\system32\Iiffoc32.exe113⤵
-
C:\Windows\SysWOW64\Jikojcaa.exeC:\Windows\system32\Jikojcaa.exe114⤵
-
C:\Windows\SysWOW64\Jfalhgni.exeC:\Windows\system32\Jfalhgni.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jmkdeaee.exeC:\Windows\system32\Jmkdeaee.exe116⤵
-
C:\Windows\SysWOW64\Kigoeagd.exeC:\Windows\system32\Kigoeagd.exe117⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kabpan32.exeC:\Windows\system32\Kabpan32.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lpocciba.exeC:\Windows\system32\Lpocciba.exe119⤵
-
C:\Windows\SysWOW64\Lgikpc32.exeC:\Windows\system32\Lgikpc32.exe120⤵
-
C:\Windows\SysWOW64\Lnccmnak.exeC:\Windows\system32\Lnccmnak.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-