Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03/01/2024, 22:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3f32c05e9865ef5de936a6ed48a927cb.exe
Resource
win7-20231129-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
3f32c05e9865ef5de936a6ed48a927cb.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
3f32c05e9865ef5de936a6ed48a927cb.exe
-
Size
128KB
-
MD5
3f32c05e9865ef5de936a6ed48a927cb
-
SHA1
a1481a3d1e5be0de26d5182b8f0b3e11f508f7e7
-
SHA256
817ff07f08a8d6242ff7ad2547300068919d5bb2f17cf625230332257eaa1b77
-
SHA512
b36685b42419235d867a216643574eb0b1b9d1aa62b149cd32c6b13d00db827a73581e9ffb3fd0450df13b3f1d3b8864f7b9485997cfdb93bbe2cf9f7219ec84
-
SSDEEP
3072:4fwbcHVICc7soi3rK+/7uqelMYa3S1H2p:ewbAVFc7st3rK+/7uqelMYa3S1H
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" wialuic.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation 3f32c05e9865ef5de936a6ed48a927cb.exe -
Executes dropped EXE 1 IoCs
pid Process 4140 wialuic.exe -
Adds Run key to start application 2 TTPs 50 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /K" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /z" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /o" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /t" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /x" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /d" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /k" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /N" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /B" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /C" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /V" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /u" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /J" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /D" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /L" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /A" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /q" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /U" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /w" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /h" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /X" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /G" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /c" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /P" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /v" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /W" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /p" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /R" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /F" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /n" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /T" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /Z" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /O" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /j" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /g" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /f" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /Y" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /r" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /H" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /m" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /b" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /S" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /s" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /a" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /I" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /E" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /Q" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /l" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /M" wialuic.exe Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wialuic = "C:\\Users\\Admin\\wialuic.exe /i" wialuic.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe 4140 wialuic.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 664 3f32c05e9865ef5de936a6ed48a927cb.exe 4140 wialuic.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 664 wrote to memory of 4140 664 3f32c05e9865ef5de936a6ed48a927cb.exe 90 PID 664 wrote to memory of 4140 664 3f32c05e9865ef5de936a6ed48a927cb.exe 90 PID 664 wrote to memory of 4140 664 3f32c05e9865ef5de936a6ed48a927cb.exe 90 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86 PID 4140 wrote to memory of 664 4140 wialuic.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f32c05e9865ef5de936a6ed48a927cb.exe"C:\Users\Admin\AppData\Local\Temp\3f32c05e9865ef5de936a6ed48a927cb.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:664 -
C:\Users\Admin\wialuic.exe"C:\Users\Admin\wialuic.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4140
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD555b5ae92b54b70888ad5a6bce4e27b9d
SHA164fd7f2d153a9133ebfbd118c67f166ea9c61cf9
SHA25651a5733d9048ebcb3f6af879385fdb7bf547f0f820fcefebd85f4edf20159726
SHA512fadd61fbb32813c62d5dbea776d8e70619db773c597c76ed0737fa17b11f07263e0acc57ec2b3c372078bedb189ed6c0b2163d69eaa540cc4d3fff61c7472432