Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
05/01/2024, 11:58
General
-
Target
10ff65f6e1cd534ba15eb6e44d9541b4.exe
-
Size
66KB
-
MD5
10ff65f6e1cd534ba15eb6e44d9541b4
-
SHA1
d5088e7f947a0b0fd86d46b7f65d595115e39484
-
SHA256
3dced41060e1f11558c6538ea4dfcbd6511000d03f23792a45f5f1f3ea5503a2
-
SHA512
f63e3e9a4e50a6adc61706a639b2d91a7f35862ddc2cece5e168d49a29576fa181bfe021420a1ed3cca117f103b2e3c3621aba1afc8c3d0c39c37a6bb2ebee6a
-
SSDEEP
1536:o7OE59Vyzrc8K3WgFtKhJP+tcrVOXKzaJThZfaKhQiSEKNJh:WV5998K3WQ8fjEXKgZfnhfxuh
Malware Config
Signatures
-
Drops file in Drivers directory 10 IoCs
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 19 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 9 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 4 IoCs
-
Drops file in Windows directory 49 IoCs
-
Modifies Control Panel 12 IoCs
-
Runs ping.exe 1 TTPs 32 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10ff65f6e1cd534ba15eb6e44d9541b4.exe"C:\Users\Admin\AppData\Local\Temp\10ff65f6e1cd534ba15eb6e44d9541b4.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe2⤵
-
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe2⤵
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"2⤵
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"2⤵
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe2⤵
-
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe2⤵
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"1⤵
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe1⤵
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"1⤵
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe1⤵
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe1⤵
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"1⤵
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe1⤵
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"1⤵
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe1⤵
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\csrss.exe"1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\Gaara.exe"1⤵
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"C:\Windows\Fonts\Admin 5 - 1 - 2024\smss.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66KB
MD56da2d0d24c7760546de2ab2a3cf6b80e
SHA1a96e6df09086c152d44c3ca687e3e8abcf622bb4
SHA25607de90906f1791f3d56b5809c9cab0d6ee3f5f2bb4c88ee407c48cd27305e0ea
SHA512ee54375e7e3d43bd252cf7df293e0f2b6ac3e2d09fe7478f8b218b68440264bd1deb89402fe853960f5b4819799f59861476b69484a623fd680b3dd800d87e9b
-
Filesize
66KB
MD5a07d3e585b426055936688d471bd4110
SHA14b6d6b42093759e02e66068972a8c46822b0f109
SHA256605880c651a8d1155aec85a5dd3e9812d4898e9501e19b4b0f0e697434166795
SHA51269985a732d487500fb1c938f6b24e42e72e21c991681c5b8c67b7eafc17c02030f83a4f91115d93345d18dae825bacc2ecc9feca46150a835510e370b736b901
-
Filesize
66KB
MD5fb6afc6959dab6fa1f51f7f9ee23d761
SHA1d14eb789c83f32aa0403574c18af59be58558a5d
SHA256f3a5fb91bcf08f1a3fbaafd3081b5a70d5f27188f3d8544993b12b2bdd89db0c
SHA512bf921213b5dc4df2c55a389c3684e954aa582c74a9c0489fab68f2dc6e88932c4688acfc02f64c6c656f44ffe612eabc60713da9a130562961ae496cfb609a98
-
Filesize
1.4MB
MD5d6b05020d4a0ec2a3a8b687099e335df
SHA1df239d830ebcd1cde5c68c46a7b76dad49d415f4
SHA2569824b98dab6af65a9e84c2ea40e9df948f9766ce2096e81feecad7db8dd6080a
SHA51278fd360faa4d34f5732056d6e9ad7b9930964441c69cf24535845d397de92179553b9377a25649c01eb5ac7d547c29cc964e69ede7f2af9fc677508a99251fff
-
Filesize
66KB
MD5f6b711cf9b2fe4674e5b3d53c60c4c8b
SHA17928b2763d831d941e3734aa5f00e9c387354d82
SHA25662bd9e8209b1278c9c109cf712364d4c31519bcd1c4f19e04d587d1459083cbd
SHA51296fd8f0617e2fc1fef1d154e7020952910d83af8dafefb8db9323ef79b7fb04114a089b95fa78a29b48e75bd45495791312af3fa05d0904ad53d848f04cd7167
-
Filesize
66KB
MD558b6492ef096481a9aad1b97088570f6
SHA1f56801d52dd9cba90ad2a5c0cf0252df5bc96bab
SHA256ac6330fe36746e7d471451cb29deacd942b28cad58a68af325bb564455292007
SHA512bc565dabdc762342261d846f554f60a93c21d38be925a8dbfc08e13790f21c2533f83acf946718b825cd06640d7e13d07e39112c719d4865bb774d599e9cde7b
-
Filesize
66KB
MD5770a7c9de1585a2c986a6ab391d597a8
SHA1f9eb1d9cd9dd33adae9306f604548e73040ebdd6
SHA2569653066635347c3a7c22396332eea610de5a08691b37d507fe3409670f50d071
SHA512e3333c5b5ef827085b80f146d95040d01e50516adb76528c861bcced072085f1dc7c9689daedb6a60c7bb00a443af6aa721c444cc44cd16a196ca41b90cc57da
-
Filesize
1.3MB
MD55343a19c618bc515ceb1695586c6c137
SHA14dedae8cbde066f31c8e6b52c0baa3f8b1117742
SHA2562246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
SHA512708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
-
Filesize
168KB
