Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
06/01/2024, 07:48
General
-
Target
7eccd6ceaafd1116f22a016865986a865b7b8bddf73dcebb78a5afb2955f7d40.exe
-
Size
1.1MB
-
MD5
cb25fe91eb74ccafaafe0f78ccb7333a
-
SHA1
7a5cb10bd068811941c881a031fd1e53610a46ba
-
SHA256
7eccd6ceaafd1116f22a016865986a865b7b8bddf73dcebb78a5afb2955f7d40
-
SHA512
75d138a2760be0ea521965a7bac1c79358e64c968f79086b6c2960a29412fabdc2846d0f1b612230c99eaa5e403a06292f92e23340bf510bbff5ac978db15dbd
-
SSDEEP
24576:gRW3N/0f/oAPoRBchI5anfOlAUAi1K6oElG4lBujFAvCyRI:g5ApamAUAQ/lG4lBmFAvZI
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7eccd6ceaafd1116f22a016865986a865b7b8bddf73dcebb78a5afb2955f7d40.exe"C:\Users\Admin\AppData\Local\Temp\7eccd6ceaafd1116f22a016865986a865b7b8bddf73dcebb78a5afb2955f7d40.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"2⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"3⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"4⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"5⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"6⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"7⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"8⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"9⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"10⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"11⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"12⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"13⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"14⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"15⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"16⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"17⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"18⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"19⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"20⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"21⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"22⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"23⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"24⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"25⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"26⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"27⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"28⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"29⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"30⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"31⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"32⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"33⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"34⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"35⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"36⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"37⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"38⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"39⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"40⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"41⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"42⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"43⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"44⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"45⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"46⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"47⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"48⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
753B
MD50a482b2089caf62be6a8b5c9d05159e1
SHA18fefc0f18baf11136a6d2844c3053f2d93841be8
SHA2569c84c9a5815362c85d9dd843250311b4be4e2ed0f15d972da5248319eac4f61d
SHA512903a483fa3cbfcbb0c581bbff2d8a30da97f7ba0afeaf097244696d47919cd6d0f2af471d47abd6767f6c2ff6258d74c9b49e00fbe566748bf41fceab77bcf31