Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 02:29
Behavioral task
behavioral1
Sample
a66f9fc18440adedd1c42b33e568d175.exe
Resource
win7-20231129-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
a66f9fc18440adedd1c42b33e568d175.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
a66f9fc18440adedd1c42b33e568d175.exe
-
Size
73KB
-
MD5
a66f9fc18440adedd1c42b33e568d175
-
SHA1
f549ce643f9257719874846045ff83b502994fa4
-
SHA256
971bb73356edcaae9f23a8aaf392b450e21220bd01508b38b37200aecc31e5de
-
SHA512
43313a36cce73a9bfb7145bc2495ff49bb8f6c100109191887e8ff21b68cecdc48fee5b3b740e0daa8fd8be6ca4a77a4a9f91994eedc4bc80038639028a97ecf
-
SSDEEP
1536:z55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:vMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pjaboucydif = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a66f9fc18440adedd1c42b33e568d175.exe" a66f9fc18440adedd1c42b33e568d175.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\X: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\H: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\I: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\K: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\L: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\O: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\A: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\B: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\N: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\T: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\Y: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\G: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\P: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\Q: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\S: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\W: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\Z: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\E: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\J: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\M: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\R: a66f9fc18440adedd1c42b33e568d175.exe File opened (read-only) \??\U: a66f9fc18440adedd1c42b33e568d175.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 a66f9fc18440adedd1c42b33e568d175.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString a66f9fc18440adedd1c42b33e568d175.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier a66f9fc18440adedd1c42b33e568d175.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2112 a66f9fc18440adedd1c42b33e568d175.exe 2112 a66f9fc18440adedd1c42b33e568d175.exe -
Suspicious use of WriteProcessMemory 60 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2968 2112 a66f9fc18440adedd1c42b33e568d175.exe 28 PID 2112 wrote to memory of 2968 2112 a66f9fc18440adedd1c42b33e568d175.exe 28 PID 2112 wrote to memory of 2968 2112 a66f9fc18440adedd1c42b33e568d175.exe 28 PID 2112 wrote to memory of 2968 2112 a66f9fc18440adedd1c42b33e568d175.exe 28 PID 2112 wrote to memory of 2700 2112 a66f9fc18440adedd1c42b33e568d175.exe 31 PID 2112 wrote to memory of 2700 2112 a66f9fc18440adedd1c42b33e568d175.exe 31 PID 2112 wrote to memory of 2700 2112 a66f9fc18440adedd1c42b33e568d175.exe 31 PID 2112 wrote to memory of 2700 2112 a66f9fc18440adedd1c42b33e568d175.exe 31 PID 2112 wrote to memory of 2656 2112 a66f9fc18440adedd1c42b33e568d175.exe 33 PID 2112 wrote to memory of 2656 2112 a66f9fc18440adedd1c42b33e568d175.exe 33 PID 2112 wrote to memory of 2656 2112 a66f9fc18440adedd1c42b33e568d175.exe 33 PID 2112 wrote to memory of 2656 2112 a66f9fc18440adedd1c42b33e568d175.exe 33 PID 2112 wrote to memory of 2688 2112 a66f9fc18440adedd1c42b33e568d175.exe 35 PID 2112 wrote to memory of 2688 2112 a66f9fc18440adedd1c42b33e568d175.exe 35 PID 2112 wrote to memory of 2688 2112 a66f9fc18440adedd1c42b33e568d175.exe 35 PID 2112 wrote to memory of 2688 2112 a66f9fc18440adedd1c42b33e568d175.exe 35 PID 2112 wrote to memory of 2492 2112 a66f9fc18440adedd1c42b33e568d175.exe 37 PID 2112 wrote to memory of 2492 2112 a66f9fc18440adedd1c42b33e568d175.exe 37 PID 2112 wrote to memory of 2492 2112 a66f9fc18440adedd1c42b33e568d175.exe 37 PID 2112 wrote to memory of 2492 2112 a66f9fc18440adedd1c42b33e568d175.exe 37 PID 2112 wrote to memory of 2548 2112 a66f9fc18440adedd1c42b33e568d175.exe 41 PID 2112 wrote to memory of 2548 2112 a66f9fc18440adedd1c42b33e568d175.exe 41 PID 2112 wrote to memory of 2548 2112 a66f9fc18440adedd1c42b33e568d175.exe 41 PID 2112 wrote to memory of 2548 2112 a66f9fc18440adedd1c42b33e568d175.exe 41 PID 2112 wrote to memory of 1296 2112 a66f9fc18440adedd1c42b33e568d175.exe 43 PID 2112 wrote to memory of 1296 2112 a66f9fc18440adedd1c42b33e568d175.exe 43 PID 2112 wrote to memory of 1296 2112 a66f9fc18440adedd1c42b33e568d175.exe 43 PID 2112 wrote to memory of 1296 2112 a66f9fc18440adedd1c42b33e568d175.exe 43 PID 2112 wrote to memory of 1772 2112 a66f9fc18440adedd1c42b33e568d175.exe 45 PID 2112 wrote to memory of 1772 2112 a66f9fc18440adedd1c42b33e568d175.exe 45 PID 2112 wrote to memory of 1772 2112 a66f9fc18440adedd1c42b33e568d175.exe 45 PID 2112 wrote to memory of 1772 2112 a66f9fc18440adedd1c42b33e568d175.exe 45 PID 2112 wrote to memory of 2788 2112 a66f9fc18440adedd1c42b33e568d175.exe 47 PID 2112 wrote to memory of 2788 2112 a66f9fc18440adedd1c42b33e568d175.exe 47 PID 2112 wrote to memory of 2788 2112 a66f9fc18440adedd1c42b33e568d175.exe 47 PID 2112 wrote to memory of 2788 2112 a66f9fc18440adedd1c42b33e568d175.exe 47 PID 2112 wrote to memory of 1548 2112 a66f9fc18440adedd1c42b33e568d175.exe 49 PID 2112 wrote to memory of 1548 2112 a66f9fc18440adedd1c42b33e568d175.exe 49 PID 2112 wrote to memory of 1548 2112 a66f9fc18440adedd1c42b33e568d175.exe 49 PID 2112 wrote to memory of 1548 2112 a66f9fc18440adedd1c42b33e568d175.exe 49 PID 2112 wrote to memory of 2180 2112 a66f9fc18440adedd1c42b33e568d175.exe 51 PID 2112 wrote to memory of 2180 2112 a66f9fc18440adedd1c42b33e568d175.exe 51 PID 2112 wrote to memory of 2180 2112 a66f9fc18440adedd1c42b33e568d175.exe 51 PID 2112 wrote to memory of 2180 2112 a66f9fc18440adedd1c42b33e568d175.exe 51 PID 2112 wrote to memory of 1968 2112 a66f9fc18440adedd1c42b33e568d175.exe 53 PID 2112 wrote to memory of 1968 2112 a66f9fc18440adedd1c42b33e568d175.exe 53 PID 2112 wrote to memory of 1968 2112 a66f9fc18440adedd1c42b33e568d175.exe 53 PID 2112 wrote to memory of 1968 2112 a66f9fc18440adedd1c42b33e568d175.exe 53 PID 2112 wrote to memory of 888 2112 a66f9fc18440adedd1c42b33e568d175.exe 55 PID 2112 wrote to memory of 888 2112 a66f9fc18440adedd1c42b33e568d175.exe 55 PID 2112 wrote to memory of 888 2112 a66f9fc18440adedd1c42b33e568d175.exe 55 PID 2112 wrote to memory of 888 2112 a66f9fc18440adedd1c42b33e568d175.exe 55 PID 2112 wrote to memory of 2268 2112 a66f9fc18440adedd1c42b33e568d175.exe 57 PID 2112 wrote to memory of 2268 2112 a66f9fc18440adedd1c42b33e568d175.exe 57 PID 2112 wrote to memory of 2268 2112 a66f9fc18440adedd1c42b33e568d175.exe 57 PID 2112 wrote to memory of 2268 2112 a66f9fc18440adedd1c42b33e568d175.exe 57 PID 2112 wrote to memory of 1020 2112 a66f9fc18440adedd1c42b33e568d175.exe 59 PID 2112 wrote to memory of 1020 2112 a66f9fc18440adedd1c42b33e568d175.exe 59 PID 2112 wrote to memory of 1020 2112 a66f9fc18440adedd1c42b33e568d175.exe 59 PID 2112 wrote to memory of 1020 2112 a66f9fc18440adedd1c42b33e568d175.exe 59
Processes
-
C:\Users\Admin\AppData\Local\Temp\a66f9fc18440adedd1c42b33e568d175.exe"C:\Users\Admin\AppData\Local\Temp\a66f9fc18440adedd1c42b33e568d175.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2968
-
-
C:\Windows\SysWOW64\nslookup.exenslookup emsisoft.bit dns1.soprodns.ru2⤵PID:2700
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2656
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2688
-
-
C:\Windows\SysWOW64\nslookup.exenslookup emsisoft.bit dns1.soprodns.ru2⤵PID:2492
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2548
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1296
-
-
C:\Windows\SysWOW64\nslookup.exenslookup emsisoft.bit dns1.soprodns.ru2⤵PID:1772
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2788
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1548
-
-
C:\Windows\SysWOW64\nslookup.exenslookup emsisoft.bit dns1.soprodns.ru2⤵PID:2180
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1968
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:888
-
-
C:\Windows\SysWOW64\nslookup.exenslookup emsisoft.bit dns1.soprodns.ru2⤵PID:2268
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1020
-