Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 06:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
79819a0602ff2a66857915e284d87a32.exe
Resource
win7-20231215-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
79819a0602ff2a66857915e284d87a32.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
79819a0602ff2a66857915e284d87a32.exe
-
Size
208KB
-
MD5
79819a0602ff2a66857915e284d87a32
-
SHA1
c60d79059fdb95b0ea1c37a5805b1b170d5888ba
-
SHA256
487f36ad4da4416cecb13c07b1298f1e23e71e0409575e4a56ac0092a816667d
-
SHA512
0214985fef4278069ca68d1b087b68fe319ce9da57d9c748bfd96ecf4c29283f462035a1d2ad700b46880b01bb8b7fdbcf3ff48198b620800144a0533c0ab761
-
SSDEEP
3072:nDMM1KVLDp979aAqvxpDWDhQx9AhHp8NeqxEN1yy8p+uxs/Y:n5KVboA8pDqQx9AhJSRxiJ8jK/Y
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 79819a0602ff2a66857915e284d87a32.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" zouuj.exe -
Executes dropped EXE 1 IoCs
pid Process 2756 zouuj.exe -
Loads dropped DLL 2 IoCs
pid Process 2448 79819a0602ff2a66857915e284d87a32.exe 2448 79819a0602ff2a66857915e284d87a32.exe -
Adds Run key to start application 2 TTPs 53 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /V" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /r" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /g" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /k" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /R" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /u" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /y" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /C" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /F" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /e" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /q" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /Y" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /O" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /M" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /W" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /D" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /a" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /N" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /E" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /B" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /I" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /z" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /l" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /P" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /U" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /J" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /S" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /T" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /d" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /L" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /G" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /f" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /b" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /o" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /j" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /p" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /w" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /h" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /t" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /A" 79819a0602ff2a66857915e284d87a32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /A" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /i" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /c" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /n" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /Z" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /s" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /v" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /x" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /X" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /K" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /H" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /Q" zouuj.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\zouuj = "C:\\Users\\Admin\\zouuj.exe /m" zouuj.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2448 79819a0602ff2a66857915e284d87a32.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe 2756 zouuj.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2448 79819a0602ff2a66857915e284d87a32.exe 2756 zouuj.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2448 wrote to memory of 2756 2448 79819a0602ff2a66857915e284d87a32.exe 28 PID 2448 wrote to memory of 2756 2448 79819a0602ff2a66857915e284d87a32.exe 28 PID 2448 wrote to memory of 2756 2448 79819a0602ff2a66857915e284d87a32.exe 28 PID 2448 wrote to memory of 2756 2448 79819a0602ff2a66857915e284d87a32.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\79819a0602ff2a66857915e284d87a32.exe"C:\Users\Admin\AppData\Local\Temp\79819a0602ff2a66857915e284d87a32.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Users\Admin\zouuj.exe"C:\Users\Admin\zouuj.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2756
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
208KB
MD5cb4e47be590e6b223357a92ca059f781
SHA100eff00b276885c62dc3dc5b6e92a15740db0923
SHA256a6b5a5c0592fae9ea133e860df1de45c01f682d484bc091b24ff99843c2bce3c
SHA5129965dc55fa71c58f4a87fc38001d0b98d39e297571e213f0090ae4fddd9afdf12cf54695efabac816b981fb73a1c9f6a03a0287ad9de5fe2bbe9f5d83398b4fe