Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

keygen.exe

windows7-x64

7

keygen.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen.exe

  • Size

    324KB

  • MD5

    1537dfb19e396ee3687019d65b59db97

  • SHA1

    d0c35e7c5b3a6d0c9195408e21d28fd33020a0da

  • SHA256

    4a435e0b87e8bd6f3e9f9b306f661ff5428017f33f742fa0788107212757f64c

  • SHA512

    20076cd879e28d911d1288a6f70450eee75bd9446ba9479f5ad18488f05a1e775999de1384fa239ff914f8d810220ffc5e7a15bb9f1a4eb4c8f8c11b85836e9c

  • SSDEEP

    6144:nCWyPqAbxbDv6qjWYN0JdGn/oq/PO3sPQ/aH8ooxZPfv8I8:CQ2DvjjLNkdGn/oWPa1/aHCfb8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies registry class 38 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3044
  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\WatchRename.ppt"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2988
    • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\WatchRename.ppt"
      1⤵
        PID:1440

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\FkjJppdnIuaUJsNeZFGR.DLL
        Filesize

        35KB

        MD5

        76a9565c5f51775719eebda1f25530a5

        SHA1

        332feae4dba6b4a93bebea7a881a0fa758891091

        SHA256

        a1a7c4f74d4fe7784ed03709e5f946b94cc10a64e3ae0ad5a9a3bece9a8a2c0a

        SHA512

        79c9af704d1626cad9d44470585baf8d5f082b5d77c285fc6ae4862e99439f838fe9b1e745f8f2487fa64d5d7304954f66d0cef222db4dc9095a7294172094e9

        Download Submit

      • \Users\Admin\AppData\Local\Temp\mdsiTfsOoTxalmFlMhgB.DLL
        Filesize

        12KB

        MD5

        e6144fb36c1fdc6ba1d1afa9632588f8

        SHA1

        c4964264c6600fde210a644b639e2ea25ecb67e6

        SHA256

        b141412d0611571df381c26186b3fc438c725d6e45ad66fd76413322c17a9ac6

        SHA512

        400ca4e2ad987a88429da21d795f7365bd230ed4225e19b7841dcc09606e0afde2f3cc31aa8be4ee83dd3c6b0339cb2c13953523bdc8d2f547d953c6c6c8d339

        Download Submit

      • \Users\Admin\AppData\Local\Temp\rMDJXkYHbm.DLL
        Filesize

        33KB

        MD5

        e4ec57e8508c5c4040383ebe6d367928

        SHA1

        b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

        SHA256

        8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

        SHA512

        77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

        Download Submit

      • memory/1440-59-0x000000002D071000-0x000000002D072000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1748-61-0x000000006FC8D000-0x000000006FC98000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1748-60-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1748-58-0x000000002D071000-0x000000002D072000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-36-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-40-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-21-0x00000000003F0000-0x00000000003F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-22-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-23-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-24-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-25-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-26-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-27-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-28-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-29-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-31-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-30-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-32-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-33-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-34-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-35-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-0-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-37-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-38-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-39-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-20-0x0000000000220000-0x0000000000224000-memory.dmp

        Filesize

        16KB

        Download

      • memory/3044-41-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-42-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-43-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-44-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-45-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-46-0x0000000005DD0000-0x0000000005DD2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3044-47-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-48-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-49-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-51-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-50-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-54-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-55-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-56-0x0000000000400000-0x00000000004D3000-memory.dmp

        Filesize

        844KB

        Download

      • memory/3044-57-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-18-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-19-0x00000000035A0000-0x00000000035B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3044-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-1-0x0000000000220000-0x0000000000224000-memory.dmp

        Filesize

        16KB

        Download