Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
60s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 22:33
General
-
Target
84caac39ab4f9feada9b7a5fd321ebb3cb180f4b78ec9fede5efebeb04f9cda3.exe
-
Size
331KB
-
MD5
47ab16d3ccafa67d43733da20009eaa4
-
SHA1
fa1abfbf0726dbe09d8f4ec6f45080a1b9f4ce95
-
SHA256
84caac39ab4f9feada9b7a5fd321ebb3cb180f4b78ec9fede5efebeb04f9cda3
-
SHA512
b7f849dfc6d3d1a52b0c2abb44e57ea43d354d6fe3ccd042c40a39e2d0d3047380bd312a94c5a9c751035abd0078a7efdeaff879d0a6f4c9a720e4d7d8cb8218
-
SSDEEP
3072:wtwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwMqle7xa2i1WcEL:Quj8NDF3OR9/Qe2HdJ8RA8cEL
Score
9/10
Malware Config
Signatures
-
Detects executables packed with ASPack 4 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84caac39ab4f9feada9b7a5fd321ebb3cb180f4b78ec9fede5efebeb04f9cda3.exe"C:\Users\Admin\AppData\Local\Temp\84caac39ab4f9feada9b7a5fd321ebb3cb180f4b78ec9fede5efebeb04f9cda3.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"2⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"5⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe /part212⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"13⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"16⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"19⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"21⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"24⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe26⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"27⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe28⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"30⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe31⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe32⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"33⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe35⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"36⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe38⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"39⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe41⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"42⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe43⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe44⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"45⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe46⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe47⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"48⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe49⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe50⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe53⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"54⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe56⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"57⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe59⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe62⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"63⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe65⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"66⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe67⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe68⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe70⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe71⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"72⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe73⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe74⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"75⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe76⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe77⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe79⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe80⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"81⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe82⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe83⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"84⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe85⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe86⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"87⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe88⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe89⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"90⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe91⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe92⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe94⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe95⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"96⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe97⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe98⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"99⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe100⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe101⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe103⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe104⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"105⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe106⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe107⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"108⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe109⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe110⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe112⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe113⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe115⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe116⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"117⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe118⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe119⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"120⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-