Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3E85429C854...er.exe
windows10-2004-x64
1E85429C854...on.dll
windows10-2004-x64
1E85429C854...rm.pdf
windows10-2004-x64
1E85429C854...le.pdf
windows10-2004-x64
1E85429C854...ld.exe
windows10-2004-x64
1E85429C854...RD.exe
windows10-2004-x64
1E85429C854...on.dll
windows10-2004-x64
1Analysis
-
max time kernel
448s -
max time network
452s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 12:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
E85429C854299A78/USB Driver.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
600 seconds
Behavioral task
behavioral2
Sample
E85429C854299A78/version.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
600 seconds
Behavioral task
behavioral3
Sample
E85429C854299A78/////Candidates Personal Information Form.pdf
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
600 seconds
Behavioral task
behavioral4
Sample
E85429C854299A78/////Gmail - IFIC Bank_ Computer Proficiency Test Schedule.pdf
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
600 seconds
Behavioral task
behavioral5
Sample
E85429C854299A78/////MSBuild.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
600 seconds
Behavioral task
behavioral6
Sample
E85429C854299A78/////WINWORD.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
600 seconds
Behavioral task
behavioral7
Sample
E85429C854299A78/////version.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
600 seconds
General
-
Target
E85429C854299A78/USB Driver.exe
-
Size
378KB
-
MD5
ac4d26cd3db1791b13a7bd065e69ae8b
-
SHA1
759222977856d9881434d9bc9f172185e686f1ad
-
SHA256
415d87499c302313864cbf4478e2bbff82188bba5c381eadbd596c0797943b0d
-
SHA512
2ba685acec701f51dccd91d7a2d55b0e6add245c54ae575bc8f4f58d4f413abedf3a506b4cd547c249949b78baf469be80acd6d49813d35e0a7e976ab4de9a32
-
SSDEEP
6144:Vn2RZHTNddqsJfIGosmrsPkaWqaCVmEbNcj7/WTlabPUXmJiin26lXjS0Z:Vn2RlpddRPYXKNcj7waw5in26VtZ
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe -
Modifies registry class 50 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0 = 4a003100000000006b58fc631000374634377e310000340009000400efbe6b58fc636b58fd632e00000057320200000007000000000000000000000000000000f7527f006b20000016000000 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000005a580482100041646d696e003c0009000400efbe5a58a2796b58fd632e0000007ce101000000010000000000000000000000000000004acda100410064006d0069006e00000014000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000005a58a27912004170704461746100400009000400efbe5a58a2796b58fd632e00000087e10100000001000000000000000000000000000000764ab3004100700070004400610074006100000016000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0\0 = 4a003100000000006b58fc631000353532337e310000340009000400efbe6b58fc636b58fc632e0000005a3202000000070000000000000000000000000000008c2582002c20000016000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000005a58a2791100557365727300640009000400efbe874f77486b58fd632e000000c70500000000010000000000000000003a00000000002536bf0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0 = 4a003100000000006b58fc631000434237457e310000340009000400efbe6b58fc636b58fd632e00000036320200000007000000000000000000000000000000739e7e000c20000016000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0\0\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000005a589b7b10004c6f63616c003c0009000400efbe5a58a2796b58fd632e0000009ae10100000001000000000000000000000000000000272d82004c006f00630061006c00000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0 = 4a003100000000006b58fc631000374634377e310000340009000400efbe6b58fc636b58fd632e00000035320200000007000000000000000000000000000000127345006b20000016000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0\0 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\0\0\0\NodeSlot = "1" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000006b58fc63100054656d7000003a0009000400efbe5a58a2796b58fd632e0000009be1010000000100000000000000000000000000000078248c00540065006d007000000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 6a003100000000006b58fc6310004538353432397e310000520009000400efbe6b58fc636b58fc632e0000002d32020000000700000000000000000000000000000046d384004500380035003400320039004300380035003400320039003900410037003800000018000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 220 explorer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2684 USB Driver.exe 2684 USB Driver.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 220 explorer.exe 220 explorer.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2684 wrote to memory of 1928 2684 USB Driver.exe 92 PID 2684 wrote to memory of 1928 2684 USB Driver.exe 92 PID 2684 wrote to memory of 1928 2684 USB Driver.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\USB Driver.exe"C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\USB Driver.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\explorer.exeexplorer "C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\\\\\"2⤵PID:1928
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:220
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2932