Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/03/2024, 17:57
General
-
Target
18c4a35197e731a253e4cc10f6f7fd9bdd9e4ac63e79062acb90f0f985049171.exe
-
Size
294KB
-
MD5
04012df3c7820dc7c607baf023995b25
-
SHA1
79b0749d1a338bd396dbf019cb5ed8e852969b07
-
SHA256
18c4a35197e731a253e4cc10f6f7fd9bdd9e4ac63e79062acb90f0f985049171
-
SHA512
510e531fdefac18eb953de131ff536a6ef03321f8eb4006e1e880b6d9030ca988a4ad5ea040a6827a3d6524a5ee6550ef1e0b0e19971715a158a0a7a13a627f8
-
SSDEEP
3072:4twizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwMqle7xa2i1xX2i1FU:ouj8NDF3OR9/Qe2HdJ8RAfXzU
Score
9/10
Malware Config
Signatures
-
Detects executables packed with ASPack 4 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\18c4a35197e731a253e4cc10f6f7fd9bdd9e4ac63e79062acb90f0f985049171.exe"C:\Users\Admin\AppData\Local\Temp\18c4a35197e731a253e4cc10f6f7fd9bdd9e4ac63e79062acb90f0f985049171.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"20⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"23⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"26⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe27⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe28⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"29⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe31⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"32⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe34⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"35⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe37⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"38⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe40⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"41⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe43⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"44⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe45⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe46⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"47⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe49⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"50⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe52⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"53⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe55⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"56⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe58⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"59⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe61⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"62⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe64⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"65⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe67⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"68⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe69⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe70⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"71⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe72⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe73⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"74⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe75⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe76⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"77⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe78⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe79⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"80⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe81⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe82⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"83⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe84⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe85⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"86⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe87⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe88⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"89⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe90⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe91⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe93⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe94⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"95⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe96⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe97⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"98⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe99⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe100⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"101⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe102⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe103⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"104⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe105⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe106⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"107⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe108⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe109⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"110⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe111⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe112⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"113⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe114⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe115⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"116⤵
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe /part2117⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"118⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe119⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe120⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-