Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21/04/2024, 01:54
General
-
Target
b489230d2e5867f2267d0d22fa0f673c25c5cb3743c2b529c2ef46225d29ab0e.exe
-
Size
67KB
-
MD5
c5cda89d7f8731c91491b2c011e47626
-
SHA1
f3dc0ae7c737473f4cee397ea1270925bd77ea1b
-
SHA256
b489230d2e5867f2267d0d22fa0f673c25c5cb3743c2b529c2ef46225d29ab0e
-
SHA512
1f7fa0d32f1ddde5482c7a47108a95bfb340c2e22e3ba204b296a5dbbcfdcf5a10a1e4e25ec7a9e50c693f2e662dfc0976339083cc5ec672b405532424b8737b
-
SSDEEP
1536:rwj2J9Yvp7srLVcxQuXc1JYocUvoDvC+Ijj9RQFR/Rj:0a4v8UcfnvoD1I1eFVx
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b489230d2e5867f2267d0d22fa0f673c25c5cb3743c2b529c2ef46225d29ab0e.exe"C:\Users\Admin\AppData\Local\Temp\b489230d2e5867f2267d0d22fa0f673c25c5cb3743c2b529c2ef46225d29ab0e.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bffcpg32.exeC:\Windows\system32\Bffcpg32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdlqqcnl.exeC:\Windows\system32\Cdlqqcnl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cndeii32.exeC:\Windows\system32\Cndeii32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnfaohbj.exeC:\Windows\system32\Cnfaohbj.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ckjbhmad.exeC:\Windows\system32\Ckjbhmad.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cohkokgj.exeC:\Windows\system32\Cohkokgj.exe7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnmhpg32.exeC:\Windows\system32\Dnmhpg32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Digehphc.exeC:\Windows\system32\Digehphc.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfnbgc32.exeC:\Windows\system32\Dfnbgc32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebdcld32.exeC:\Windows\system32\Ebdcld32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eeelnp32.exeC:\Windows\system32\Eeelnp32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebimgcfi.exeC:\Windows\system32\Ebimgcfi.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eblimcdf.exeC:\Windows\system32\Eblimcdf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enbjad32.exeC:\Windows\system32\Enbjad32.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fneggdhg.exeC:\Windows\system32\Fneggdhg.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpdcag32.exeC:\Windows\system32\Fpdcag32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fechomko.exeC:\Windows\system32\Fechomko.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fefedmil.exeC:\Windows\system32\Fefedmil.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gehbjm32.exeC:\Windows\system32\Gehbjm32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfhndpol.exeC:\Windows\system32\Gfhndpol.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gncchb32.exeC:\Windows\system32\Gncchb32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gmdcfidg.exeC:\Windows\system32\Gmdcfidg.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Geohklaa.exeC:\Windows\system32\Geohklaa.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmimai32.exeC:\Windows\system32\Gmimai32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfaajnfb.exeC:\Windows\system32\Hfaajnfb.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbjoeojc.exeC:\Windows\system32\Hbjoeojc.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hekgfj32.exeC:\Windows\system32\Hekgfj32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hemdlj32.exeC:\Windows\system32\Hemdlj32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpchib32.exeC:\Windows\system32\Hpchib32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ifomll32.exeC:\Windows\system32\Ifomll32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibhkfm32.exeC:\Windows\system32\Ibhkfm32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Impliekg.exeC:\Windows\system32\Impliekg.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jleijb32.exeC:\Windows\system32\Jleijb32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jiiicf32.exeC:\Windows\system32\Jiiicf32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jepjhg32.exeC:\Windows\system32\Jepjhg32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jllokajf.exeC:\Windows\system32\Jllokajf.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Komhll32.exeC:\Windows\system32\Komhll32.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Klahfp32.exeC:\Windows\system32\Klahfp32.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kgiiiidd.exeC:\Windows\system32\Kgiiiidd.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klfaapbl.exeC:\Windows\system32\Klfaapbl.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjlopc32.exeC:\Windows\system32\Kjlopc32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpfgmnfp.exeC:\Windows\system32\Lpfgmnfp.exe43⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lqkqhm32.exeC:\Windows\system32\Lqkqhm32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lqmmmmph.exeC:\Windows\system32\Lqmmmmph.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmdnbn32.exeC:\Windows\system32\Lmdnbn32.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mqafhl32.exeC:\Windows\system32\Mqafhl32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mmmqhl32.exeC:\Windows\system32\Mmmqhl32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mnmmboed.exeC:\Windows\system32\Mnmmboed.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nqmfdj32.exeC:\Windows\system32\Nqmfdj32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nggnadib.exeC:\Windows\system32\Nggnadib.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncnofeof.exeC:\Windows\system32\Ncnofeof.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nqbpojnp.exeC:\Windows\system32\Nqbpojnp.exe53⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nmipdk32.exeC:\Windows\system32\Nmipdk32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omnjojpo.exeC:\Windows\system32\Omnjojpo.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Onocomdo.exeC:\Windows\system32\Onocomdo.exe57⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oaplqh32.exeC:\Windows\system32\Oaplqh32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Omgmeigd.exeC:\Windows\system32\Omgmeigd.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pfoann32.exeC:\Windows\system32\Pfoann32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pmiikh32.exeC:\Windows\system32\Pmiikh32.exe61⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Phajna32.exeC:\Windows\system32\Phajna32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdhkcb32.exeC:\Windows\system32\Pdhkcb32.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmpolgoi.exeC:\Windows\system32\Pmpolgoi.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qjfmkk32.exeC:\Windows\system32\Qjfmkk32.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aajhndkb.exeC:\Windows\system32\Aajhndkb.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aonhghjl.exeC:\Windows\system32\Aonhghjl.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aopemh32.exeC:\Windows\system32\Aopemh32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkgeainn.exeC:\Windows\system32\Bkgeainn.exe69⤵
-
C:\Windows\SysWOW64\Bgnffj32.exeC:\Windows\system32\Bgnffj32.exe70⤵
-
C:\Windows\SysWOW64\Bdagpnbk.exeC:\Windows\system32\Bdagpnbk.exe71⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bmjkic32.exeC:\Windows\system32\Bmjkic32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bajqda32.exeC:\Windows\system32\Bajqda32.exe73⤵
-
C:\Windows\SysWOW64\Caojpaij.exeC:\Windows\system32\Caojpaij.exe74⤵
-
C:\Windows\SysWOW64\Chiblk32.exeC:\Windows\system32\Chiblk32.exe75⤵
-
C:\Windows\SysWOW64\Cpdgqmnb.exeC:\Windows\system32\Cpdgqmnb.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cklhcfle.exeC:\Windows\system32\Cklhcfle.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkndie32.exeC:\Windows\system32\Dkndie32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dnonkq32.exeC:\Windows\system32\Dnonkq32.exe79⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Doojec32.exeC:\Windows\system32\Doojec32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkekjdck.exeC:\Windows\system32\Dkekjdck.exe81⤵
-
C:\Windows\SysWOW64\Dqbcbkab.exeC:\Windows\system32\Dqbcbkab.exe82⤵
-
C:\Windows\SysWOW64\Ehlhih32.exeC:\Windows\system32\Ehlhih32.exe83⤵
-
C:\Windows\SysWOW64\Ebdlangb.exeC:\Windows\system32\Ebdlangb.exe84⤵
-
C:\Windows\SysWOW64\Eohmkb32.exeC:\Windows\system32\Eohmkb32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ebifmm32.exeC:\Windows\system32\Ebifmm32.exe86⤵
-
C:\Windows\SysWOW64\Ebkbbmqj.exeC:\Windows\system32\Ebkbbmqj.exe87⤵
-
C:\Windows\SysWOW64\Fqppci32.exeC:\Windows\system32\Fqppci32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fgjhpcmo.exeC:\Windows\system32\Fgjhpcmo.exe89⤵
-
C:\Windows\SysWOW64\Fqbliicp.exeC:\Windows\system32\Fqbliicp.exe90⤵
-
C:\Windows\SysWOW64\Fqeioiam.exeC:\Windows\system32\Fqeioiam.exe91⤵
-
C:\Windows\SysWOW64\Fqgedh32.exeC:\Windows\system32\Fqgedh32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbgbnkfm.exeC:\Windows\system32\Fbgbnkfm.exe93⤵
-
C:\Windows\SysWOW64\Fiqjke32.exeC:\Windows\system32\Fiqjke32.exe94⤵
-
C:\Windows\SysWOW64\Gbkkik32.exeC:\Windows\system32\Gbkkik32.exe95⤵
-
C:\Windows\SysWOW64\Gaqhjggp.exeC:\Windows\system32\Gaqhjggp.exe96⤵
-
C:\Windows\SysWOW64\Ggkqgaol.exeC:\Windows\system32\Ggkqgaol.exe97⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Glhimp32.exeC:\Windows\system32\Glhimp32.exe98⤵
-
C:\Windows\SysWOW64\Giljfddl.exeC:\Windows\system32\Giljfddl.exe99⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hbenoi32.exeC:\Windows\system32\Hbenoi32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hhaggp32.exeC:\Windows\system32\Hhaggp32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hhdcmp32.exeC:\Windows\system32\Hhdcmp32.exe102⤵
-
C:\Windows\SysWOW64\Hlblcn32.exeC:\Windows\system32\Hlblcn32.exe103⤵
-
C:\Windows\SysWOW64\Hifmmb32.exeC:\Windows\system32\Hifmmb32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ilfennic.exeC:\Windows\system32\Ilfennic.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ilibdmgp.exeC:\Windows\system32\Ilibdmgp.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ieagmcmq.exeC:\Windows\system32\Ieagmcmq.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iahgad32.exeC:\Windows\system32\Iahgad32.exe108⤵
-
C:\Windows\SysWOW64\Ibgdlg32.exeC:\Windows\system32\Ibgdlg32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ihdldn32.exeC:\Windows\system32\Ihdldn32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jhnojl32.exeC:\Windows\system32\Jhnojl32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jafdcbge.exeC:\Windows\system32\Jafdcbge.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jojdlfeo.exeC:\Windows\system32\Jojdlfeo.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Khbiello.exeC:\Windows\system32\Khbiello.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kamjda32.exeC:\Windows\system32\Kamjda32.exe115⤵
-
C:\Windows\SysWOW64\Kpqggh32.exeC:\Windows\system32\Kpqggh32.exe116⤵
-
C:\Windows\SysWOW64\Kemooo32.exeC:\Windows\system32\Kemooo32.exe117⤵
-
C:\Windows\SysWOW64\Kcapicdj.exeC:\Windows\system32\Kcapicdj.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lohqnd32.exeC:\Windows\system32\Lohqnd32.exe119⤵
-
C:\Windows\SysWOW64\Lindkm32.exeC:\Windows\system32\Lindkm32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lcfidb32.exeC:\Windows\system32\Lcfidb32.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-