Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

76caebcdd2...0b.exe

windows7-x64

9

76caebcdd2...0b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28/04/2024, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76caebcdd20f38d2571928812ac08b4addbbb52a54fbe9778aacd203c7f3fe0b.exe

  • Size

    60KB

  • MD5

    050297b7a0881653bd1106f8dcb26b52

  • SHA1

    7fe98acf18ccbebf6bfe94de85d27d7892c06b93

  • SHA256

    76caebcdd20f38d2571928812ac08b4addbbb52a54fbe9778aacd203c7f3fe0b

  • SHA512

    60961e8d4712d926a945a10811d6ba8eca6919d65457ff85d38a04dfa38efb9ddc17d9431a62b942fb2945f304fdc3e77c10d6a014792009ccf55773b62b0585

  • SSDEEP

    768:vvw9816vhKQLroCA4/wQxWMZQcpFM1FgDagXP2TyS1tl7lfqvocqcdT3WVd:nEGh0oCAlwWMZQcpmgDagIyS1loL7Wr

Score
9/10
persistence

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76caebcdd20f38d2571928812ac08b4addbbb52a54fbe9778aacd203c7f3fe0b.exe
    "C:\Users\Admin\AppData\Local\Temp\76caebcdd20f38d2571928812ac08b4addbbb52a54fbe9778aacd203c7f3fe0b.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\{1100D62D-78BF-49f6-B2FE-F4CF048DDA49}.exe
      C:\Windows\{1100D62D-78BF-49f6-B2FE-F4CF048DDA49}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Windows\{8F6D27D4-C499-41f6-9BAD-67988AC96CBC}.exe
        C:\Windows\{8F6D27D4-C499-41f6-9BAD-67988AC96CBC}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Windows\{F92874FE-7E5D-43f9-A98D-1FB71D5F906E}.exe
          C:\Windows\{F92874FE-7E5D-43f9-A98D-1FB71D5F906E}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2672
          • C:\Windows\{970D55A3-C94A-4975-B6DA-049F5CC26375}.exe
            C:\Windows\{970D55A3-C94A-4975-B6DA-049F5CC26375}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1260
            • C:\Windows\{9645C7D8-8A70-4460-AD97-1908C3D868C8}.exe
              C:\Windows\{9645C7D8-8A70-4460-AD97-1908C3D868C8}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2784
              • C:\Windows\{8304660E-275C-4c9c-BC73-68072E313D9A}.exe
                C:\Windows\{8304660E-275C-4c9c-BC73-68072E313D9A}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2364
                • C:\Windows\{4A0A62BE-63E9-4c7f-B6AD-7934A0443D0A}.exe
                  C:\Windows\{4A0A62BE-63E9-4c7f-B6AD-7934A0443D0A}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:868
                  • C:\Windows\{493E28E6-E3B2-41cf-9DD5-C968E4DAE4FB}.exe
                    C:\Windows\{493E28E6-E3B2-41cf-9DD5-C968E4DAE4FB}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:816
                    • C:\Windows\{BB6ABB1A-0685-4ac0-97B6-BAC6808ECFCF}.exe
                      C:\Windows\{BB6ABB1A-0685-4ac0-97B6-BAC6808ECFCF}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1168
                      • C:\Windows\{13984D2D-120C-49df-B903-0B6D6D81CE23}.exe
                        C:\Windows\{13984D2D-120C-49df-B903-0B6D6D81CE23}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2348
                        • C:\Windows\{EE04869E-65B3-4342-8466-42B9B30620DC}.exe
                          C:\Windows\{EE04869E-65B3-4342-8466-42B9B30620DC}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1488
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{13984~1.EXE > nul
                          12⤵
                            PID:1060
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BB6AB~1.EXE > nul
                          11⤵
                            PID:2308
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{493E2~1.EXE > nul
                          10⤵
                            PID:2096
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4A0A6~1.EXE > nul
                          9⤵
                            PID:2092
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{83046~1.EXE > nul
                          8⤵
                            PID:496
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9645C~1.EXE > nul
                          7⤵
                            PID:2008
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{970D5~1.EXE > nul
                          6⤵
                            PID:2172
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F9287~1.EXE > nul
                          5⤵
                            PID:1976
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F6D2~1.EXE > nul
                          4⤵
                            PID:2916
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1100D~1.EXE > nul
                          3⤵
                            PID:2804
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\76CAEB~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2544

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{1100D62D-78BF-49f6-B2FE-F4CF048DDA49}.exe
                        Filesize

                        60KB

                        MD5

                        530b88910ef7b5e3ddda528189180b17

                        SHA1

                        d3e2d5a96bc5b79512ca2dcacd58e43bfdc221e3

                        SHA256

                        a3183a34209cbb3f0453580495e8b9be6d03c3ef025d8b908fba06307eddc8f6

                        SHA512

                        95ff0d33680eefad2c02046f2a5d0f41d359d9bd01f3d5d749132f000030b14b236f2ee6e6f41286b6cd8c9f4f82d571b1b3f0f1b8fb9d83e227baed0107cc97

                        Download Submit

                      • C:\Windows\{13984D2D-120C-49df-B903-0B6D6D81CE23}.exe
                        Filesize

                        60KB

                        MD5

                        833f924712a8d5e0a41a2a21828cbe2d

                        SHA1

                        6d19589580a8a0b5cc7ddea8a8ef54462ad28753

                        SHA256

                        00302082a78218169f8b929ad72899f2901f2f766e30d3345b659cebe13b3721

                        SHA512

                        76a0a1df77b310248779e60d4fa385b5ee95d329e2a11974330d68defaed1987b4ad98343a154806d54a97b65beb7d951fc6f10b0c417655fe089774b30655a8

                        Download Submit

                      • C:\Windows\{493E28E6-E3B2-41cf-9DD5-C968E4DAE4FB}.exe
                        Filesize

                        60KB

                        MD5

                        d713f3afa20dcb1326a8019e0005405a

                        SHA1

                        908469973e11e9507d372b83cb34cdbeb9d1892d

                        SHA256

                        723be65d85d39def5b3a5df5f06f19ff67d86f091b7b76aa312dbead584e2167

                        SHA512

                        f5868c95f5506ee23b02e218a0b64c22b3c7e88fc5b9c00d9315ea1f46a3383a380f21e99f9ba1f20d78011fd09131409209f56bd9ad45e7a10bdfc2de429f75

                        Download Submit

                      • C:\Windows\{4A0A62BE-63E9-4c7f-B6AD-7934A0443D0A}.exe
                        Filesize

                        60KB

                        MD5

                        57bb5630fbe5b329bd25cc91cf178f1c

                        SHA1

                        34ce94a49a8f5a8fd806c0df94168230d782303d

                        SHA256

                        ced6371dbf58aec79d27b57053fd9d458580d52faff38e40fb6c44f2a204c334

                        SHA512

                        2f7023164794917b61a07151d6b5d6f9a12cc3d4a1ffa371c0e2912d55ccfadd44d57cf6e8858756c860ef8432287f0b909c6d9a60a65b7e807af5703abe0788

                        Download Submit

                      • C:\Windows\{8304660E-275C-4c9c-BC73-68072E313D9A}.exe
                        Filesize

                        60KB

                        MD5

                        28b2dec86e503e10cb0286e2cd8bfb04

                        SHA1

                        bdfe6a95444b1eed02562236c3d39fba00d3e55c

                        SHA256

                        e706a606ddbecba537e7ee9d02f06af9ba6ea4f78aa72aa69e2611e3b20aa1e8

                        SHA512

                        ea0515af96e26b44e95269fe97d7f0530f331996a7d39211ce98b31ebf5d360b1acf049dbe043fcda98bec9a9d905514a6646a76269257f8177a453363848b61

                        Download Submit

                      • C:\Windows\{8F6D27D4-C499-41f6-9BAD-67988AC96CBC}.exe
                        Filesize

                        60KB

                        MD5

                        5f9da25daf5f63b87b793d2486369147

                        SHA1

                        88982716220d429e67537a4c9bb40385a825441b

                        SHA256

                        4fd063d8f198609b175630fc1e737cf0cc020b357f689f37df683c16dbd61748

                        SHA512

                        06c27e5eb9d976a5ba30ec56e0243d51f02785f20c9a101e04d08b18036c705fc3920f5baeb70755c1c75f154be76d93785728be66505454200bb6b825f29d19

                        Download Submit

                      • C:\Windows\{9645C7D8-8A70-4460-AD97-1908C3D868C8}.exe
                        Filesize

                        60KB

                        MD5

                        e121d4afed08a6e0b5add7a3e61da7e3

                        SHA1

                        02abcd126b3af60c8cddd9f5f1512f520fa4be16

                        SHA256

                        af1b5a9d9499f7392809fc37750437bb417e8a24ba313e75722c7af55389db2f

                        SHA512

                        a3597ccccbb253cfe40dbb276dadc0b40c2e7f6c993a502ef05963e719e123337c435abbcb42da6bc10db704d7c3fdfdc2325646dfb4834aa8776ea0c286518a

                        Download Submit

                      • C:\Windows\{970D55A3-C94A-4975-B6DA-049F5CC26375}.exe
                        Filesize

                        60KB

                        MD5

                        03d8ba8eb4f42ee8639457efb40d5b57

                        SHA1

                        af8ef447b0de61ec06e10702d4d2ceb3cac00d61

                        SHA256

                        76302bcd167ca9e61e621fa9375775cb3a128808fe42c99a02cec33368f66067

                        SHA512

                        dfd01be8b105d32057f0b3a9976b9316f92bddb877525d14864971e0edbb09bd7581c3e7f0c2d24b28ac5ef3985f01139d1086f0f8145f0d2a4826ae4ad100d6

                        Download Submit

                      • C:\Windows\{BB6ABB1A-0685-4ac0-97B6-BAC6808ECFCF}.exe
                        Filesize

                        60KB

                        MD5

                        83a8756d1e4de1d916b861916bf6971f

                        SHA1

                        36ea3711e57fb79cf997d238794622c49915769a

                        SHA256

                        5cc5dcb6be522dcbe5ec57710f69ed6994b13d7169608ead5a124f9ff9f5b846

                        SHA512

                        be2de7335326b758f04c2e3a89a9cb27bcb8243daac41639f2015e342364965aba86f41eb08ea1999eac2c1b81693f5323a205ace9608d7410b7b9db58fdffb6

                        Download Submit

                      • C:\Windows\{EE04869E-65B3-4342-8466-42B9B30620DC}.exe
                        Filesize

                        60KB

                        MD5

                        d021b69aa6fd19810195574cfbfa571d

                        SHA1

                        3940ab67c5657b2ce8a2cd3525ddb0c5003ee47a

                        SHA256

                        2a110b928e8e6e6d5a60b81565a8f419912593a0aa118b1e9b05986188e409b3

                        SHA512

                        487e05d525407378e60ecb14c4ce6e78cd34a257988a65161546d04dc40fa70fff6775b9cf3f8fe5fa35d2215725501b423da60969cabee406d8346508f6a7ca

                        Download Submit

                      • C:\Windows\{F92874FE-7E5D-43f9-A98D-1FB71D5F906E}.exe
                        Filesize

                        60KB

                        MD5

                        2cf5bce910afa048ba06ef1b3150f9e8

                        SHA1

                        cb563b19610503d341a095aba51f6c560ae06e52

                        SHA256

                        becd0ea257677a3900c5e10f84d94af838a4e590968c4aff0926cf3485835de4

                        SHA512

                        296bc9a63c1e1cda0ce5c918cd501406c923d848c2df410e5a9093152349774e3c397d05f593663cba33ce380c3b6ea485da05a7f1088bd902b8e13a0dd8078b

                        Download Submit