Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

de36e15d3d...c0.exe

windows7-x64

8

de36e15d3d...c0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 03:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de36e15d3d7e1fad2d7ae316e78baaaadc205c44b8c39978eb19418643836dc0.exe

  • Size

    90KB

  • MD5

    1d1ebda591674909cc13e057c74d8ff5

  • SHA1

    558e151074927aaff5562579e529709ac2ac4a8d

  • SHA256

    de36e15d3d7e1fad2d7ae316e78baaaadc205c44b8c39978eb19418643836dc0

  • SHA512

    ccf6c7dd01b4ac136dd4a6824bb9b65f29eefb9fae67b1242c03e05ee27b95f6dc0dcb0465a70fe65dcab7189c08f33de098aea75eed354b3090ee421e9bceaa

  • SSDEEP

    768:50w981IshKQLroa4/wQozzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzS:CEGI0oalVunMxVS3

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de36e15d3d7e1fad2d7ae316e78baaaadc205c44b8c39978eb19418643836dc0.exe
    "C:\Users\Admin\AppData\Local\Temp\de36e15d3d7e1fad2d7ae316e78baaaadc205c44b8c39978eb19418643836dc0.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\{90FCD27D-6F3C-414a-9404-A744620F3E93}.exe
      C:\Windows\{90FCD27D-6F3C-414a-9404-A744620F3E93}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Windows\{3CE1224C-8F7F-45ae-9571-BBFDCCDFA222}.exe
        C:\Windows\{3CE1224C-8F7F-45ae-9571-BBFDCCDFA222}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2592
        • C:\Windows\{04C78C9A-1827-4e55-A740-8016DF29FDA1}.exe
          C:\Windows\{04C78C9A-1827-4e55-A740-8016DF29FDA1}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2464
          • C:\Windows\{3B39AF4F-4928-482f-8A7C-C4F178F82DDF}.exe
            C:\Windows\{3B39AF4F-4928-482f-8A7C-C4F178F82DDF}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2404
            • C:\Windows\{613500E7-A403-4e94-8964-5260AA925677}.exe
              C:\Windows\{613500E7-A403-4e94-8964-5260AA925677}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2616
              • C:\Windows\{3AC5B9C2-65E9-4452-BD4F-655770DAA320}.exe
                C:\Windows\{3AC5B9C2-65E9-4452-BD4F-655770DAA320}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1952
                • C:\Windows\{18573147-A1AC-4b24-AB05-434DF55C5DBF}.exe
                  C:\Windows\{18573147-A1AC-4b24-AB05-434DF55C5DBF}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1564
                  • C:\Windows\{D8F40F3A-69A6-4eae-BB36-00D0608297DB}.exe
                    C:\Windows\{D8F40F3A-69A6-4eae-BB36-00D0608297DB}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2260
                    • C:\Windows\{EEA72CCE-BCFE-4f1d-B925-603068EF23CD}.exe
                      C:\Windows\{EEA72CCE-BCFE-4f1d-B925-603068EF23CD}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2112
                      • C:\Windows\{6CA000A4-312C-4794-B47A-D709AF2218A9}.exe
                        C:\Windows\{6CA000A4-312C-4794-B47A-D709AF2218A9}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:484
                        • C:\Windows\{1958CA15-0142-4c51-8F45-BBD9083EBD94}.exe
                          C:\Windows\{1958CA15-0142-4c51-8F45-BBD9083EBD94}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2540
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6CA00~1.EXE > nul
                          12⤵
                            PID:2032
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EEA72~1.EXE > nul
                          11⤵
                            PID:1480
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D8F40~1.EXE > nul
                          10⤵
                            PID:2752
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{18573~1.EXE > nul
                          9⤵
                            PID:1320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3AC5B~1.EXE > nul
                          8⤵
                            PID:2080
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{61350~1.EXE > nul
                          7⤵
                            PID:1964
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3B39A~1.EXE > nul
                          6⤵
                            PID:2972
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{04C78~1.EXE > nul
                          5⤵
                            PID:1428
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3CE12~1.EXE > nul
                          4⤵
                            PID:2604
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{90FCD~1.EXE > nul
                          3⤵
                            PID:2448
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\DE36E1~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2932

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{04C78C9A-1827-4e55-A740-8016DF29FDA1}.exe
                        Filesize

                        90KB

                        MD5

                        43a6e7b6d42b4a0fe02bff5690a9ff62

                        SHA1

                        fd2d90bd4a3a4a920ac17fa21276363f91f7bbd0

                        SHA256

                        8c004615c975eb3d6545ce6fbf94d731d0ebf721dfd60cdf663948a0f4ef4ca6

                        SHA512

                        dcb78d7abc6b2293d534a49c6f73f268cdfe928125e71eba97e2870061409def39698a1a851110ee637a5dafe11b4e762de93e9a734601bebffbd0de3d80a65b

                        Download Submit

                      • C:\Windows\{18573147-A1AC-4b24-AB05-434DF55C5DBF}.exe
                        Filesize

                        90KB

                        MD5

                        beb726014b61f870896e3c5f8d03339f

                        SHA1

                        610773db56d2fdb07f5c6fbc2f3144614a096dc1

                        SHA256

                        06dd2a3488b69601ac8dddeef97ec43912270548ad295df8577563b2acec50ed

                        SHA512

                        1c84be352fc75c19c39bb929ed1a4a4d2593c7ef1706ddc3a7a057882344f31f1b3b7b765db0c71ebd9b0690058951f7b81302cce4511f4d56678962748b4d17

                        Download Submit

                      • C:\Windows\{1958CA15-0142-4c51-8F45-BBD9083EBD94}.exe
                        Filesize

                        90KB

                        MD5

                        d45954bc9d00a3975c85175293680b4b

                        SHA1

                        eb22b6449cd25445812087e5880d32270525a9b1

                        SHA256

                        31715616d0d351dc9bcdbb9acd1281b6098c3c0b24e9eabe92b752cc5ddf162f

                        SHA512

                        1282ffe7276636373118ece6b108bb0b3e234acfd01acb6accfd9d59ea881f30a141498cc910629b1f9b9e5f4b20f54cbd2df42a7bc3579646b48ea5908eb84d

                        Download Submit

                      • C:\Windows\{3AC5B9C2-65E9-4452-BD4F-655770DAA320}.exe
                        Filesize

                        90KB

                        MD5

                        6d9ef15ce87b3e19140395738623c977

                        SHA1

                        7f5ea4683700f4f3a041d8462e074c83572408a2

                        SHA256

                        972f2bcfb566829d735c4b4ee3d53893bb6e18c4c4bc497fa41c74382025858a

                        SHA512

                        963c115c73760bb33dba55ffa036434479d2bb812fe227ea624f9f55a7e18259d5ef349b7b6fdef7877bdd2f82de113e4c5ad52f2e7a6570b7a411bfb2276213

                        Download Submit

                      • C:\Windows\{3B39AF4F-4928-482f-8A7C-C4F178F82DDF}.exe
                        Filesize

                        90KB

                        MD5

                        4cc60c8cea75e07365187b31fe0f25f2

                        SHA1

                        e1d8b9ec9d7ff42a10a4997dc2f299f88406ba7e

                        SHA256

                        386d9596642a3c1ba15a5e99b73f11bc9f14c2880b7648966f257691337e94f9

                        SHA512

                        7f4a337b7d80fca47de62940d813f1d11bbeac4d36c2769b2d1dda0e9c616d95b20e3101987d01230b80f601995c9308b3484e4151eb0aba7aa7686eb3098576

                        Download Submit

                      • C:\Windows\{3CE1224C-8F7F-45ae-9571-BBFDCCDFA222}.exe
                        Filesize

                        90KB

                        MD5

                        db68f799b68e5953d55f0e85744440d0

                        SHA1

                        2c29fc9c3163991df36537707cf4066f7e726b63

                        SHA256

                        8d3a67eab907eb7b9b72d5746ecf90365ad45a71342f561d6ebb5889eaf87f4d

                        SHA512

                        26e58a06032351c850afde78483ef6a0c5a9d9827f801e61a4e45ab0bb9b429e0d063280e944e8b61083e9bcb6d7ba7ec1a8506ccd9b337953a0fa91f2897bfe

                        Download Submit

                      • C:\Windows\{613500E7-A403-4e94-8964-5260AA925677}.exe
                        Filesize

                        90KB

                        MD5

                        3318358848781f0ea71f8fae902766d0

                        SHA1

                        bc0469d74b126c1c79645ed9040fd5cb91074a56

                        SHA256

                        cbe7e76b3f4873066470012d8a86ea5afc039dc29b54a937d64b38691e73b9d9

                        SHA512

                        77ef4865cdee9e515312fd725d59ceafffaa1a2386effbdb9072bda5dee61eb2970ef9bb4eaa1a34b2f1e3a04420c86c85ac4b3e109beabd21d4229732b84ee9

                        Download Submit

                      • C:\Windows\{6CA000A4-312C-4794-B47A-D709AF2218A9}.exe
                        Filesize

                        90KB

                        MD5

                        ede9ae220471b62a232141432575a80f

                        SHA1

                        044b867b7c2640d18d4303339043fb5c72e6a187

                        SHA256

                        b2b366bd2ed020accb64b2d55f40319a696525b75c8bb43f5445a3d0cb9984d3

                        SHA512

                        fbe0c10dd5a3b05f6f3cdef8e3b7fdaea9489e1ebb11e4a237573938ec531bf798cddb8c77d2d1028ebcd684df5392e028b07d43085108c65eba7b486e045aae

                        Download Submit

                      • C:\Windows\{90FCD27D-6F3C-414a-9404-A744620F3E93}.exe
                        Filesize

                        90KB

                        MD5

                        58f82997d5d92d7f983d626871507f10

                        SHA1

                        64f474e0362b7277bd18878509fb633695a1f137

                        SHA256

                        33c7f7cc001f89d571dd8a69b62711af23ca8f6044001bc4e7634af1406fa441

                        SHA512

                        4871c5ff821d9b980a9ce20674b7db234bc2c6e3498c54caa7a900917995c4cce5a38ba2d2eec71f585c58d7d6c03eac862c34a7899979758a1b4bc1faad50f4

                        Download Submit

                      • C:\Windows\{D8F40F3A-69A6-4eae-BB36-00D0608297DB}.exe
                        Filesize

                        90KB

                        MD5

                        0ad6d6068702b3f255e97254926f21f1

                        SHA1

                        66a6346c358cd1d6d5dfd86e16c1c40f64af65b3

                        SHA256

                        03a994cef1e3fcf8c70dfce1886c042cd9163b1737e064f9593bc0fc8f4b54ea

                        SHA512

                        1a6db54a78eef56782aa20b7fe29b84a45aa31660dc593be63b59f9714e2242b634bc3a0bf0547613deffd6b5c245215adaa68e79503ff5328fcd5d98cdd1651

                        Download Submit

                      • C:\Windows\{EEA72CCE-BCFE-4f1d-B925-603068EF23CD}.exe
                        Filesize

                        90KB

                        MD5

                        16b08fc936605125acc406798d69fb8c

                        SHA1

                        0756f5e3194f26bc9b9d6817f6f2c6c0f79dcc79

                        SHA256

                        515495ce2cc8dfbb4f47c4297f16c9ec23d674872793c03dcb53a081059b43cc

                        SHA512

                        df029d2ae44ec859f174c9341e17108811ee29b0e9b91a4fc1f99484f02f2a14f3ab8bfddc4cfa4c132feb85d6f2f44a92b07679bd30d87b4fd48065b6cf26b4

                        Download Submit

                      • memory/484-96-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1564-69-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1564-62-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1952-61-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1952-53-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2112-80-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2112-88-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2260-71-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2260-79-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2344-18-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2344-14-0x00000000002A0000-0x00000000002B1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2344-9-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2404-44-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2464-36-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2540-97-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2592-28-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2592-20-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2616-51-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2884-0-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2884-10-0x0000000000400000-0x0000000000411000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2884-8-0x0000000001B60000-0x0000000001B71000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/2884-3-0x0000000001B60000-0x0000000001B71000-memory.dmp

                        Filesize

                        68KB

                        Download

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.