Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22/05/2024, 20:06
General
-
Target
2dc1db862f7b2f38a1ed7b603e8ee6827906d7abff8621fceb2c188fa4a4c36f.exe
-
Size
60KB
-
MD5
6314412510fc5ab9de5eb363ee568163
-
SHA1
1adceb2ff6147903afa12323c8e2c9f533f9e399
-
SHA256
2dc1db862f7b2f38a1ed7b603e8ee6827906d7abff8621fceb2c188fa4a4c36f
-
SHA512
477a72e1d3de331935f545138f6db4a9b4e309715259adc55a4e799afae48d1a4e67d69f35e76fe840535ef8c51288780a3135228682725e8c10fa147dc6847a
-
SSDEEP
768:vvw9816vhKQLroCc4/wQxWMZQcpFM1FgDagXP2TyS1tl7lfqvocqcdT3WVd:nEGh0oCclwWMZQcpmgDagIyS1loL7Wr
Malware Config
Signatures
-
Detects Windows executables referencing non-Windows User-Agents 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dc1db862f7b2f38a1ed7b603e8ee6827906d7abff8621fceb2c188fa4a4c36f.exe"C:\Users\Admin\AppData\Local\Temp\2dc1db862f7b2f38a1ed7b603e8ee6827906d7abff8621fceb2c188fa4a4c36f.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B65DFDF6-AF99-416b-A470-1A1A7B37AF50}.exeC:\Windows\{B65DFDF6-AF99-416b-A470-1A1A7B37AF50}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EB938CF3-7C36-4d4e-8A5C-8E7400D42531}.exeC:\Windows\{EB938CF3-7C36-4d4e-8A5C-8E7400D42531}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A2E8491-D28E-4be6-A7B9-584DEB5E0B0F}.exeC:\Windows\{6A2E8491-D28E-4be6-A7B9-584DEB5E0B0F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF4D6674-8626-434e-9F06-0729E6DB0FBB}.exeC:\Windows\{FF4D6674-8626-434e-9F06-0729E6DB0FBB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6CE463F-533D-4988-9FF1-98C980AD0071}.exeC:\Windows\{D6CE463F-533D-4988-9FF1-98C980AD0071}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBEB49E9-A2AD-40d4-BDBE-F611D7379352}.exeC:\Windows\{CBEB49E9-A2AD-40d4-BDBE-F611D7379352}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{83D9A917-5E95-4ed4-8C13-0993A2D8E0E9}.exeC:\Windows\{83D9A917-5E95-4ed4-8C13-0993A2D8E0E9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06DFB48D-2B1E-42df-BD6A-17E0E9BEA1D0}.exeC:\Windows\{06DFB48D-2B1E-42df-BD6A-17E0E9BEA1D0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{973BAB2A-34D3-4507-8057-3AB086588027}.exeC:\Windows\{973BAB2A-34D3-4507-8057-3AB086588027}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7CC314AA-E3ED-4d92-98EB-2D2A37BB32F6}.exeC:\Windows\{7CC314AA-E3ED-4d92-98EB-2D2A37BB32F6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1011C523-F660-4842-A841-E8C6053372A1}.exeC:\Windows\{1011C523-F660-4842-A841-E8C6053372A1}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CC31~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{973BA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06DFB~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{83D9A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBEB4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6CE4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF4D6~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A2E8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB938~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B65DF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2DC1DB~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD53947aee3f7df8258aa731098285fa876
SHA1125c6711f07224c056936c19d6f32335ad4990e7
SHA256e42b3834ddb1ed518f2f57b492f4ef7d391a6e9fec0c4ac68d5eba18e8e16550
SHA5129b78471a2bd56fbe1a11c6de42daed9ea5af37f43c134d07f417ffe5b274c519a86d5c9bbb51b209ba3d5164bcac5fe7e6e294eb762994b27b35e03a948c3c1a
-
Filesize
60KB
MD5ae99fdceb748cc4979933de41d5d8c40
SHA15013c78d46e8676757ed17cc4bdc640ebc42e02d
SHA256d527801a91ce48acb682133f0ebccb97c9bd30cf4b8ae5068cf0a53d7c110ed1
SHA512dd2fab8d42c07bb4430ef1bc918d404150d44e8582b3d47f27b5a7d22af80dd0a8c9646ef2524ab4963f58ca85a2fe7643f4d36211a40b343ae33fe39537458d
-
Filesize
60KB
MD526ae512025a5d067172d5ee0f37613da
SHA163b07fe3648a6421118fc788a603c632e3b92e27
SHA25617b7cc0eedacdac74e3ecbe4068566da97387891f11e604be3b87a87e82b11cb
SHA512016c33b920492893e712eeaa608e7c1ce376ad0a04db3b25ad36895378bf2842e9e311bf54d3bd84f4794e82361e3ea240280c0efbdb04962d3e045978a4f87d
-
Filesize
60KB
MD52f462c3359771e356d9fc2b444bd8979
SHA1808d13e4ae16ab8256d32edb25d95c5bf9c18158
SHA256d73f92dc371484a7e362e73013066780893a5f0f59682482e04d7e4f45dfa934
SHA512ad810822d33dffe1d4eac3445639b7e1f1c92b1b73c4d025a8eda315c6ea874d35fcc95296adeabbebf14b2f780567342652be35210c6c17bd6d2dd4a34c4fae
-
Filesize
60KB
MD5d1ece6b829569c9c21eae55c5e1bef2c
SHA1aedb94797e9b2d0340d19a95ffc5a4720c27ede1
SHA256bdbba21ee4597f328f8c130a98a2859e39835f68abfe6d2f6a113eef77786bc6
SHA5123c45eef4e3b952c3206d6ed9728a4f7ec78921faa5096a292063a5a0b24598d32d84aac4620607a9d60b978f47e94d9ec56d471d39e0587eaa8d45f7cc62ad96
-
Filesize
60KB
MD53e83547b50c79b688ae48f3674ea947a
SHA1bea3b57a977877db6e87a92faa78972d6b607857
SHA2564b22a495bf329142d84b6485d208c4368ad505fca514c57faf1b11b5717eb3ff
SHA5126bd64a3007ea5404b2500a1dd20845ebf54e17cc81b51e8937910133c161bbc547db92ed759537ee6775d94f1e6d81b833b27333afbefcb93f797576e3d21a9d
-
Filesize
60KB
MD5866a15063258b8986c44ca5b22702af2
SHA1f41eab034f33ecfa946568cc366c7ac6b96522d5
SHA2564cf4ad9b0d1548bb464e72fa41ac449d121e0217cfcacb15cde8f61e644e7771
SHA51299eee8ef72d8e6b5c885dfd195cc4552517460a946380e2fbb537e4e29e1ea9271e1849da3bb3df4713ef36aa453d50806a46e3b490b1b3575bccacd6414c8c4
-
Filesize
60KB
MD500c0b9ba801d6bb016c79cf95e1db1b1
SHA1be9f7d2c466fe462f5078bbed61734359bbdd380
SHA25601bfada6ce1c72a9f9a52bac0125552c05a46d2d689130d60ce478f762681bd7
SHA51255876080b6ae316cdcfe47fb9489551a0b84d4c74b7574367a49881e5cddf4a81aa2cbf85e8a326bc85d9d61cc802d24a4bea0da444e388ad283d32770807985
-
Filesize
60KB
MD53e2d2bcf99de5365a0a32644bfdd0173
SHA1e769858a06f5b9c9c10b28d05117cdfa46f892cd
SHA256fd9cf9d0d0109832c4e83433ab36e23414296c5e5b32a95103163ce13cbf25c8
SHA512c213666287133a875837ab1031bc6d6fd8e37b4f15fe3f2fb0b95edb23525be7bbbc34d8cc7fd8e2b215da23104fb3cff1895629af233db78946cbfd8dc782ef
-
Filesize
60KB
MD5d78f30c3ff830599e278166721b33740
SHA11ba2707357a44ecc959f258120b4bb4b6a71aa5d
SHA256e5c1cd4beb9a3f2f4d0d63b2a4b9da23a0d5600a700b5f6a44407438d380618a
SHA512566ecba717f3536f40fcdf9df62f63bcd89add258d06eba71f085031cfc481f80ab946488b645cca7b96ee53f03a194516466d5f070cb6fcd2e50d90cc3b179e
-
Filesize
60KB
MD5694062964ddc177b45150a3decb3e0e7
SHA1fc6a82603ab62db68734c39878df1eb79b82e7ad
SHA2561669e34620343c1f2ef03f29f1719ee47e84fad2cffa8bb9b4811a9846e450dc
SHA512c47dd98dd5c53c00d715d6809bae089064de910d864fa1cbb7576291a4c8d9ff5927723550c065e020b70fd324a65a212b9ed5784671789e12f7b71dbc366817