Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 20:27
General
-
Target
3cb1175abec2d278945a05f66682737e6b50bbee00d17f13c1cf6fd128001b30.exe
-
Size
89KB
-
MD5
390ea50492c626af9a8bc2676b56402f
-
SHA1
609e9d9682e4ca01771749df06831d0a5a8fe70c
-
SHA256
3cb1175abec2d278945a05f66682737e6b50bbee00d17f13c1cf6fd128001b30
-
SHA512
568d9ff539a578c8f9ea3a91853e67ce8fd301540a898eefc603650875f8d2e322c5eac2c425c23e5d7069217f12d26c19cf6ae8d40dba41d492e9b0f857a2f4
-
SSDEEP
768:5vw981UMhKQLro54/wQ4pNrfrunMxVFA3v:lEG00o5l3zunMxVS3v
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cb1175abec2d278945a05f66682737e6b50bbee00d17f13c1cf6fd128001b30.exe"C:\Users\Admin\AppData\Local\Temp\3cb1175abec2d278945a05f66682737e6b50bbee00d17f13c1cf6fd128001b30.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DADB1BF4-6A2B-4625-9713-867EEDE24839}.exeC:\Windows\{DADB1BF4-6A2B-4625-9713-867EEDE24839}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C2CE145-2F27-405c-9F4F-29EB7C9A8251}.exeC:\Windows\{4C2CE145-2F27-405c-9F4F-29EB7C9A8251}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F5B3C384-3D52-418f-9AC4-3661B18D2EA8}.exeC:\Windows\{F5B3C384-3D52-418f-9AC4-3661B18D2EA8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{43E1A286-1811-41af-ADCA-474B29538ED0}.exeC:\Windows\{43E1A286-1811-41af-ADCA-474B29538ED0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5ABEA1E5-AEFD-4a33-9B63-6E11C9332B1B}.exeC:\Windows\{5ABEA1E5-AEFD-4a33-9B63-6E11C9332B1B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D4830AF8-77AD-48cb-8FBE-6ACDBDE87341}.exeC:\Windows\{D4830AF8-77AD-48cb-8FBE-6ACDBDE87341}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9F62066-0CC7-4f80-A67B-FDADA1DE200E}.exeC:\Windows\{F9F62066-0CC7-4f80-A67B-FDADA1DE200E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79C11068-9C47-4d87-9499-29CD776AD599}.exeC:\Windows\{79C11068-9C47-4d87-9499-29CD776AD599}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE1A83D4-9F1B-4723-95F0-8EB05CCFCBC6}.exeC:\Windows\{BE1A83D4-9F1B-4723-95F0-8EB05CCFCBC6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7D997188-D09E-43ac-BF05-0CC5ACC63047}.exeC:\Windows\{7D997188-D09E-43ac-BF05-0CC5ACC63047}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB02FD91-5B45-4a92-ADE6-66CE3ACD7376}.exeC:\Windows\{AB02FD91-5B45-4a92-ADE6-66CE3ACD7376}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EC6BD233-5DF0-4140-AAAA-9F7878B82E39}.exeC:\Windows\{EC6BD233-5DF0-4140-AAAA-9F7878B82E39}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB02F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7D997~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE1A8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79C11~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9F62~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4830~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5ABEA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43E1A~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F5B3C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C2CE~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DADB1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\3CB117~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD50df9f5987543ff87a516b75bc92adb4d
SHA16a2653a5d7f3c1a30177d8a60f68032b474999f2
SHA256e7fd1a11205b192ef17030edb303db86554203f916c31fd6fb657d64f5426656
SHA512940db68465a350c96c9b87bc9dd18793b6cadf5d5e0e97573930d94ad17b7ead06b5b0a5201049ff25bead1ee04c5d7b2404bde4072fbb999312db4294c936ad
-
Filesize
89KB
MD5feb4d62ca4492721e853390c9fd24c91
SHA10f696fa5e26dc378cca40f79a1e824ad3815115f
SHA256053f13aac3b07fca1096c15b53212f2e49895b51831e27afaf7b74c6fb7dd924
SHA51201b8c06029be33c31e8d1b92967b6b826ae0469f12c2c2e8e64a21b34dd13f1a97c6513ad76099c8a54c845dd75bd609051bfc90ccd86deb72b88372771144d1
-
Filesize
89KB
MD5bfce2f18e87c1674917209dd77fd9fac
SHA15a834b23e7f7130bf95c10d6cafd746848533671
SHA2563d8b0ab3d0ebd87918916ac10a57ac4ec27ff8c6624c9b23e18cf4efc90eb912
SHA512db85e083c9d424fcac3a0e45d6d9995b4066127c587ed286c328659c70752a1308bf82e794f4c9b47144d122895da09e4b7b5b922921c5d515bb1c4dc2b78dff
-
Filesize
89KB
MD5b162a5ddab47a7b9b1d0d6dccf5f07bd
SHA15005f347d8e9371a9f6d2ba618545d1ed3274667
SHA2567cdbe5e161cb4d823eaee21fd802aa3a2af360a3102533d5ae52b6afe58a902b
SHA512b32198a65267e863a890a5bfdc8f1012d3b66c29483e01e62504ed3b38bf5f43e52095dcd87fe340f7ece75402c8441d66f7f8d3e182b91d15aecdd1151b503d
-
Filesize
89KB
MD5a2298d7527841fdc995046361f2c7ce2
SHA14b7a58913960006d2ac11d08b261903c1ec16355
SHA256ecbdbf51755ac7a55ce5d9598b8596f89e7c727b24825fcbcd39ce43725bec91
SHA5129507f0e3b9a3fa85448b8f0f909ff067721161b0b96e9a112bf59021c669fde11942281622976963f27b146c709f655c7c9fd36c7253b65f2030422f96e2d895
-
Filesize
89KB
MD5d86814d6d9a6ad293732592deb694b79
SHA10f0d58f91ec8a47f1628a38ce582896a115b75f6
SHA25650d5a14e8cbfc0b70dd09e18c114e72a2306eed8d84d72ca4844f8a173a9e039
SHA51252f06543433ad3d21cd7d25322bc887e1799c5559b210fa93962d1e81589d702e429cf27fce5e61e44cfd20feed6d915199dbe38fa79eee37db5c3935c7b3c02
-
Filesize
89KB
MD5194699d8644ed8f8b7862a21d6045e7c
SHA1fccaac8a89c5ca9e7dc3d141f095f9acb5544edf
SHA2561a8956f87f4ea64a50baa3aba99a3d05fbf73a120163be0275675f6b233f30e7
SHA51283ea3d0178400c95a83f1be0b8edf60b2e1a63f3c895686cfa97226394918fe7f9e1b4502354cf0cd87a03e5e7e3a1938cf31a9f76a3280932cc1d5e14ee56bb
-
Filesize
89KB
MD5fa20d57d01df792b6f410555bd74d9f9
SHA15376fa94ca44ce6dfafd334fc07163efe349b5a1
SHA2562fb9482bf1c92c7437fb59089407cb417c34d1a7c86d9dff7155612fc2d1d48f
SHA512bf84443ea7e682debd89d54023757b9e0c4ab6dac5ee8fecacda4ef8f094afee45786e603ac8db55bf1ffed4ffb995dbfe3a2b2ad486adcd559194d91c6d584b
-
Filesize
89KB
MD524e3432eea8579dd2950400bb5ac8a37
SHA138bbf7495223ba4d88a5e6a2682d98ef87c222d2
SHA256369501512509dbad3483fd4b9cd31fe1038c677cbf907669e857efae92b4a319
SHA5127c724c36ef08b37ed26b3dddcd2604c053bdb843f01660bce6ce663a95d20fbb89c79b721ee47f11104f1b816aa9884292dba801c50eb71b452fc1984ac97bc2
-
Filesize
89KB
MD52a8f0111575e425d232250bfc8dc7ed5
SHA194a55d0e6bb1ee549287613bad6264360a129c6a
SHA2560f11771ba49cadea5f7a47355200383e71ff850fa074cf938d70f0d7082ea7ed
SHA51255866764733d50fdf07363d7ec163a2e5dcb81b5e280f43992f80a0138392742703a00983e5a068ec79637e5e091497ffd8bfc682e0fb77d4d261d042c980c76
-
Filesize
89KB
MD5679d19b5952fc3cd509a30d0bbbbf01c
SHA1d6ce096c2905d0c327389f8b7e5432f90d701c03
SHA256fcee86402e902558d960e069098d7d304b5c17d97ff4b02839b85b05b8b7c200
SHA512ba18494742f1d699df827c4354ceee9c6fd101f36acdcdfadec07a37c73827b0460317fe1660c6a6fa0e671d0b79860e84249b5b23a8fc53645cee4cc47666d6
-
Filesize
89KB
MD56f3b175a29af108efb8a5d32c7d2b288
SHA1d30b2f43323b52e3e4d664a4ce8b44f366119a8b
SHA25649b7b3045d71e0d7e225462160e0c426572a67ecff3e7a129ce512e03a439f1d
SHA5128bedca9e118653e0d87bf47b2fe97880603ff34b7f0bad353339d9ece76861106a344b433ac2bd59584004b3fed369f6b91b6ef550a1aa1072ff6d597d0fa65e
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB