Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10.exe/AppRe...er.exe
windows7-x64
3.exe/AppRe...er.exe
windows10-2004-x64
3.exe/Brows...ew.exe
windows7-x64
7.exe/Brows...ew.exe
windows10-2004-x64
7.exe/Brows...ew.exe
windows7-x64
7.exe/Brows...ew.exe
windows10-2004-x64
7.exe/CProcess.exe
windows7-x64
9.exe/CProcess.exe
windows10-2004-x64
9.exe/Execu...st.exe
windows7-x64
3.exe/Execu...st.exe
windows10-2004-x64
3.exe/Fortect.lnk
windows7-x64
1.exe/Fortect.lnk
windows10-2004-x64
3.exe/JournalTrace.exe
windows7-x64
1.exe/JournalTrace.exe
windows10-2004-x64
1.exe/LastA...ew.exe
windows7-x64
6.exe/LastA...ew.exe
windows10-2004-x64
6.exe/MUICacheView.exe
windows7-x64
9.exe/MUICacheView.exe
windows10-2004-x64
9.exe/Malwarebytes.lnk
windows7-x64
3.exe/Malwarebytes.lnk
windows10-2004-x64
3.exe/Previ...ry.exe
windows7-x64
3.exe/Previ...ry.exe
windows10-2004-x64
3.exe/Recen...ew.exe
windows7-x64
9.exe/Recen...ew.exe
windows10-2004-x64
9.exe/RegScanner.exe
windows7-x64
1.exe/RegScanner.exe
windows10-2004-x64
1.exe/Shell...ew.exe
windows7-x64
9.exe/Shell...ew.exe
windows10-2004-x64
9.exe/Syste...er.lnk
windows7-x64
3.exe/Syste...er.lnk
windows10-2004-x64
3.exe/TrappedV2.exe
windows7-x64
7.exe/TrappedV2.exe
windows10-2004-x64
7Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 02:37
Behavioral task
behavioral1
Sample
.exe/AppReadWriteCounter.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
.exe/AppReadWriteCounter.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
.exe/BrowserDownloadsView.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
.exe/BrowserDownloadsView.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
.exe/BrowsingHistoryView.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
.exe/BrowsingHistoryView.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
.exe/CProcess.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
.exe/CProcess.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
.exe/ExecutedProgramsList.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
.exe/ExecutedProgramsList.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
.exe/Fortect.lnk
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
.exe/Fortect.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
.exe/JournalTrace.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
.exe/JournalTrace.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
.exe/LastActivityView.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
.exe/LastActivityView.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
.exe/MUICacheView.exe
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
.exe/MUICacheView.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
.exe/Malwarebytes.lnk
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
.exe/Malwarebytes.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
.exe/PreviousFilesRecovery.exe
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
.exe/PreviousFilesRecovery.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
.exe/RecentFilesView.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
.exe/RecentFilesView.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
.exe/RegScanner.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
.exe/RegScanner.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
.exe/ShellBagsView.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
.exe/ShellBagsView.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
.exe/System Informer.lnk
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
.exe/System Informer.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
.exe/TrappedV2.exe
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
.exe/TrappedV2.exe
Resource
win10v2004-20240508-en
General
-
Target
.exe/CProcess.exe
-
Size
35KB
-
MD5
5af6b376e660805759683865437acbc0
-
SHA1
75f61ab72f67c53553ef87c655777c430c3c91c2
-
SHA256
f0cf25602f19d5b2f2c0050180815eb5c727427142639fa1c177b5d1dc078a1b
-
SHA512
faf2750a1dcfa6bbac2fc0162f14977ac7b145fe4361e58e880ac727902fc90afe1e92c7107c5096050c2e8a5dae1aab322c84851fbd30542f35e6e846d16e63
-
SSDEEP
768:/+5WLaO2wpBorkucMMqyv+czNsmj+KN7mODgDsEhahV:25WLaf7rkucMMqT+UKcirr
Malware Config
Signatures
-
Nirsoft 1 IoCs
resource yara_rule behavioral8/memory/752-1-0x0000000000400000-0x000000000041B000-memory.dmp Nirsoft -
resource yara_rule behavioral8/memory/752-0-0x0000000000400000-0x000000000041B000-memory.dmp upx behavioral8/memory/752-1-0x0000000000400000-0x000000000041B000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe 752 CProcess.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 752 CProcess.exe