Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
30f562ef020...18.exe
windows7-x64
70f562ef020...18.exe
windows10-2004-x64
7$APPDATA/�...÷.lnk
windows7-x64
3$APPDATA/�...÷.lnk
windows10-2004-x64
7$FAVORITES...÷.url
windows7-x64
6$FAVORITES...÷.url
windows10-2004-x64
3$FAVORITES...÷.url
windows7-x64
6$FAVORITES...÷.url
windows10-2004-x64
3$FAVORITES...Ø.url
windows7-x64
6$FAVORITES...Ø.url
windows10-2004-x64
3$FAVORITES...½.url
windows7-x64
6$FAVORITES...½.url
windows10-2004-x64
3$TEMP/A±�...HJ.dll
windows7-x64
1$TEMP/A±�...HJ.dll
windows10-2004-x64
1$TEMP/A±�...Io.dll
windows7-x64
1$TEMP/A±�...Io.dll
windows10-2004-x64
1$TEMP/A±�...Io.sys
windows7-x64
1$TEMP/A±�...Io.sys
windows10-2004-x64
1$TEMP/A±�...er.exe
windows7-x64
1$TEMP/A±�...er.exe
windows10-2004-x64
1$TEMP/A±�...ll.exe
windows7-x64
7$TEMP/A±�...ll.exe
windows10-2004-x64
7C:/Documen...��.lnk
windows7-x64
1C:/Documen...��.lnk
windows10-2004-x64
1C:/Documen...÷.url
windows7-x64
1C:/Documen...÷.url
windows10-2004-x64
1C:/Documen...÷.url
windows7-x64
1C:/Documen...÷.url
windows10-2004-x64
1C:/Documen...Ø.url
windows7-x64
1C:/Documen...Ø.url
windows10-2004-x64
1C:/Documen...½.url
windows7-x64
1C:/Documen...½.url
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 19:57 UTC
Static task
static1
Behavioral task
behavioral1
Sample
0f562ef0200664bc779e2e2569337a14_JaffaCakes118.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
0f562ef0200664bc779e2e2569337a14_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$APPDATA/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral4
Sample
$APPDATA/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$FAVORITES/GoogleËÑË÷.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
$FAVORITES/GoogleËÑË÷.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$FAVORITES/°Ù¶ÈËÑË÷.url
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral8
Sample
$FAVORITES/°Ù¶ÈËÑË÷.url
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$FAVORITES/ÍêÃÀϵͳÏÂÔØ.url
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral10
Sample
$FAVORITES/ÍêÃÀϵͳÏÂÔØ.url
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$FAVORITES/ÍøÖ·µ¼º½.url
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
$FAVORITES/ÍøÖ·µ¼º½.url
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$TEMP/A±äËÙÆ÷/JSHJ.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
$TEMP/A±äËÙÆ÷/JSHJ.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$TEMP/A±äËÙÆ÷/WinIo.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
$TEMP/A±äËÙÆ÷/WinIo.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$TEMP/A±äËÙÆ÷/WinIo.sys
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
$TEMP/A±äËÙÆ÷/WinIo.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$TEMP/A±äËÙÆ÷/aspeeder.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
$TEMP/A±äËÙÆ÷/aspeeder.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$TEMP/A±äËÙÆ÷/uninstall.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral22
Sample
$TEMP/A±äËÙÆ÷/uninstall.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
C:/Documents and Settings/Default User/Application Data/Microsoft/Internet Explorer/Quick Launch/�.lnk
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral24
Sample
C:/Documents and Settings/Default User/Application Data/Microsoft/Internet Explorer/Quick Launch/�.lnk
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
C:/Documents and Settings/Default User/Favorites/GoogleËÑË÷.url
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
C:/Documents and Settings/Default User/Favorites/GoogleËÑË÷.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
C:/Documents and Settings/Default User/Favorites/°Ù¶ÈËÑË÷.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
C:/Documents and Settings/Default User/Favorites/°Ù¶ÈËÑË÷.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
C:/Documents and Settings/Default User/Favorites/ÍêÃÀϵͳÏÂÔØ.url
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
C:/Documents and Settings/Default User/Favorites/ÍêÃÀϵͳÏÂÔØ.url
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
C:/Documents and Settings/Default User/Favorites/ÍøÖ·µ¼º½.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
C:/Documents and Settings/Default User/Favorites/ÍøÖ·µ¼º½.url
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
$TEMP/A±äËÙÆ÷/aspeeder.exe
-
Size
1.0MB
-
MD5
0b99f927d85b0d20e548183a860afaa0
-
SHA1
5fff765df471ef83b370c92a12f56789dda2cb1f
-
SHA256
c6eb445c422dda11d1094d927cc0f45446a7e954e72be6e3bfce81ef24f23c0f
-
SHA512
f3290b60c149a70bf54786a2b447dbd0e94f9a16c901047a7109d4562410104dc54d6a9f7ef9a1ccc2bdd80e5b5094b8a098bb304cc2a068015e9472fb15b91c
-
SSDEEP
12288:Con26ttYdG3mNPkab3sSp4tsNCgbzoyu7ZK6vslEpzmQmCPqSbBOWRt7uA:JLYVcIp4ts88xu7/GEIGNOWR
Malware Config
Signatures
-
Suspicious behavior: LoadsDriver 32 IoCs
pid Process 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 108 aspeeder.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe -
Suspicious use of SendNotifyMessage 5 IoCs
pid Process 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe 108 aspeeder.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 108 aspeeder.exe 108 aspeeder.exe