Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/06/2024, 19:47
General
-
Target
2d599a3d6c0d8d45802f7fb6de2500422cc9d9272ee976f590f5c575fc9c46e1.exe
-
Size
320KB
-
MD5
bca6144a6b4042fa542cc789b02423b3
-
SHA1
bc0d9ee6ee0244b86466b4f1c0511c06386a3bb3
-
SHA256
2d599a3d6c0d8d45802f7fb6de2500422cc9d9272ee976f590f5c575fc9c46e1
-
SHA512
780e14bef0e47a3cfe8561e26268ffa0b4b34beb472f9c606160ac60ebe9f093832df0f1f194ba34a3afefefea44abb55f003e5066174342bd822ee1407003af
-
SSDEEP
6144:heHwXUU5EYCTvaBjRjWrLJKuKnGML5NjcxFSH:hyMUusvalgg5NjaFSH
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Disables use of System Restore points 1 TTPs
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 6 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 3 IoCs
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 42 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 3 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d599a3d6c0d8d45802f7fb6de2500422cc9d9272ee976f590f5c575fc9c46e1.exe"C:\Users\Admin\AppData\Local\Temp\2d599a3d6c0d8d45802f7fb6de2500422cc9d9272ee976f590f5c575fc9c46e1.exe"1⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\GPV3W6L\service.exe"C:\Windows\GPV3W6L\service.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\GPV3W6L\smss.exe"C:\Windows\GPV3W6L\smss.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\GPV3W6L\system.exe"C:\Windows\GPV3W6L\system.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 11763⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 13803⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 13843⤵
- Program crash
-
-
-
C:\Windows\GPV3W6L\winlogon.exe"C:\Windows\GPV3W6L\winlogon.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\lsass.exe"C:\Windows\lsass.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5780 -ip 57801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5780 -ip 57801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5780 -ip 57801⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5e4f171c33bf9e083749633d1ab530b9d
SHA1f63d22d478174cb048d5fb37815e8ce0929cfd54
SHA256b2d4b9777fb7987e314b8963b575bb5425b23f699acea605da608af90cd020ef
SHA5126ff64c3f7b15482eda8349d974cea72b66f1b5de79a4f43a8b29d4f08ef52e2124e5983e494b6fdacd1915d39626aaa25101713f320f883f2c544b6bb94c0a1a
-
Filesize
320KB
MD50efde016e22ef0a1f98f5c655c6a2454
SHA19f0f969dba41f0ee1d4599119a963e9a2e7d4f0e
SHA256fa8b2878233e59c7f135445fd47640c757825f4f5242b06cca556f4ab7479c80
SHA5126596520708c6c458b3911de2e67e1ef80df090cdcade865ee05aaebec207c0c8b377258118351a424b0ba084b6ba49fdc70aa8296323b7602dd9fe8130912241
-
Filesize
320KB
MD5b2278bd52eae50d9f3db7c866da1495b
SHA1e9efa5cb76e80300abf82688dbbf120fb52b10c8
SHA256c68b77d96fdf0976c22bfdf728ad41ac19e7ab30a381670918b9f18ff60344be
SHA5129733a475de7df5e6892f88db0c8ab9727463cf09cf67d6c463d1c706419395fa5054463ca47401e1beb0ac46468bd28312690c5cd8faa8042b7fd208864ee2d2
-
Filesize
320KB
MD5e3f47af366fe8b294271bd45835590aa
SHA162ea89a5f12ff41f7976799cdd473e20e3b6cb5b
SHA256a5d140f7ce772e52e6aac482772366276eba8c99f5c57889ee88e6d52ef4e419
SHA5127f06f560af997fcee100328b0e9f4cad360b03fc3eee5c2cc7faed2271a3c4128aae96a26b3bbf223342b9ca2a20accd8ed5a2c8b3c02bce269499b01c0714bb
-
Filesize
320KB
MD5db8da31cc69759762e6fbba68437f671
SHA1207888eee06201a8df834c464e2db133824fefd2
SHA256e0bb3005c2fb230029777e3669f76c2f68acc830d523f6cf39e96b5a64c43718
SHA512d5b3916c62d778733fca700b4718e275ed0b3745176cff2e5e5da6236edd41bfe202e5be5f168c48204b38e364d63837299b2d9134a40920a1ac9e61de83826c
-
Filesize
320KB
MD57a6cc758e29f27cfc5b2636a232faa4e
SHA1a08669b024dee550d768eb2523c9de887df30806
SHA256cfe28dd799cbad340896691654044f2d2a423d755607c11f87195fe2b9e87c76
SHA512c0bc5f2ce64b4ce231bc8efe378b533efe508568645b157208e830a897c138ddbe780260f69451be8369f9ce2f75261c3cd58c11df70ccdb3201f2489b83d4ec
-
Filesize
320KB
MD567bc55d6b1d7cb240b7d186cc3eedb93
SHA1e882de0d6aa0f94e491eb1358f3667a2e179bba4
SHA256ed8666a9f7d78efa1ab37ab0bfe3ad36e5cb425f352f05fb1ac62639e802d355
SHA5127bb8bd655287630b5548877a9ad4ce4a1e4fd2244493f642be89375c3c9190862be55fd745fb330d8e71a24088516d8f2ebb3e098b16218029e60babdeca35d4
-
Filesize
320KB
MD54382067c485336e0470e2852635fce71
SHA106c45163f9c282448a2ace8de449db87ff45298d
SHA2568fefeb25ef15aac4a7aec6a7943f869ad9cb8992bdc85507fe36ea220305b8d8
SHA512a1be53e6033533263b4a1830156ab7ce83aa148c5149cd9829bc400eb947293974f85b88930e0abf7f29e19fc4377e5c5582c90f470f72b2c907f3fe57a3b76d
-
Filesize
320KB
MD5bca6144a6b4042fa542cc789b02423b3
SHA1bc0d9ee6ee0244b86466b4f1c0511c06386a3bb3
SHA2562d599a3d6c0d8d45802f7fb6de2500422cc9d9272ee976f590f5c575fc9c46e1
SHA512780e14bef0e47a3cfe8561e26268ffa0b4b34beb472f9c606160ac60ebe9f093832df0f1f194ba34a3afefefea44abb55f003e5066174342bd822ee1407003af
-
Filesize
320KB
MD520e26acff14650df6a0d8a1969bda998
SHA10ed2f1dd6f9b5440d54bfcb9a747a68e74a48ec2
SHA256c96275e35432063076716ce909aa7c25dff7d0a0d64972fa1d51b389e61b691d
SHA512b40b03084f895e6660f28be7dff5afa39df0977a572c7e12113bb7e0a1727d504fbc145b74d5c8be0817a23684a36fdaf708db701501c19bd6235a7105d8860e
-
Filesize
320KB
MD54a6280bdb375dea31803246271e30b32
SHA17d76b5e1bdc723e1455bbdf6cfed2d97668ca638
SHA256329d0c6f832e5b3bef9c108f8046e84d0ee9698a2c9f955e18a75f04b7f8bcd4
SHA512cf5ccf5c38049d19c591a4f1c7f0605cc95b8e6284b06a27257941185bd96659e0f54fb5d3c8d5b0675c8ce8d3c1102b53c218863296a6dd30ae8ff5e4bb2635
-
Filesize
320KB
MD59b5086ba3d41385e6d35954633c1c2ef
SHA16fe9a18cfcf83b8ac58c4dba49c47f1c5c1b5514
SHA2563fea766416a537dc0a4e3b1f7d1780de85645c26316e69decdfa67c1ff48bdfe
SHA51253bd3ca0b00c1b372e61fc793fac587ed16ec98832acf8ff927f2776bac3d11b2fbfa7c04ed7c1289e3d7c0bede7d708ecb96fa11cfd8edbe8cdf58676ceaadd
-
Filesize
320KB
MD522f386a76b90a9b557dec656aa3ac61f
SHA163d49cf4d25a605271a3a098a0412cb7cd2c6967
SHA256850a5ce24129972d43a8592fcadf4171378f801f413f41fa292000b2940f0aeb
SHA512333c89cf3f5da4b6764728e4febd702c7ef41345952eae699ea32b33276dd4246e5d617f5747872dffbceedd0c85d25a431351e789abea3f7da8f0f998fadee3
-
Filesize
320KB
MD5f7b71873f0e92da5b9ea819ec70476da
SHA182803cc5c67684e2709d73a0ddc1f0161239c937
SHA2564b149ebcb040e0df9dd3f468eec426a228f9f67cd94d30c3437f1ba0224acf66
SHA5123e0fbbcc4edbaab6ca3ed69ee6c6329a767ccd6cf3432379b6036cce70b8fc47c95c463cb5443e1b3ed885588ec78dfa890259fc03f015a1514942a2d648cae4
-
Filesize
320KB
MD54ac8107e905fc6a165e464d0464e3ef5
SHA1bc0f895e54816997549edb6cdfedb27c90042fbe
SHA2562efbd1a4e8db2e4bd1aec8a45f332422d60e8744f6acc31434c7882e4857da1a
SHA512266ec78bdcf304338b172258d16d8ce2287e36ce3a3473eb1e36e3493af64748ec6fa787c86c2a4c12ef96aa3f530498a6d546aaa4df0a4a0a36e89b31b983dc
-
Filesize
320KB
MD5fee07778a717de28afc3fcbb44e37ed5
SHA17765c1213b566bddef7e900143efb9bd94deb172
SHA2562299b5f37d14fc8bc480d39ee2ddfd6dd5632be8c5fc8941b9e0878e4666c859
SHA5121aba92723e04481c7b5055dcd67221447496f23ee97ff7b6d5c1119763f816c9b4494796fc1f3e27ae7d51711e1efbd7bf18602568ed71f5d6f093a4c853e970
-
Filesize
320KB
MD5b64e37e0603d3d092595d52e761bd381
SHA1438d79070d9304b0423da5f30e50b64775506349
SHA256d07b9997bfd6c9932d262a6e634618e871747bbbd8ef7ff43bd609938ac92da2
SHA5124d2c8f0acd180eb8785691077c3a076c318ad5944b930d5fd44e1c6ef8fc1ff2c9b849d27b02e8d5bf8654334beff291b82b0d4f2c568a4e1c95f74ce076819e
-
Filesize
320KB
MD5c6b9fd89a561af318be668b937316b64
SHA12ed426b4f1a1db0619e5dfdc004af19b693dbda6
SHA256f4b113cb6d34a26d72805dd7d782e555eab860bb74728af906ac43d7f5379226
SHA512a940f038e48e80e29b1ba38d6755bb5c5e7f8f29b60b53b0a3c3154c63941290000ec4ac1bd60f1775720efcc43e23153d518107e6f9ade42bb269b0b3bb602b
-
Filesize
127B
MD5f22908b15bb02468573a96548e208ee0
SHA17f3f98bf94173130e31b39c09b4df205b3c35f36
SHA2566fc9a90b25851efb7c2b8fbd62d22d093c24fbb0b3a0f3e0ff393ac90cd45338
SHA5120bffe28aca141822e656ebd8295be98f2fad4d0fb2678ad66f1fb2bb5d5a1cf28c1f69c04b619e1db5a92d4297dbadeaa5d196746b091159c7683270a415a096
-
Filesize
141B
MD5d3749d6ad5827ff4671d95582f43e93a
SHA1bda662852e8e5b25b2f41a1c10871230af8cc370
SHA256f4ac2a6b1bc10a81fa28c17f94750ab53e25e5d7114571b907927a72b9fa73b7
SHA512169b4cbcbf74e2c94aeb6d2532e8973d6ad509684482ea43d6652123e80d715be2a206c9647eafe431983b16cfbe3ef27f13a66b6dd9503336b8a6737a189089
-
Filesize
361KB
MD52ec2659ec7f07edc03a3961477fec1ba
SHA15bddbaf25724142738f70896ddf079c5445d1aa1
SHA25677e1e0a750cdaf9a6a54c8ab0857f2787e3a1280ac2762f320a5d6e98b340bb7
SHA512243d5d33ccbd52f47406c4e687801263b971c4604469cdd94d5fce9a42054af6efc7463c6524c9aa3a25f37d291d1356a134f9e76fd099504c57e70e783b1d3f
-
Filesize
361KB
MD5e311ef4df4009a9926e9d774568ad810
SHA18b546b1b626a28a4b117359065e43d5217cb9cfe
SHA256dba59c4d0417da694c70255a4741b94c92bd6206b932870b4d1b8eefe7fbd9b8
SHA512597399a7c5cb4b34de5ce070ccd2c2684bb601dded6456eb0bbd7a0cd13d0d4cefbbdc3a9a445840f033a49ec2554c46764535e115897623476ab6be64a89452
-
Filesize
320KB
MD579f820c9d73df65c8a650c065776c454
SHA1ab901eca04cfc107dec9ef228ac8e5cd504ce978
SHA25632e084f3b7d0fa8ddcbb7c822ca88356fcc7936932489b0a6c256c08977ff937
SHA512292e521ce2ad967a2d29aa4b46869830a2dd48831328971d517d6883136d2fab4ee0c67c5969b23336c8cb34610297451b6ea9ac88c5f3b57e9c7b5e59524128
-
Filesize
320KB
MD5b7e4902555d671fd57c2c83deac8c0b6
SHA19052674d70809843ee2268e3611fac0ea87254b2
SHA256937aeb735e392ee07d31839984ba4ea9a4a3b2736c0c9bd6eb7550a1321122d6
SHA512322959e0ed003fa9c6a9ccc32b0bee1e6084b9d9de8efcb37336b8deccae3e4e63c98e7bc7a56f897a62c6a0bcd1a765c70cf52c5c67848526877401d46ef2a7
-
Filesize
65KB
MD58e6e31f8df128a746ff9a3a38f8f78c0
SHA1e4da9aa336eb7e254592e585b29d8b4e23f3e4bd
SHA256dc33796b634ea14ed80a492257f698d103a57e1a041ccab92945efa8201a65f7
SHA512eddacadcb86d8ead42185af5ce779f35dcbf262b2e12dc1cb816c3c5e35563201a839b861eb4a2cda472a5a27b2dfb76a0310d6eb94b49e9d5b58af869ef22c6
-
Filesize
8KB
MD50e528d000aad58b255c1cf8fd0bb1089
SHA12445d2cc0921aea9ae53b8920d048d6537940ec6
SHA256c8aa5c023bf32f1c1e27b8136cf4d622101e58a80417d97271d3c0ba44528cae
SHA51289ff6a1f1bf364925704a83ab4d222e2335e6486e0b90641f0133236b5f6b0fede1e9f17b577d6d069537e737b761f745d1fde4a9d0b43cb59143edf2d9c2116
-
Filesize
1.4MB
MD53b039cfcb4049f9ddb4d6a89825ba89b
SHA1db124e3221b89df324b8cce304dbc50baa313145
SHA2568081e0930368fdd7a905846cc989b12886187812fb20842ba13264b5a1cee097
SHA512c2caaaa9d072f778abc1ebfea190082234b93e521912fd021e3bb3e8edb23fc7f9cb9e7a5ca5ef028659e1369484815122d11844946c3ef6658104349020eeb6
-
Filesize
1.4MB
MD5b2b272a9776b0930b87d0881c1ada58e
SHA186b65a3ea5f2d41ce63b550b9ba9e6fdfa9beaa6
SHA2569cc8df5d085d4115090418d4e024e416545080611bd55d8d688a1e05293113e7
SHA51288ccef1c4c3d673a608f62d7cb9e2da4aea4b85906ba2810f8a6a66f2a051b062267b2464acca136f507f5b54029b6c640b22a9bb970cd9f50d5691df7903700
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
468KB
-
Filesize
328KB
-
Filesize
328KB