Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0970699890...13.exe

windows7-x64

8

0970699890...13.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09706998901c2ebd071ca05cbc5ec81921ba9d20ead1cadbc8654735509c8113.exe

  • Size

    116KB

  • MD5

    99c0caf5c211b625eefcfd223264e044

  • SHA1

    afb066c5f47c7c7989a2bf78a68f37204de57ea7

  • SHA256

    09706998901c2ebd071ca05cbc5ec81921ba9d20ead1cadbc8654735509c8113

  • SHA512

    f34693273e7fa80aca3c01d542ea75997415cebbf82e86b3ae2d1739d26991d4617989ec37fb0be79335a285c675a76e6ee0aeb097ed720646a44344fc871814

  • SSDEEP

    768:Qvw9816vhKQLroe4/wQRNrfrunMxVFA3b7glwRjMlfwGxEI5nWAwxt6sDntNiLJN:YEGh0oel2unMxVS3HgdoKjhLJhL

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09706998901c2ebd071ca05cbc5ec81921ba9d20ead1cadbc8654735509c8113.exe
    "C:\Users\Admin\AppData\Local\Temp\09706998901c2ebd071ca05cbc5ec81921ba9d20ead1cadbc8654735509c8113.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Windows\{0BA48A64-51BF-4361-91A7-FCDF35321DB1}.exe
      C:\Windows\{0BA48A64-51BF-4361-91A7-FCDF35321DB1}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:484
      • C:\Windows\{C7C7F99F-B7BF-4848-BB8E-54EE70FC6C0F}.exe
        C:\Windows\{C7C7F99F-B7BF-4848-BB8E-54EE70FC6C0F}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Windows\{DE90D6EF-A107-4303-9C81-B3E41282FFEA}.exe
          C:\Windows\{DE90D6EF-A107-4303-9C81-B3E41282FFEA}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2672
          • C:\Windows\{5AC5B9B6-22BC-4d5b-A280-ED16CAA983E8}.exe
            C:\Windows\{5AC5B9B6-22BC-4d5b-A280-ED16CAA983E8}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2632
            • C:\Windows\{5D416DB2-94F0-48ab-9A19-BFA144CD52D5}.exe
              C:\Windows\{5D416DB2-94F0-48ab-9A19-BFA144CD52D5}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2292
              • C:\Windows\{FAF01F0D-8E81-4a56-B3D5-0B520F575BB0}.exe
                C:\Windows\{FAF01F0D-8E81-4a56-B3D5-0B520F575BB0}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1904
                • C:\Windows\{1390EFE8-ADDF-41cd-920E-D509AF33143A}.exe
                  C:\Windows\{1390EFE8-ADDF-41cd-920E-D509AF33143A}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1268
                  • C:\Windows\{0023A422-4DD2-447e-A572-59E8225B562B}.exe
                    C:\Windows\{0023A422-4DD2-447e-A572-59E8225B562B}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2152
                    • C:\Windows\{A31EA7BD-7BF0-498e-82EF-B5039D986A16}.exe
                      C:\Windows\{A31EA7BD-7BF0-498e-82EF-B5039D986A16}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2596
                      • C:\Windows\{E64C593C-173F-45e1-808B-445280A540B3}.exe
                        C:\Windows\{E64C593C-173F-45e1-808B-445280A540B3}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2124
                        • C:\Windows\{3E48D50A-0B22-411f-BA50-A00B86EB4869}.exe
                          C:\Windows\{3E48D50A-0B22-411f-BA50-A00B86EB4869}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:576
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E64C5~1.EXE > nul
                          12⤵
                            PID:2732
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A31EA~1.EXE > nul
                          11⤵
                            PID:2304
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0023A~1.EXE > nul
                          10⤵
                            PID:2372
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1390E~1.EXE > nul
                          9⤵
                            PID:1672
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FAF01~1.EXE > nul
                          8⤵
                            PID:1740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5D416~1.EXE > nul
                          7⤵
                            PID:2840
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5AC5B~1.EXE > nul
                          6⤵
                            PID:1916
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DE90D~1.EXE > nul
                          5⤵
                            PID:2688
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C7C7F~1.EXE > nul
                          4⤵
                            PID:2000
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0BA48~1.EXE > nul
                          3⤵
                            PID:2760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\097069~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2128

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0023A422-4DD2-447e-A572-59E8225B562B}.exe
                        Filesize

                        116KB

                        MD5

                        77609829fdcb008f034a806e7e0566c7

                        SHA1

                        99fc2c2576b193d358f80be08152582f9f9c48c0

                        SHA256

                        894c677f9b7afddd1895d9ec3b1d519c2326ce05b896d77d70ef5666554ca17f

                        SHA512

                        e0b92ec3c930230149ccb35f4a80ee4c69c2919b6c140fde05ab0ee8bac9afe1542e89200ec7f050b945d6ac1f78e682fad34dff202ca78fd4c24823f1475958

                        Download Submit

                      • C:\Windows\{0BA48A64-51BF-4361-91A7-FCDF35321DB1}.exe
                        Filesize

                        116KB

                        MD5

                        e0ab25d07b952951e4a96d5e8a08f46b

                        SHA1

                        b8286fbf924d5772da59db8c6398a717b5eeb25a

                        SHA256

                        e4e5127a82778bd1e4090a23dbafa416942bf6b76cafed42d885e217538202ff

                        SHA512

                        133194b9f2eef33def8112e23a972bbcc03cfa74ba8defcac19d3500ee9b13bd69aa91364ef88145c620531800e792d9e92fa9e8bee3c6bce8fc81c2c7c6543a

                        Download Submit

                      • C:\Windows\{1390EFE8-ADDF-41cd-920E-D509AF33143A}.exe
                        Filesize

                        116KB

                        MD5

                        d080758529dbe078a0c644d9f376f03c

                        SHA1

                        c28317f13fa403bcb25a70af7db2007ede8406ff

                        SHA256

                        4550b36d0454067ef93e8da6c11d2f46e478bf8bf35bd525b892fb35eebf5e3d

                        SHA512

                        a7aaa66f4966c7d5f3cc4b0362098271d7089871ae2babfa6de3aeab984b5a2ead1f4df3a186d69b5d424b2a18601ebbbf993aa3110f57d9e7a0c03ac5d6b5ae

                        Download Submit

                      • C:\Windows\{3E48D50A-0B22-411f-BA50-A00B86EB4869}.exe
                        Filesize

                        116KB

                        MD5

                        b6faf276ad5c7db3d6bdd6d5ef3d50d3

                        SHA1

                        f48a003cbab6e6399ad0a2d967b7a49b921e8143

                        SHA256

                        db0f960f48bb2cb3d43ed55d4775bb3f8c3ae63bcd6021198d3471203389bc00

                        SHA512

                        5c7b404cd9e7ea504c7968c9f1f46586ed0b473fd948ec4431c9ea37ff760beeba48c8f9c93ce9b58fc41e8fcfa6caa849936ae3783aabb5ef813b368b61acf5

                        Download Submit

                      • C:\Windows\{5AC5B9B6-22BC-4d5b-A280-ED16CAA983E8}.exe
                        Filesize

                        116KB

                        MD5

                        f13418f665ec3bc73ab455a3d0603950

                        SHA1

                        8aa7c365189da6be57e640bdb4bfbe3d8985ffe3

                        SHA256

                        35782a101216f519179ee8e60c32a827a897c1ae2043871548fa254bfe578fef

                        SHA512

                        d843280d42a6edbf1acff3f8dc2e29a344e80cfa507f18a2f0a80717eab03c450da38959d6584e86e2f640a48d2300cfa58f9e5789d94d7a8416a71b15001c7f

                        Download Submit

                      • C:\Windows\{5D416DB2-94F0-48ab-9A19-BFA144CD52D5}.exe
                        Filesize

                        116KB

                        MD5

                        89309a6e397b3593bbb7791aa054015c

                        SHA1

                        0a24bf38de617eea201999f1a75bcf91f0f49da7

                        SHA256

                        bde4e9c60ffc5bd0282570559a7929fa3621053be9947259e7476a9c950fddd9

                        SHA512

                        e191e110896fac2e243834084762af51f03798d640c2d6195b7df712c00c9782a349e76224c3f6d20d302b880638b6e01604de390dcc698a13de7c711eb5fc72

                        Download Submit

                      • C:\Windows\{A31EA7BD-7BF0-498e-82EF-B5039D986A16}.exe
                        Filesize

                        116KB

                        MD5

                        ab48e0dccd15637c3670ee467d23a5aa

                        SHA1

                        1d8cdff04cccbc66df400f632d2d3af22ef2ef59

                        SHA256

                        8c7c4e824ea274735697501401f552ed5123ab342bb44c476eb56c36b3da531b

                        SHA512

                        7061ad246fad2fe8eb25eaa843bac280bb48b205ccea3c98645863ef200bfd2dcb4051d0a7ad380548fd40fedf0e51ecfd0467330a9de6b19a261cde0b21040a

                        Download Submit

                      • C:\Windows\{C7C7F99F-B7BF-4848-BB8E-54EE70FC6C0F}.exe
                        Filesize

                        116KB

                        MD5

                        4560737f6235b69c4bbf0b0e90fd250a

                        SHA1

                        5e895e53dfb116d5c51de91fe4aea42615b71b2a

                        SHA256

                        b133c64433dac360434b97f301014e949be9cb2e0f3e1aea9df02daf123db3a0

                        SHA512

                        b245d9cbc5ac2aa6bf2d3dbbcc3cbe3e01433d46debae39a8aec8f3e9a072c8ba716efeb2dc0de378d529ee23edcf8c69de91db6f12f5573fa483d3ad5fb628d

                        Download Submit

                      • C:\Windows\{DE90D6EF-A107-4303-9C81-B3E41282FFEA}.exe
                        Filesize

                        116KB

                        MD5

                        dd3a17ee89c325618fbb5ecfe5eb346a

                        SHA1

                        0f4119df4076b3a65f3eafe19ad1814c9546050e

                        SHA256

                        a6efe2e89b33a4659eb4e3556289bdaafeae028a3f714b04930dfa9115f3fb76

                        SHA512

                        e2d835c91359fac4ac06b6d3841905d714a34c9ef52efaf9dfe4c04e84108dc7d53ce509309e8c2bab85957cc9d8ee99b67babc10f8ac50a45dd2b832f7db066

                        Download Submit

                      • C:\Windows\{E64C593C-173F-45e1-808B-445280A540B3}.exe
                        Filesize

                        116KB

                        MD5

                        53ffb8a87bd81694bbfc6315ab9f9ffd

                        SHA1

                        07f572b017d4f4f63f2773a7706692602bdfed06

                        SHA256

                        83363a4c7687ca859640979e67ab2b9662d4660097895ca10ccf8e58fe6756e2

                        SHA512

                        ef98a30ff03cb12638f08067df151990ae143b37f73a2e1f47c943d605d59b8d3a0afa1a47c4ebd9a46efb7e17eed8ecd8c20f5efa0939c4cb703e72fb5a32b1

                        Download Submit

                      • C:\Windows\{FAF01F0D-8E81-4a56-B3D5-0B520F575BB0}.exe
                        Filesize

                        116KB

                        MD5

                        736c54b94063c448a0c06250de6a1b74

                        SHA1

                        83c17f2cdfaa11f972d9d7d709c3377247a81c25

                        SHA256

                        6518a723e44ea5cb4995688933cc9ef2d321ba247d42b7ee83a7b3b2a9345d43

                        SHA512

                        dcbdb068be2d102e9499faec72f7aea550cb7107c55c7aafa881bed816b4a293365bab21890260b9113a7901bde19b146851ea6f2db40c9daa0b050c60ba59f8

                        Download Submit