Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Cleaners/a...er.exe
windows7-x64
9Cleaners/a...er.exe
windows10-2004-x64
9Cleaners/a...rm.exe
windows7-x64
7Cleaners/a...rm.exe
windows10-2004-x64
7Cleaners/clean1.bat
windows7-x64
7Cleaners/clean1.bat
windows10-2004-x64
5Cleaners/clean2.bat
windows7-x64
7Cleaners/clean2.bat
windows10-2004-x64
4Cleaners/clean3.bat
windows7-x64
1Cleaners/clean3.bat
windows10-2004-x64
1Cleaners/clean4.bat
windows7-x64
1Cleaners/clean4.bat
windows10-2004-x64
1Cleaners/clean5.bat
windows7-x64
7Cleaners/clean5.bat
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
15/07/2024, 07:24
Behavioral task
behavioral1
Sample
Cleaners/applecleaner.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
Cleaners/applecleaner.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Cleaners/applecperm.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
Cleaners/applecperm.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Cleaners/clean1.bat
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
Cleaners/clean1.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Cleaners/clean2.bat
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
Cleaners/clean2.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Cleaners/clean3.bat
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
Cleaners/clean3.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Cleaners/clean4.bat
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
Cleaners/clean4.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Cleaners/clean5.bat
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
Cleaners/clean5.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
Cleaners/clean2.bat
-
Size
854KB
-
MD5
181b6db3092989609f7878c4e51aa220
-
SHA1
c2f2eb7aa2ad301f76598164daaf04574846c58d
-
SHA256
798f56c1a6e8f546d57386f93fba2c138b687a002c89535e114ceb938a33970d
-
SHA512
e9ebfa63520d9b00516deb11cdfda317fcb8edeafb453001ee999ba0bfb06f0b80ff026ba5b80fe8d78d80313501e814f94070de5dfcbcba8d131591ea37ba4f
-
SSDEEP
6144:XtJlSvOPgunY1X7G4LsMrkDWUpWOlBkORX:9qvOPgunY1K4LsMrkDWUpWOlBkORX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2536 cmd.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\INF\MSDTC\0C0A\msdtcprf.ini cmd.exe File opened for modification C:\Windows\INF\netrasa.inf cmd.exe File opened for modification C:\Windows\INF\TERMSE~1\0411\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\WSEARC~1\0407\idxcntrs.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\0407\_Networkingperfcounters_D.ini cmd.exe File opened for modification C:\Windows\INF\netip6.inf cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\0000\_Networkingperfcounters_D.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~1.0\0C0A\_ServiceModelEndpointPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~3.0\0000\_ServiceModelOperationPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\TERMSE~1\0000\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\usbhub\usbperfsym.h cmd.exe File opened for modification C:\Windows\INF\WSEARC~1\0409\idxcntrs.ini cmd.exe File opened for modification C:\Windows\INF\ESENT\0407\esentprf.ini cmd.exe File opened for modification C:\Windows\INF\MSDTC\040C\msdtcprf.ini cmd.exe File opened for modification C:\Windows\INF\rspndr.inf cmd.exe File opened for modification C:\Windows\INF\UGATHE~1\0410\gsrvctr.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\_Networkingperfcounters.ini cmd.exe File opened for modification C:\Windows\INF\rdyboost\0000\ReadyBoostPerfCounters.ini cmd.exe File opened for modification C:\Windows\INF\TERMSE~1\0410\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\netnb.inf cmd.exe File opened for modification C:\Windows\INF\rdyboost\0411\ReadyBoostPerfCounters.ini cmd.exe File opened for modification C:\Windows\INF\SMSVCH~1.0\0411\_SMSvcHostPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\_NetworkingPerfCounters.h cmd.exe File opened for modification C:\Windows\INF\BITS\040C\bitsctrs.ini cmd.exe File opened for modification C:\Windows\INF\fr-FR\netavpna.inf_loc cmd.exe File opened for modification C:\Windows\INF\MSDTCB~1.0\0C0A\_TransactionBridgePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\netavpna.inf cmd.exe File opened for modification C:\Windows\INF\TAPISRV\0407\tapiperf.ini cmd.exe File opened for modification C:\Windows\INF\TAPISRV\0410\tapiperf.ini cmd.exe File opened for modification C:\Windows\INF\UGATHE~1\0407\gsrvctr.ini cmd.exe File opened for modification C:\Windows\INF\defltbase.inf cmd.exe File opened for modification C:\Windows\INF\REMOTE~1\0407\rasctrs.ini cmd.exe File opened for modification C:\Windows\INF\REMOTE~1\040C\rasctrs.ini cmd.exe File opened for modification C:\Windows\INF\usbhub\0407\usbperf.ini cmd.exe File opened for modification C:\Windows\INF\wfplwf.inf cmd.exe File opened for modification C:\Windows\INF\NETDAT~1\0407\_DataOracleClientPerfCounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\NETDAT~2\0407\_dataperfcounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\MSDTC\0409\msdtcprf.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~1\0409\_DataPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETFRA~1\corperfmonsymbols.ini cmd.exe File opened for modification C:\Windows\INF\BITS\0000\bitsctrs.ini cmd.exe File opened for modification C:\Windows\INF\MSDTC\0407\msdtcprf.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~2.0\0C0A\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\0C0A\_Networkingperfcounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETDAT~2\0409\_dataperfcounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\UGATHE~1\0411\gsrvctr.ini cmd.exe File opened for modification C:\Windows\INF\netpacer.inf cmd.exe File opened for modification C:\Windows\INF\NETDAT~2\0000\_dataperfcounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\netavpnt.inf cmd.exe File opened for modification C:\Windows\INF\REMOTE~1\0410\rasctrs.ini cmd.exe File opened for modification C:\Windows\INF\WINDOW~1.0\040C\PerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETDAT~1\0C0A\_DataOracleClientPerfCounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~2.0\0407\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~2.0\0411\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\BITS\0410\bitsctrs.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~1.0\0407\_ServiceModelEndpointPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~1\0000\_DataPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\NETCLR~1\_DataPerfCounters.ini cmd.exe File opened for modification C:\Windows\INF\NETDAT~1\0411\_DataOracleClientPerfCounters_shared12_neutral_D.ini cmd.exe File opened for modification C:\Windows\INF\ESENT\040C\esentprf.ini cmd.exe File opened for modification C:\Windows\INF\netrass.inf cmd.exe File opened for modification C:\Windows\INF\TERMSE~1\0407\tslabels.ini cmd.exe File opened for modification C:\Windows\INF\usbhub\0C0A\usbperf.ini cmd.exe File opened for modification C:\Windows\INF\WINDOW~1.0\0410\PerfCounters_D.ini cmd.exe