Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/09/2024, 00:03
General
-
Target
cc4ba8817473517498cb3f02d70fdd60N.exe
-
Size
363KB
-
MD5
cc4ba8817473517498cb3f02d70fdd60
-
SHA1
29e4e7b61ee98f72efa5d649d964b30fc9986a6a
-
SHA256
d7dc538919b2d69267a7800324ee7144ddd7c00bf68c73b3edf201928a49bb6e
-
SHA512
330ba8332423e5b6e334c69d2442ea3634df766fc62afb33c35ac5b45890454622fcdcaae016408dde6b77079d308cfe8b7535d13c3e8824494a1043552eb38e
-
SSDEEP
6144:SFbqRq90Bgo8PCRKfeEeO4oZjec4HWsBpC+MgsxVl:4b8q90BgjhP6sjerChgu
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc4ba8817473517498cb3f02d70fdd60N.exe"C:\Users\Admin\AppData\Local\Temp\cc4ba8817473517498cb3f02d70fdd60N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe6⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe8⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe10⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe12⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe14⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe16⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe18⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe20⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe22⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe23⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe24⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe25⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe26⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe28⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe29⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe30⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe31⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe32⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe33⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe34⤵
- System Location Discovery: System Language Discovery
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe35⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe36⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe37⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe38⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe39⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe40⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe41⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe42⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe43⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe44⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe45⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe46⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe47⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe48⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe49⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe50⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe52⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe53⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe54⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe55⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe56⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe57⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe58⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe59⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe60⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe62⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe63⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe64⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe66⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe67⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe68⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe69⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe70⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe71⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe72⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe73⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe74⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe75⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe76⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV177⤵
-
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe77⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe78⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe79⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe80⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe81⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe82⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe83⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe84⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe85⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe86⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe87⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe88⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe89⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe90⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe91⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe92⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe93⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe94⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe95⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe96⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe97⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe98⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe99⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe100⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe101⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe102⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe103⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe104⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe105⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe106⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe107⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe108⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe109⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe110⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe111⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe112⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe113⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe114⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe115⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe116⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe117⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe118⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe119⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\cmd.execmd.exe /c C:\WINDOWS\system32\svchosts.exe120⤵
-
C:\WINDOWS\SysWOW64\svchosts.exeC:\WINDOWS\system32\svchosts.exe121⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-