Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
13/09/2024, 02:55
Static task
static1
Behavioral task
behavioral1
Sample
Cleaner.cmd
Resource
win10-20240404-en
windows10-1703-x64
1 signatures
150 seconds
General
-
Target
Cleaner.cmd
-
Size
17KB
-
MD5
f8f24738081089238ae1840a410b2576
-
SHA1
d73bc8af4437d8100f0fbc05eff2167c0ae7660b
-
SHA256
99f93fc732c0c19c3a16fb53bf90c1ce151b9e4ddc2d72b68485242ced454f6c
-
SHA512
e5af94bad6bde55803de72962c3faa8f6bc73634e1012b3a8b83d6f6b68549f180951bce8c22b1604e50867e1dd539d611f0ed5d1f2184f63d1e0c86cc891a1c
-
SSDEEP
96:ID8nj4jbWD6xqh/cHhH6tMVISGRBH8gMlj3pDJW9GcjH+H/7XePRGCYX8R1ljXgQ:Ss3xbcuI3lV73EEaYfnDFNNxPi/
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\INF\sti.inf cmd.exe File opened for modification C:\Windows\INF\usbhub\0411\usbperf.ini cmd.exe File opened for modification C:\Windows\INF\NETMEM~1.0\netmemorycache.ini cmd.exe File opened for modification C:\Windows\INF\mdmke.inf cmd.exe File opened for modification C:\Windows\INF\netlldp.inf cmd.exe File opened for modification C:\Windows\INF\rdyboost\0C0A\ReadyBoostPerfCounters.ini cmd.exe File opened for modification C:\Windows\INF\SERVIC~3.0\040C\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\SMSVCH~1.0\0411\_SMSvcHostPerfCounters_d.ini cmd.exe File opened for modification C:\Windows\INF\acpipagr.inf cmd.exe File opened for modification C:\Windows\INF\prnms005.inf cmd.exe File opened for modification C:\Windows\INF\hidserv.inf cmd.exe File opened for modification C:\Windows\INF\mdmnttte.inf cmd.exe File opened for modification C:\Windows\INF\netwmbclass.inf cmd.exe File opened for modification C:\Windows\INF\wdmvsc.inf cmd.exe File opened for modification C:\Windows\INF\NETFRA~1\0C0A\corperfmonsymbols_d.ini cmd.exe File opened for modification C:\Windows\INF\c_ports.inf cmd.exe File opened for modification C:\Windows\INF\hdaudio.inf cmd.exe File opened for modification C:\Windows\INF\prnrccl1.inf cmd.exe File opened for modification C:\Windows\INF\usbhub\usbperfsym.h cmd.exe File opened for modification C:\Windows\INF\usbnet.inf cmd.exe File opened for modification C:\Windows\INF\NETCLR~1.0\040C\_Networkingperfcounters_d.ini cmd.exe File opened for modification C:\Windows\INF\c_fssecurityenhancer.inf cmd.exe File opened for modification C:\Windows\INF\errdev.inf cmd.exe File opened for modification C:\Windows\INF\TERMSE~1\tslabels.h cmd.exe File opened for modification C:\Windows\INF\umbus.inf cmd.exe File opened for modification C:\Windows\INF\WINDOW~1.0\0000\PerfCounters_d.ini cmd.exe File opened for modification C:\Windows\INF\mdmcom1.inf cmd.exe File opened for modification C:\Windows\INF\netr28ux.inf cmd.exe File opened for modification C:\Windows\INF\scrawpdo.inf cmd.exe File opened for modification C:\Windows\INF\tsusbhubfilter.inf cmd.exe File opened for modification C:\Windows\INF\netserv.inf cmd.exe File opened for modification C:\Windows\INF\sensorsservicedriver.inf cmd.exe File opened for modification C:\Windows\INF\capimg.inf cmd.exe File opened for modification C:\Windows\INF\mdmtdkj6.inf cmd.exe File opened for modification C:\Windows\INF\wceisvista.inf cmd.exe File opened for modification C:\Windows\INF\NETDAT~1\0410\_DataOracleClientPerfCounters_shared12_neutral_d.ini cmd.exe File opened for modification C:\Windows\INF\mdmcrtix.inf cmd.exe File opened for modification C:\Windows\INF\mdmeric2.inf cmd.exe File opened for modification C:\Windows\INF\SMSVCH~2.0\0407\_SMSvcHostPerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\usbport.inf cmd.exe File opened for modification C:\Windows\INF\wdma_usb.inf cmd.exe File opened for modification C:\Windows\INF\netrtwlane_13.inf cmd.exe File opened for modification C:\Windows\INF\prnms002.inf cmd.exe File opened for modification C:\Windows\INF\MSDTCB~1.0\0C0A\_TransactionBridgePerfCounters_d.ini cmd.exe File opened for modification C:\Windows\INF\c_magneticstripereader.inf cmd.exe File opened for modification C:\Windows\INF\wvmbushid.inf cmd.exe File opened for modification C:\Windows\INF\NETCLR~2\040C\_Networkingperfcounters_v2_d.ini cmd.exe File opened for modification C:\Windows\INF\c_fsquotamgmt.inf cmd.exe File opened for modification C:\Windows\INF\prngeclv.inf cmd.exe File opened for modification C:\Windows\INF\SERVIC~3.0\0407\_ServiceModelServicePerfCounters_D.ini cmd.exe File opened for modification C:\Windows\INF\usbxhci.inf cmd.exe File opened for modification C:\Windows\INF\wiaxx002.inf cmd.exe File opened for modification C:\Windows\INF\c_volsnap.inf cmd.exe File opened for modification C:\Windows\INF\lsi_sas.inf cmd.exe File opened for modification C:\Windows\INF\netl160a.inf cmd.exe File opened for modification C:\Windows\INF\sisraid4.inf cmd.exe File opened for modification C:\Windows\INF\WINDOW~1.0\0407\PerfCounters_d.ini cmd.exe File opened for modification C:\Windows\INF\c_infrared.inf cmd.exe File opened for modification C:\Windows\INF\mdmneuhs.inf cmd.exe File opened for modification C:\Windows\INF\netrast.inf cmd.exe File opened for modification C:\Windows\INF\NETDAT~2\0411\_dataperfcounters_shared12_neutral_d.ini cmd.exe File opened for modification C:\Windows\INF\c_bluetooth.inf cmd.exe File opened for modification C:\Windows\INF\c_fssystemrecovery.inf cmd.exe File opened for modification C:\Windows\INF\mdmadc.inf cmd.exe