Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09/10/2024, 23:28
General
-
Target
94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a.exe
-
Size
143KB
-
MD5
ade1c69631157fc84a5b2dbf6c4b3dcc
-
SHA1
386d234d47eb1e09a333b2bccf909303dee8eb5d
-
SHA256
94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a
-
SHA512
2d8ebc9243eae4654587e1cce50777e4e04331bc28c68178e82f8e31cd75080fabe9cbc5376f7702a63911cc325275a8fcac630f3ffaa7dc32f278031e45bcd8
-
SSDEEP
3072:i1i/NU8bOMYcYYcmy5cU+gTn6HOjDhWrzvvQwlgO5v1i/NU82OMYcYYamv5b:ci/NjO5YBgegD0PHzSwi/N+O7
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in System32 directory 2 IoCs
-
Hide Artifacts: Hidden Files and Directories 1 TTPs 7 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 17 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 59 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a.exe"C:\Users\Admin\AppData\Local\Temp\94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.212ok.com/Gbook.asp?qita2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ymtuku.com/xg/?tan2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\All Users\桌面\Internet Explorer.lnk"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\Documents and Settings\All Users\桌面\Internet Explorer.lnk"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\桌面\Internet Explorer.lnk"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\Documents and Settings\Admin\桌面\Internet Explorer.lnk"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\「开始」菜单\程序\Internet Explorer.lnk"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\Documents and Settings\Admin\「开始」菜单\程序\Internet Explorer.lnk"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "C:\WINDOWS\windows.exe"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h "C:\WINDOWS\windows.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c attrib +h "c:\system.exe"2⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\attrib.exeattrib +h "c:\system.exe"3⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD531f5338f6d0fab6f4a00d052ddfccf9b
SHA17937e15e3f51134b3fa1e0e69b23b85311e64215
SHA2569fd4b71741289dd51824077bbf77eebc248fbce6ad2bc9875dfa50660abc3390
SHA5121a275db995a9a8242c9cf4ee1164f9d1ed80925a90c5d84890281bf3b6f1af87cb7576f8f94d49b086723bb7af0da7087cfa3599a7342c8d44e6f2ffc3ef5492
-
Filesize
342B
MD5c30343b6cd025e88b0e872b8ca8f0a8d
SHA1a7f80459e6cf5316fbe526722ff8eadd92a64ee9
SHA2565632848b027c1c8b23b45ab078211bc334f3d21499d1988881fc3a1f12593e05
SHA5122e6daa62ce2de67f82c87f274590631776e7270ab838790ec18113411019fae80d9cc2cf435e559425b432321057cc1cc493a7449ccb1155d4bebfca6ba0bccd
-
Filesize
342B
MD58926777c37e5c7bcb9d9787c8442717c
SHA188af1cc74dc214e6adb881aa4ce0f199b9474253
SHA256540a5bb855d93fcc1d8a44a71bedee5b22886b04468887ec0d3d65cacb476c63
SHA512841890bee2715b9ee85697a5653c16bbd5888f93a4d702108e20c3151abeb5fd127cc09572ff9fcc025ecae574fc9a3abb3493d6bebeaead5afa60fc586776ec
-
Filesize
342B
MD53ca1b7914d253df61c28a84997c9d323
SHA1ec55c2ea81376590ebe16a975a89fcde66447eef
SHA25650f171ffa4de91cb034c23dffb435f5da70cfb08758c6bcaaacdc2c2bac42a3b
SHA51205db059ae33c02d1968f732a4513abe889bb8c6eb76aca6a907c4a5a4e69cf707b32b8ef8989c9a4fdb393f23790f23b9b571382d56fdc16fd7be8be6565b115
-
Filesize
342B
MD5930b4286f8a20088587ab2075a4da6c1
SHA10474a67bfde667e794bb96405ff7db1c48da16a9
SHA25695bd2511c06a6058b44d8db6eaf3fcbcf97036faa9aec6480122eff292ca5fa5
SHA5128afeda0861f5610aa160c4774352718dd04d31a1fe4c59981ff570017fa537d6a106511f05dafc996380ebceeab5b27637999c459d406c7be78b275e239a5893
-
Filesize
342B
MD5b6441bdf9fb9bdcca52980d4605a74cb
SHA177f7dc6c9926397faee0f0d5cbe0913bb9171146
SHA256a864856402db809aa8711b68112ecffbf3386edbd8267dd30c009866e28fe250
SHA512c04b7c60b7779a3d1302758c198882c6282f7869a631519e56d3f510d4d5be44308eb869bdee89010d1dd0fd392aed4702b5852861902eead945bfe717f552f4
-
Filesize
342B
MD5c0a7571965af7560a392a7fcdd16bcde
SHA1af569a5ef64249a535ece7cb53c904f31dfac904
SHA256a6a8361e74e02cd5d56c28ea82dfbce864dc7ed7a7b9c27ffcf7428d7c7c2b76
SHA512d9774161a7d390bfc90f68336a61f19c216dcc217f709c2be170d9edcc97a4724cbb4bbd1d2821cabed5b6c0f5721b016cf152eb71c54cfafaadd4225d558779
-
Filesize
342B
MD582b9e24d8fa1c918795e0c7fa1cad1a8
SHA109141a779bcb822d4b15653da290327773c5afdd
SHA256da9bd1d24087be576d17ceb814f094fe6640c218ced99c871799f03944a39e6a
SHA512ece5beb07a7278b4ce821de02cb02bf2d444f34d3fc1ad97d694eb3db30fc9674a09bc332eaedb13e70c0ddd65139193affe9f942d27dd3520e8fce2b6508541
-
Filesize
342B
MD598075b85a8fda8327db49a0c24573584
SHA147bd09e475ed5a503f9c16f4420134ee1f157516
SHA256fa4c22e9109e28b212c8b2e1b18baba9010b40ae61bc2e2200d64632b0245d63
SHA512f1d49203d63b05708706ce2922167768e6f75b5504c366ad4008b7609e20db464aca733753a8e0773285813cccefcec063562603d9cfb8929ce137294a5665b9
-
Filesize
342B
MD5558aa2fe1afd81a1dd4c6cc4055ece02
SHA1ea65546c234dddd3116445632512ca1b561ded47
SHA256ea9e5c27ce5169658d8f407dc27f8f4cca33618024435c08e37f73011c4a7711
SHA512d0adbe0a53ada13480f0570818f32ce85081828fb3078f71fe2276f1bccac8c216aad47cb47196a3ad401d489fbc2a83ea9eddbbd4583b1acd6290df907a9bb2
-
Filesize
342B
MD5483c6449e450d52ca8e398405f2845c0
SHA1f5d851726c5cc5605547b208b8132c9ce23365b5
SHA256fd69c4a87bfc3249090f137d5ce912af80b7159780fe77a8e189581cf80307eb
SHA512e4a981783896d00b8dee880899fadf16918ebc84fba44882eff83248ff8e1ab0328673ecfc19a20f2bca3345df6f199e9e4533c4848b19e71eb5831edfeec6bc
-
Filesize
342B
MD59d244aa14b4c73eca5c41d998de10ac2
SHA12c20126b6c1924786ca5b5c1065ba95695eaa67e
SHA2566a15f00cfc9e30215338f5b92c54705567729dfd053c32e7b64c39157d5657c3
SHA51260e1510bb8ec0b4ff96d179ea940b0b27faea66c4b0f540c74ee17076d36aaf8222110b4dbb7db88c96a0fb4687ea452bbd493b7826da904279f97e026d8543d
-
Filesize
342B
MD585b823872e1350f698ac38625e91a8e7
SHA1f0c8e20c54a987af5d7b2bdcdfba2e55c63012fd
SHA256823945f21a54b6abca1e6884d8a994b4e501342a20390bac119bf4f97fc7ea6f
SHA5125de0ec68386116503aa899480b0bf9314aeb9714007073ae3ac178624ca8c8d46ff7effbb18d449f4d2dfeef088d1a4e424d91d8496b33af8ceb82f8e22da9aa
-
Filesize
342B
MD5048b4d3417a4281ebcd3b47417112be4
SHA1dccb72680ea67c49d315776feda6a43652c045bf
SHA256746c898424c06e4b8eb2c10eaa202cfd4a374e907f72eb6b48268971c7a73b4b
SHA512e440ed532c0e94d6712d6d04f01f88c111897ce233ecf3e31348af25e0b7519151949e841251cadf920a91e4beff0558a7f604888f518a2de6cc4daf24329bc3
-
Filesize
342B
MD515b03729a548b783af6a9ea45fe1f3db
SHA1268e9c6f6aa1503f99271186921e261e406c1359
SHA256eb20ad991fb895f4f1768ec3b137c69c4b216ecc412d2affd09ca374c7b10135
SHA512a541906ec52d4d7215d3a39ce27ca58bcc42a810997bf67d482ffc3826c4eaa831914d7aefb8a71a102b9b16df089be560fd5dfe63233eca9b2a1cfed866f290
-
Filesize
342B
MD57e46ad3c3b8c045cd38bd3fb2a230632
SHA140d5eb096325fb7e14a4aa3514dd99aa2f75da2b
SHA256f83b74a1381a1ff2a056d66e8588f37293205a3c3486fe09d184ddfef34b3033
SHA5123a8f2f0cd226ef470174de129cb665903c89a221cc6380e0f85e8554b4da18939f60edbd3ea1f906494705338a0da5112723295b4ed91cff2d3495810cfe050a
-
Filesize
342B
MD5a6ccc6761706f4ba34c1e620251c2f73
SHA14e4b4cd7eb09301f6725151076927dfb6d8b21b9
SHA256c3b9cf4b41c8ae00db5b647422ea40a6e277bd01984df6d9985feaee71362320
SHA512b955f5585ce205f1acb2b5da26b14411d5e502a6fcae5ae2ae61bab422f9dbc741abbe32e3f8e59d78b39b91e3b3462b4d5de078141d3aa4fd72774963930061
-
Filesize
342B
MD57d77f0a8ae79f4bd2d444d2f416fac80
SHA1f27d933cb6851f3403ff13c21285309fc1429a5b
SHA256f9a10d84636706aeb34b64ef46caa147698b211c3663b9a1bb7c2ecd223d9082
SHA51212a16680db22162b5d056e60999d636aedddeea0c99a04d1837d6d73d65664a281b0becd794ce67999a212fa958a967e1c170e85e314cf49ab87725d248c0c72
-
Filesize
342B
MD5d284c1eb9918b7f9e52dfd1a1466fa9e
SHA144276edfcc0614b912a06b98ab1550eb60721c18
SHA256d477f703f98a56c917e9208f6b10371aff6492e4f11896883b5a04cfdf5bb4e8
SHA51206c71cc9a66142292262e2501bd2089c9353efa27f420cbe6e588bee0ef9a47cee3fe501df8087c67220049432658b254c80250e351131a8bdc88d923fb16966
-
Filesize
342B
MD54b74a4a1a9a49e432cf1b698af06d636
SHA1aeb3299cee09022bb15db763496fa228c5acdbf0
SHA256b37417982060ff4fbac0eea68919d9d3024a55d899a41eb6c8bf48d8bd90686a
SHA5126f8ab7db0822978b65cd4d6b3385d3a206d735d8b95237a8ad1049af93c9d985624ab49285516075b26461d9089e40787cd5bf012f6b9a4114001bc4ff78c84f
-
Filesize
342B
MD51918da758d28f1cec27d1d7dda1a65cd
SHA1a35c3c9b9bdbbac044452658f19f3aa6460ecd7a
SHA25673fcae585141314b53ee3d8273db9d099fda93659f1cf36857d9ac0ec6c6a526
SHA5125bc8eb092edbd9c2535525848fe6619f2b3cf6aaaeb7262712904a048b0c8e6b677348dbb82d560143e693c4c1ab5ac2eec567a10e912aee79479420328bd615
-
Filesize
342B
MD5c9e0968564c5689c39873cdcecd9b8f2
SHA13e6304055d8bc0318e5030f6fbd8c620eff9f528
SHA25662a9b0fea82e87856a2c9a98900ce239eb210a13011200ae128314ed44377197
SHA512cd1dc641389fcf71ff88aa364199d48815b0b32c6faa8a2fd70f3d071a50bf249851377a951e1cdda2a05c6dde7b2fc317395ff3385a4dd7fb67e31b25a1b0b2
-
Filesize
5KB
MD523757abcd3872d8e9b0bf844b2aa223b
SHA120c3068ff0a7c30afec0585511f30c00076bc666
SHA25645c28dc1316922f283802ac2253076047dbbb9a207660d1850ea7362cb54fb71
SHA512f9cc2cf933d5a82871c55beb6e11a11320d6df38893aa4f2ca4ab75f7c15e92e42d16a6e03d788b391df2a5ec212cca9763286db35b6da82e9328b2151033160
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
143KB
MD55630f5c995dce975f4992bbf5b153554
SHA1a2c90d39131d254a3a0262e0fc268c431877bd6b
SHA256c8eb48b1f16d8b4f41866fd88140ee64ca1895c030503fff82f60f3f437d475a
SHA512d5940f613f6f40b6789e9f11e58fa3f9ccf9caa0f58619e4774b5318d60fda3b67b94e2b341458250e17551f344385d3aec722e7aebd26f5af87adac2916a103
-
Filesize
143KB
MD525f60e3b4af002a0611372b2e78c50db
SHA1410f07ec7a6a6b682e98c37968957ceae62d26df
SHA256daf234fc9c9aa9ef02e082562a8fc06208499fa9d63fa601dd417ca37142cb29
SHA512e0565c720d0ae0ff4baf15712108ec08637398c6ce03b6c04cb814d5b2a6e6a8f65ff4e105b703fb7fd1a7e26f1ce562e6491a32174363c6c66864b31a6d996b
-
Filesize
168KB
-
Filesize
168KB