Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7066d06ca00...81.exe
windows7-x64
1006d6f22d02...bc.exe
windows7-x64
809f1d49065...d1.exe
windows7-x64
10208cca124d...45.exe
windows7-x64
10241f67ece2...79.exe
windows7-x64
130616f6c48...60.exe
windows7-x64
1044f28cd6ea...7e.exe
windows7-x64
34b190a407b...5f.exe
windows7-x64
1072ddceebe7...6b.exe
windows7-x64
97b53a00b3a...b2.exe
windows7-x64
77cf39ebb44...57.exe
windows7-x64
108c42a08427...51.exe
windows7-x64
79d081b734c...91.exe
windows7-x64
4b25cc31472...15.exe
windows7-x64
10b2ec72de35...8f.exe
windows7-x64
6b4c2ffccfe...dd.exe
windows7-x64
5bab7af3306...be.exe
windows7-x64
9c531015ec0...86.exe
windows7-x64
8dc7ab2e7ed...60.exe
windows7-x64
8debfd1fb34...d8.exe
windows7-x64
8df36e2aaae...37.exe
windows7-x64
9df99316e57...27.exe
windows7-x64
4e60fc4473a...60.exe
windows7-x64
10Analysis
-
max time kernel
839s -
max time network
845s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/11/2024, 19:27 UTC
Behavioral task
behavioral1
Sample
066d06ca007d19457ca609dd95975f7facb551ffb5d8f6d4edf108236ad8c981.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
06d6f22d02443afd6d6880ead6648ebc.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral3
Sample
09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
208cca124ddafe35a122f6bdd36191151a2730b4e1051804d5f68d0cb4b44145.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral5
Sample
241f67ece26c9e6047bb1a9fc60bf7c45a23ea1a2bb08a1617a385c71d008d79.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
30616f6c488fa16ccdcbfd6273e7ac8604c82bc1468fc1a70b2a43661b674760.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral7
Sample
44f28cd6ea894c05030ab913e2a0f1f1596b4aa7c551df9381f521cb88a92f7e.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral9
Sample
72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral11
Sample
7cf39ebb4409b13a7c153abff6661cc4d28d8d7109543d6419438ac9f2f1be57.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
8c42a084278ff8e25f7ee765c37da84da02780da725505108f9eb39cfb05c051.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
b25cc314720ced9b2845941fb145bbf06493fad7b2b4a76b8fbffc995ff46215.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral15
Sample
b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
b4c2ffccfe807167860d70ea95cde0390f2dc4220992d272497ced04afb97edd.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
bab7af3306f66d5deaafda1f0cd57c20e42678451a7bc70c71255f6a7e1806be.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
c531015ec09adf346131a375df9b9d04c90657fac9b80f2b1e269dae6186de86.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
debfd1fb34df5c7047c3c8837cdda27b59e6044934447a8bb6878344847b74d8.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral22
Sample
df99316e57002298d88be785acad4c3a900cbc5e04a29e32d4549f25f08a7527.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral23
Sample
e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe
Resource
win7-20241010-en
windows7-x64
General
-
Target
9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
-
Size
24KB
-
MD5
8a1225f47aa9f0673c32983f1b2b2c5b
-
SHA1
742f2364f2d5f10385b56c22ecf17a3cdcc53346
-
SHA256
9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291
-
SHA512
d633dc2caa28a0a782108b9d47d43322c6f1d95c82903219b4b83eb491691217916e7eee35a0eb206aae2937523896e538141e524b396c2ae7210ec8f8238827
-
SSDEEP
96:/lx5KHYFNV+Vvl/iABo1FYXGgn2PUkWf2BtvXrs2aoE8y79h9jSUyrW9EhN:/TzmVvl/vaKdnvJeBtvXrsr352UyCEh
Malware Config
Signatures
-
Drops file in Program Files directory 24 IoCs
description ioc Process File created C:\Program Files\CopySave.inf.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SuspendCopy.mpa.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SubmitRegister.DVR.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\CompressMove.mp2.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\desktop.ini.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\MoveEdit.vssm.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\NewUndo.vdw.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SelectShow.mp2v.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\StopGet.gif.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\ConvertToStart.wpl.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\DebugReset.vstx.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\RedoWait.pdf.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\RepairImport.docx.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SplitPing.M2V.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files (x86)\desktop.ini.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SplitGroup.ppsx.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\SwitchUnlock.3gp2.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\DisableReset.AAC.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\DismountPublish.avi.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\GrantReset.ico.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\LockPush.ppt.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\PingSelect.html.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\PublishRegister.potm.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Program Files\UnblockNew.wmx.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe -
Drops file in Windows directory 29 IoCs
description ioc Process File created C:\Windows\setupact.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\PFRO.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\notepad.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\fveupdate.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\Starter.xml.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\DtcInstall.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\bootstat.dat.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\explorer.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\setuperr.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\win.ini.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\winhlp32.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\bfsvc.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\TSSysprep.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\twain_32.dll.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\msdfmap.ini.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\system.ini.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\splwow64.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\twain.dll.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\Ultimate.xml.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\WMSysPr9.prx.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\write.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\regedit.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\hh.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\mib.bin.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\twunk_16.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\twunk_32.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\WindowsShell.Manifest.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\WindowsUpdate.log.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe File created C:\Windows\HelpPane.exe.sb 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2248 9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe"C:\Users\Admin\AppData\Local\Temp\9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2248
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e233540c0dd93f4cf95aac371764a63a
SHA14fb7bd38b8a157e90d449eebedb7d448a2f0e58a
SHA25662f90dbdf4c3a0e4d066acd630cc8445132280f474241e649ec6a83dba3e3db0
SHA512ba5dc197cab256975b2c133da3cc40d614dc2501fba7ad8ab2229ce134ea878b031dfebac19d3f7cc7d4df4a775a47a3079ee0c898e58ba8ac2757e4def6dcaa