Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10VirusSign....9d.exe
windows10-ltsc 2021-x64
10VirusSign....1a.exe
windows10-ltsc 2021-x64
10VirusSign....ee.exe
windows10-ltsc 2021-x64
VirusSign....d1.exe
windows10-ltsc 2021-x64
10VirusSign....a2.exe
windows10-ltsc 2021-x64
10VirusSign....4c.exe
windows10-ltsc 2021-x64
10VirusSign....90.exe
windows10-ltsc 2021-x64
10VirusSign....c7.exe
windows10-ltsc 2021-x64
VirusSign....36.exe
windows10-ltsc 2021-x64
8VirusSign....f8.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....f5.exe
windows10-ltsc 2021-x64
10VirusSign....19.exe
windows10-ltsc 2021-x64
8VirusSign....ab.exe
windows10-ltsc 2021-x64
10VirusSign....5f.exe
windows10-ltsc 2021-x64
10VirusSign....11.exe
windows10-ltsc 2021-x64
10VirusSign....5c.exe
windows10-ltsc 2021-x64
VirusSign....a0.exe
windows10-ltsc 2021-x64
8VirusSign....ae.exe
windows10-ltsc 2021-x64
10VirusSign....b2.exe
windows10-ltsc 2021-x64
10VirusSign....7d.exe
windows10-ltsc 2021-x64
10VirusSign....96.exe
windows10-ltsc 2021-x64
7VirusSign....e4.exe
windows10-ltsc 2021-x64
8VirusSign....3a.exe
windows10-ltsc 2021-x64
10VirusSign....47.exe
windows10-ltsc 2021-x64
10VirusSign....19.dll
windows10-ltsc 2021-x64
8VirusSign....50.exe
windows10-ltsc 2021-x64
10VirusSign....e1.exe
windows10-ltsc 2021-x64
8VirusSign....9b.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....b9.exe
windows10-ltsc 2021-x64
10VirusSign....08.exe
windows10-ltsc 2021-x64
10Analysis
-
max time kernel
91s -
max time network
182s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250207-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
10/02/2025, 04:34
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2023.11.29/03ceea0ec59f89c49ba4357a83738d9d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral2
Sample
VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral3
Sample
VirusSign.2023.11.29/03d2ad6a5f199b691d36e45d27801cee.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral4
Sample
VirusSign.2023.11.29/03d5f6bace8c6a0a2d14ef775d3c02d1.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral5
Sample
VirusSign.2023.11.29/03ed3d089e222fe691a1ce1ad04450a2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral6
Sample
VirusSign.2023.11.29/03f25db066e67c1882cf9aed07a1694c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral7
Sample
VirusSign.2023.11.29/03f939a6959a4bd81c622c3a2d8b8690.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral8
Sample
VirusSign.2023.11.29/042177a10a1a4cfd26c2caef9272e0c7.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral9
Sample
VirusSign.2023.11.29/042994e2bb89b9bc57e079d144152b36.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral10
Sample
VirusSign.2023.11.29/0445405bb7106522c0b2157809e4d5f8.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral11
Sample
VirusSign.2023.11.29/045d80d0973c5d854927b589b123f733.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral12
Sample
VirusSign.2023.11.29/047c2b7237010e343732b699d4b346f5.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral13
Sample
VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral14
Sample
VirusSign.2023.11.29/0483b1eb3211b96e7272d3dea3753eab.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral15
Sample
VirusSign.2023.11.29/0483de1a0d30f46fbff309fc8d87275f.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral16
Sample
VirusSign.2023.11.29/0491a5abd0712b38f24778e1346c0811.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral17
Sample
VirusSign.2023.11.29/04a2bc0c567a80f57b48e246b635045c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral18
Sample
VirusSign.2023.11.29/04b493b52f4b83a142a4979585575ea0.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral19
Sample
VirusSign.2023.11.29/04c187920db980d8db16c5acb58049ae.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral20
Sample
VirusSign.2023.11.29/04cdfdef32e604c59822bff2f7412eb2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral21
Sample
VirusSign.2023.11.29/04d04a21b82309118775bdaff8a4d67d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral22
Sample
VirusSign.2023.11.29/04d25950be48329252ec8b3d53535596.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral23
Sample
VirusSign.2023.11.29/04f06e5d9023ab4d69946c84cdc79ee4.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral24
Sample
VirusSign.2023.11.29/04f43cc6be15c60aeb943bbe5bd3973a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral25
Sample
VirusSign.2023.11.29/0517d55470df3590c88f39d41a416047.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral26
Sample
VirusSign.2023.11.29/053bfcaa44a2c180bee9c2547b910919.dll
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral27
Sample
VirusSign.2023.11.29/054c96f764aef24cbdccec3be12e2350.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral28
Sample
VirusSign.2023.11.29/0563721a9ecf7d25f720e2069e24c7e1.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral29
Sample
VirusSign.2023.11.29/05639c84db366253210163a5c6c5f69b.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral30
Sample
VirusSign.2023.11.29/0576f4bbcb57c686dbfc66760a969b33.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral31
Sample
VirusSign.2023.11.29/05777e787a0105c14320a2426794b5b9.exe
Resource
win10ltsc2021-20250207-en
General
-
Target
VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe
-
Size
201KB
-
MD5
047c7fed39ef255fecdd70e9a870ae19
-
SHA1
e4a67366dad976acc98df8ae22b7f57908bce6b7
-
SHA256
66cdae03bb8c51a27b91bfe1d9050ced4e460187e24b0e57a1c293ee0ed7d31e
-
SHA512
535222afefe3de7da26fa260206928fe0aa5864b7820d0e00c941522dee4c0a7272f059a2483b83922263e7e5776cfbc19d2e655976f6fb5c02aa354b045e62c
-
SSDEEP
3072:n4CgWgTsDAJJRjOV2/pwb5ryT5tlDhB2IFTLFZhh2D+0caj3kyRACAbpn:n4Cg3JJF35tlDhB2Cn9ozO
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
flow pid Process 26 4200 Process not Found -
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE 1 IoCs
pid Process 3936 kwforzi.exe -
Loads dropped DLL 2 IoCs
pid Process 1160 Process not Found 3832 MicrosoftEdgeUpdate.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\kwforzi.exe 047c7fed39ef255fecdd70e9a870ae19.exe File created C:\PROGRA~3\Mozilla\lksxdrg.dll kwforzi.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 047c7fed39ef255fecdd70e9a870ae19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kwforzi.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 3832 MicrosoftEdgeUpdate.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\047c7fed39ef255fecdd70e9a870ae19.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\047c7fed39ef255fecdd70e9a870ae19.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:5096
-
C:\PROGRA~3\Mozilla\kwforzi.exe"C:\PROGRA~3\Mozilla\kwforzi.exe" -dawiryc1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3936
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjZFOTFEQzUtQUNFRC00QTI4LUFDRkItN0EwN0E5MDZBODJBfSIgdXNlcmlkPSJ7OTU2MDI1MTgtMDJFRC00RTEyLUI5ODctRjQ3ODhGOUU1NDBGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDZCMkRCOTktM0RENy00NDU4LTlBNzUtNEM2RjVBQ0IxOEU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwNDYzMTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQzNzY4NjQ3NyIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
201KB
MD5ef498eb2fcc69cae333e5dfe0d70cbf5
SHA1fa186c731a810e30bc5aa6ea075ae92c847d16f6
SHA256bfb51cfa3dae1dc3477b25e06b047d74e6bece8accf1fedc7e24af7a57fbf8ec
SHA512ef83b3bcb658a765a1c3329d6aded89a9a0850343d5fd84c9839086cf497a29ad8401626c4d9967eaea29265ed4c2d2e82259525d669d7667c7d5598a1f5483a
-
Filesize
47KB
MD583e1e47cb88de110861274ae345e6a5e
SHA146bfd6ca0514d1dfd288845067f5a28912f72823
SHA2566051895c049484841fd01ecb397cdee48f8553523e462445d3331607b7d22082
SHA51291d8a945e3debb3bcaf3548bd791cea0197d372568214fed06cf3517d16a31d359b6686340bec393e0794e3d6f788713ef5abacadc1348d81621368c911ffe8b