Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

21fe91556d...d2.exe

windows7-x64

8

21fe91556d...d2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2.exe

  • Size

    43KB

  • MD5

    85ce39e5502a41d4d0aba6b06056fed4

  • SHA1

    3fbf4c812901ef6edd5c75c2fac84b7384d31056

  • SHA256

    21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2

  • SHA512

    227fb7390dc92b61d36dcb421c23ea6623e515b18f6fb8dda7a9f13d11477ba9d131cd59710968e4de063bfa0aa3c30ec9ffba1e6d802b18af7a87ce6387b83a

  • SSDEEP

    768:JpzH9DwrsRhGJMfllLfapMmQIXfWbw7MLiQ+ylgmVhrt3RXmXH4:Lr9DwqoJqLfa2IXuEwR+yltVlXmXH4

Score
8/10
bootkitpersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2.exe
    "C:\Users\Admin\AppData\Local\Temp\21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\windows\svchosts.exe
      C:\windows\svchosts.exe auto
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:3880
    • C:\progra~1\Intern~1\iexplore.exe
      C:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=QM00013&isqq=3
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3052

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    520071a63bb5e2038486cd0ce14055b1

    SHA1

    752cfb61bbe3ae1e2c2609c53aeee510661a59ed

    SHA256

    f8a989e9cf1fe0f0000c795537122a3c727e3b570b66582bfb62d9bbae4b20f8

    SHA512

    6f0131c9e0943c6a13d52a7525e1c592c95db868bf2dd21a8a37254150a239748985cc31518d0c4844bebfc5613feee6857b5debfbbbd6ed4539cd5e494ebbb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    779fe4f1da64e35ceee041cd39768855

    SHA1

    f6397c37d80a418a7f840fbe17c447e6c1e13388

    SHA256

    3b7485201ec9089180f3fcdfc2061524507f820e1eec8cfa7114b9aac5ecef80

    SHA512

    d9957cf2e61fa9a85c72509eb60c86d0c398cc2404390b8f4b0e728fcd2052450b9b5160eab5142a1b411f583ced8abba887eca36e2827daf8d8c84d1d3b2ff2

    Download Submit

  • C:\Windows\svchosts.exe
    Filesize

    43KB

    MD5

    85ce39e5502a41d4d0aba6b06056fed4

    SHA1

    3fbf4c812901ef6edd5c75c2fac84b7384d31056

    SHA256

    21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2

    SHA512

    227fb7390dc92b61d36dcb421c23ea6623e515b18f6fb8dda7a9f13d11477ba9d131cd59710968e4de063bfa0aa3c30ec9ffba1e6d802b18af7a87ce6387b83a

    Download Submit

  • C:\windows\svchosts.exe
    Filesize

    43KB

    MD5

    85ce39e5502a41d4d0aba6b06056fed4

    SHA1

    3fbf4c812901ef6edd5c75c2fac84b7384d31056

    SHA256

    21fe91556d24f8c8704c6777abe75c70ef36c5c2a33b7020ce479af6111eddd2

    SHA512

    227fb7390dc92b61d36dcb421c23ea6623e515b18f6fb8dda7a9f13d11477ba9d131cd59710968e4de063bfa0aa3c30ec9ffba1e6d802b18af7a87ce6387b83a

    Download Submit

  • memory/2808-171-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-193-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-146-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-147-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-148-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-149-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-150-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-151-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-152-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-153-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-154-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-156-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-158-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-160-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-161-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-162-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-163-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-164-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-166-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-168-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-169-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-170-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-143-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-172-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-145-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-175-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-176-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-180-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-181-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-182-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-183-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-184-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-189-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-190-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-191-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-192-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-173-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-194-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-196-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-197-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-202-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-174-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2808-142-0x00007FF9C8A40000-0x00007FF9C8AAE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3880-216-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3880-140-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4836-134-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4836-201-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4836-219-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download