Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ab6fe618e0...7f.exe

windows7-x64

8

ab6fe618e0...7f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 09:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe

  • Size

    476KB

  • MD5

    89c4bf7297f085059f17b0ba1aa9c28d

  • SHA1

    f745c646fdf028af68934ed508ea59196690c6d6

  • SHA256

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

  • SHA512

    3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9

  • SSDEEP

    12288:st5AZ4CH2jUyobbWxLxKveZt/nNrV7LS8W:5Z4CWonixKverN9ZW

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe
    "C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
      "C:\Users\Admin\AppData\Local\Temp\\izsilaivzltjlbd.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1368

Network

  • flag-us
    DNS
    dtrack.secdls.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.secdls.com
    IN A
    Response
  • flag-us
    DNS
    dtrack.secdls.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.secdls.com
    IN A
    Response
    dtrack.secdls.com
    IN A
    127.0.0.1
  • flag-us
    DNS
    api.v2.secdls.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.secdls.com
    IN A
    Response
    api.v2.secdls.com
    IN A
    127.0.0.1
  • flag-us
    DNS
    staticrr.paleokits.net
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.paleokits.net
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure1.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure1.com
    IN A
    Response
    staticrr.sslsecure1.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    staticrr.sslsecure2.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure2.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure3.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure3.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure4.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure4.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure5.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure5.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure6.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure6.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure7.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure7.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure8.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure8.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure9.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure9.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure10.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure10.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.secdls.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.secdls.com
    IN A
    Response
    track.v2.secdls.com
    IN A
    127.0.0.1
  • flag-us
    DNS
    track.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure1.com
    IN A
    Response
    track.v2.sslsecure1.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    track.v2.sslsecure2.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure2.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure3.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure3.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure4.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure4.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure5.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure5.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure6.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure6.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure7.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure7.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure8.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure8.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure9.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure9.com
    IN A
    Response
  • flag-us
    DNS
    track.v2.sslsecure10.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    track.v2.sslsecure10.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure1.com
    IN A
    Response
    api.v2.sslsecure1.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    api.v2.sslsecure2.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure2.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure3.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure3.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure4.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure4.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure5.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure5.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure6.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure6.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure7.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure7.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure8.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure8.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure9.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure9.com
    IN A
    Response
  • flag-us
    DNS
    api.v2.sslsecure10.com
    izsilaivzltjlbd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.sslsecure10.com
    IN A
    Response
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 193.166.255.171:80
    staticrr.sslsecure1.com
    izsilaivzltjlbd.exe
    152 B
     3
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 193.166.255.171:80
    track.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    152 B
     3
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 193.166.255.171:80
    api.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    152 B
     3
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 193.166.255.171:80
    api.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    152 B
     3
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 127.0.0.1:80
    izsilaivzltjlbd.exe
  • 193.166.255.171:80
    api.v2.sslsecure1.com
    izsilaivzltjlbd.exe
    104 B
     2
  • 8.8.8.8:53
    dtrack.secdls.com
    dns
    izsilaivzltjlbd.exe
    126 B
     142 B
     2
    2

    DNS Request

    dtrack.secdls.com

    DNS Request

    dtrack.secdls.com

    DNS Response

    127.0.0.1

  • 8.8.8.8:53
    api.v2.secdls.com
    dns
    izsilaivzltjlbd.exe
    63 B
     79 B
     1
    1

    DNS Request

    api.v2.secdls.com

    DNS Response

    127.0.0.1

  • 8.8.8.8:53
    staticrr.paleokits.net
    dns
    izsilaivzltjlbd.exe
    68 B
     141 B
     1
    1

    DNS Request

    staticrr.paleokits.net

  • 8.8.8.8:53
    staticrr.sslsecure1.com
    dns
    izsilaivzltjlbd.exe
    69 B
     85 B
     1
    1

    DNS Request

    staticrr.sslsecure1.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    staticrr.sslsecure2.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure2.com

  • 8.8.8.8:53
    staticrr.sslsecure3.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure3.com

  • 8.8.8.8:53
    staticrr.sslsecure4.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure4.com

  • 8.8.8.8:53
    staticrr.sslsecure5.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure5.com

  • 8.8.8.8:53
    staticrr.sslsecure6.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure6.com

  • 8.8.8.8:53
    staticrr.sslsecure7.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure7.com

  • 8.8.8.8:53
    staticrr.sslsecure8.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure8.com

  • 8.8.8.8:53
    staticrr.sslsecure9.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.sslsecure9.com

  • 8.8.8.8:53
    staticrr.sslsecure10.com
    dns
    izsilaivzltjlbd.exe
    70 B
     143 B
     1
    1

    DNS Request

    staticrr.sslsecure10.com

  • 8.8.8.8:53
    track.v2.secdls.com
    dns
    izsilaivzltjlbd.exe
    65 B
     81 B
     1
    1

    DNS Request

    track.v2.secdls.com

    DNS Response

    127.0.0.1

  • 8.8.8.8:53
    track.v2.sslsecure1.com
    dns
    izsilaivzltjlbd.exe
    69 B
     85 B
     1
    1

    DNS Request

    track.v2.sslsecure1.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    track.v2.sslsecure2.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure2.com

  • 8.8.8.8:53
    track.v2.sslsecure3.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure3.com

  • 8.8.8.8:53
    track.v2.sslsecure4.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure4.com

  • 8.8.8.8:53
    track.v2.sslsecure5.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure5.com

  • 8.8.8.8:53
    track.v2.sslsecure6.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure6.com

  • 8.8.8.8:53
    track.v2.sslsecure7.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure7.com

  • 8.8.8.8:53
    track.v2.sslsecure8.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure8.com

  • 8.8.8.8:53
    track.v2.sslsecure9.com
    dns
    izsilaivzltjlbd.exe
    69 B
     142 B
     1
    1

    DNS Request

    track.v2.sslsecure9.com

  • 8.8.8.8:53
    track.v2.sslsecure10.com
    dns
    izsilaivzltjlbd.exe
    70 B
     143 B
     1
    1

    DNS Request

    track.v2.sslsecure10.com

  • 8.8.8.8:53
    api.v2.sslsecure1.com
    dns
    izsilaivzltjlbd.exe
    67 B
     83 B
     1
    1

    DNS Request

    api.v2.sslsecure1.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    api.v2.sslsecure2.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure2.com

  • 8.8.8.8:53
    api.v2.sslsecure3.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure3.com

  • 8.8.8.8:53
    api.v2.sslsecure4.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure4.com

  • 8.8.8.8:53
    api.v2.sslsecure5.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure5.com

  • 8.8.8.8:53
    api.v2.sslsecure6.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure6.com

  • 8.8.8.8:53
    api.v2.sslsecure7.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure7.com

  • 8.8.8.8:53
    api.v2.sslsecure8.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure8.com

  • 8.8.8.8:53
    api.v2.sslsecure9.com
    dns
    izsilaivzltjlbd.exe
    67 B
     140 B
     1
    1

    DNS Request

    api.v2.sslsecure9.com

  • 8.8.8.8:53
    api.v2.sslsecure10.com
    dns
    izsilaivzltjlbd.exe
    68 B
     141 B
     1
    1

    DNS Request

    api.v2.sslsecure10.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\parent.txt
    Filesize

    476KB

    MD5

    89c4bf7297f085059f17b0ba1aa9c28d

    SHA1

    f745c646fdf028af68934ed508ea59196690c6d6

    SHA256

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

    SHA512

    3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • memory/1368-59-0x000007FEF3580000-0x000007FEF3FA3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1368-60-0x000007FEF24E0000-0x000007FEF3576000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/1368-62-0x000007FEFB901000-0x000007FEFB903000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.