Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

a1c17a517a...58.exe

windows7-x64

8

a1c17a517a...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    193s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2022, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe

  • Size

    361KB

  • MD5

    1808c6139d8d38b833668dac61766e6d

  • SHA1

    31c58fd77f59da88d461d0e68241bf11a547d15e

  • SHA256

    a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58

  • SHA512

    d39ef240cffeabaf706f84b7971ecc79ed9f9378c4f39170984f7e315778b0ba14895dd25d30cffa86648311a9829997cd4bbde192ab4800b0768d451a48b796

  • SSDEEP

    6144:RflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:RflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 5 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 49 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe
    "C:\Users\Admin\AppData\Local\Temp\a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Temp\bxqngrohdxqmfung.exe
      C:\Temp\bxqngrohdxqmfung.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\blvcmtdntd.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1576
        • C:\Temp\blvcmtdntd.exe
          C:\Temp\blvcmtdntd.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1948
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:848
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1620
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\i_blvcmtdntd.exe ups_ins
        3⤵
        • Executes dropped EXE
        PID:1944
        • C:\Temp\i_blvcmtdntd.exe
          C:\Temp\i_blvcmtdntd.exe ups_ins
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\blvcmtdntd.exe
    Filesize

    361KB

    MD5

    130f867e4e469cb7ac756583d347eff9

    SHA1

    8f016d6aed682a9ca675be4ac5463f92fcac0af2

    SHA256

    78bb8b8cbaada64193f5771f87d96e716939e26f2f5365fb31248ab937b74d42

    SHA512

    29721c9882c1ea7e8bf3c4ea9a039ea5f0c50ba594f131ed746d422739026e6da40f762f89e1b0445254c839249f36b863751d11279b43ce5d136dd61c3bb60e

    Download Submit

  • C:\Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit

  • C:\Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit

  • C:\Temp\i_blvcmtdntd.exe
    Filesize

    361KB

    MD5

    6011b7b07683e2457f29a988e70f99dc

    SHA1

    2f7d53ea5c1eecb827d91071d9c1a1861ff17130

    SHA256

    e7fe666fe618da598e99d0f3ad7f7a5dc45a1c34827f76a85fc7603326f0f804

    SHA512

    7517926f063ee811a73bc262caa8c302b9227628b3203565227546f183328ee6440e781119851c2f4e1abc5fb7ff03b18bb123543fc6f91b6e20906877ed06a0

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit