Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

a1c17a517a...58.exe

windows7-x64

8

a1c17a517a...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    193s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2022, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe

  • Size

    361KB

  • MD5

    1808c6139d8d38b833668dac61766e6d

  • SHA1

    31c58fd77f59da88d461d0e68241bf11a547d15e

  • SHA256

    a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58

  • SHA512

    d39ef240cffeabaf706f84b7971ecc79ed9f9378c4f39170984f7e315778b0ba14895dd25d30cffa86648311a9829997cd4bbde192ab4800b0768d451a48b796

  • SSDEEP

    6144:RflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:RflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 5 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 49 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe
    "C:\Users\Admin\AppData\Local\Temp\a1c17a517ab0d55b393bed9b9f6c4302cca2472945287ed7fd4c89fe06bdfa58.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Temp\bxqngrohdxqmfung.exe
      C:\Temp\bxqngrohdxqmfung.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\blvcmtdntd.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1576
        • C:\Temp\blvcmtdntd.exe
          C:\Temp\blvcmtdntd.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1948
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:848
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1620
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\i_blvcmtdntd.exe ups_ins
        3⤵
        • Executes dropped EXE
        PID:1944
        • C:\Temp\i_blvcmtdntd.exe
          C:\Temp\i_blvcmtdntd.exe ups_ins
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1652

Network

  • flag-unknown
    DNS
    xytets.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    xytets.com
    IN A
    Response
  • 204.79.197.200:443
    ieonline.microsoft.com
    iexplore.exe
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    iexplore.exe
    152 B
     3
  • 8.8.8.8:53
    xytets.com
    dns
    IEXPLORE.EXE
    56 B
     129 B
     1
    1

    DNS Request

    xytets.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • C:\Temp\blvcmtdntd.exe
    Filesize

    361KB

    MD5

    130f867e4e469cb7ac756583d347eff9

    SHA1

    8f016d6aed682a9ca675be4ac5463f92fcac0af2

    SHA256

    78bb8b8cbaada64193f5771f87d96e716939e26f2f5365fb31248ab937b74d42

    SHA512

    29721c9882c1ea7e8bf3c4ea9a039ea5f0c50ba594f131ed746d422739026e6da40f762f89e1b0445254c839249f36b863751d11279b43ce5d136dd61c3bb60e

    Download Submit

  • C:\Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit

  • C:\Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit

  • C:\Temp\i_blvcmtdntd.exe
    Filesize

    361KB

    MD5

    6011b7b07683e2457f29a988e70f99dc

    SHA1

    2f7d53ea5c1eecb827d91071d9c1a1861ff17130

    SHA256

    e7fe666fe618da598e99d0f3ad7f7a5dc45a1c34827f76a85fc7603326f0f804

    SHA512

    7517926f063ee811a73bc262caa8c302b9227628b3203565227546f183328ee6440e781119851c2f4e1abc5fb7ff03b18bb123543fc6f91b6e20906877ed06a0

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    da4e36f917a094aa804733817ddbc806

    SHA1

    bc35dfb191a0aba00b08ae8deb00d576cc7af59d

    SHA256

    65a39bdd9c058e02715571598ce70767ddc4127fde2c0fec855b9a14148ef8ff

    SHA512

    c25f2178d7fa51998dbd6ece1f7444778f368c65da355740d6bb583391aba8333c2adaa85c07fd789e125823688b9b893a20161d8da60c1ee06e40241c294113

    Download Submit

  • \Temp\bxqngrohdxqmfung.exe
    Filesize

    361KB

    MD5

    739986de701ac453198472acd7cce68a

    SHA1

    8a1a9b95010fdc19178c1941395448f1551191f0

    SHA256

    fc9ee9fec0300bad72c341ec9ba9f0cbdf798d51a6532203ce4b0f909ed69754

    SHA512

    1a258bc1a8eb957225cefca9582f861406a18976b4cf8a8ffd8ffe7d1791d7ac552b1d3899c7fbcf2b9ea3369b5de217d8b885d4d1e2ec37adb45688d2bafa8a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.