Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

983f658e8f...9e.exe

windows7-x64

8

983f658e8f...9e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    188s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e.exe

  • Size

    25KB

  • MD5

    0ba6a784f270f68fa6e102277f9e04c0

  • SHA1

    21c2094526da9ee107fd4421f70e73acfe8c269f

  • SHA256

    983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

  • SHA512

    d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

  • SSDEEP

    768:OqbKI+C2pbyw15X/WllPlqZrpvUnPius:tKI+C2pWw1kzNq7MPiu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e.exe
    "C:\Users\Admin\AppData\Local\Temp\983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Windows\SysWOW64\wbem\csrss.exe
      C:\Windows\system32\wbem\csrss.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1348
      • C:\Windows\SysWOW64\wbem\csrss.exe
        C:\Windows\system32\wbem\csrss.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:388
        • C:\Windows\SysWOW64\wbem\csrss.exe
          C:\Windows\system32\wbem\csrss.exe
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1032
          • C:\Windows\SysWOW64\wbem\csrss.exe
            C:\Windows\system32\wbem\csrss.exe
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:1156
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\temp.bat
            5⤵
              PID:4664
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\temp.bat
            4⤵
              PID:1796
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\temp.bat
            3⤵
              PID:5052
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\temp.bat
            2⤵
              PID:3612
          • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
            "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
            1⤵
              PID:3236
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
              1⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:4432
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:17410 /prefetch:2
                2⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:1204
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
              1⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1716
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:17410 /prefetch:2
                2⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:4056
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
              1⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1840
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:17410 /prefetch:2
                2⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:3068

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\temp.bat
              Filesize

              160B

              MD5

              688de2c11d07cd1a0f0a22aaba2f38fe

              SHA1

              c693ee247172adf49b1fe68c597358b0e0e2477e

              SHA256

              8fd8370941a44a938f35789dae430fe4ee8bb1443f05baad544b48c261ae40d7

              SHA512

              d1ecc15e5e1da8d9f35f95ed2b66763ed314e9b523dacd1eb42332b8f3d9c8256f46830c7b9c107ada42cc51d4dfe6ac9cd845b6fdbcf25677c5c50b138bde0a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\temp.bat
              Filesize

              160B

              MD5

              688de2c11d07cd1a0f0a22aaba2f38fe

              SHA1

              c693ee247172adf49b1fe68c597358b0e0e2477e

              SHA256

              8fd8370941a44a938f35789dae430fe4ee8bb1443f05baad544b48c261ae40d7

              SHA512

              d1ecc15e5e1da8d9f35f95ed2b66763ed314e9b523dacd1eb42332b8f3d9c8256f46830c7b9c107ada42cc51d4dfe6ac9cd845b6fdbcf25677c5c50b138bde0a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\temp.bat
              Filesize

              160B

              MD5

              688de2c11d07cd1a0f0a22aaba2f38fe

              SHA1

              c693ee247172adf49b1fe68c597358b0e0e2477e

              SHA256

              8fd8370941a44a938f35789dae430fe4ee8bb1443f05baad544b48c261ae40d7

              SHA512

              d1ecc15e5e1da8d9f35f95ed2b66763ed314e9b523dacd1eb42332b8f3d9c8256f46830c7b9c107ada42cc51d4dfe6ac9cd845b6fdbcf25677c5c50b138bde0a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\temp.bat
              Filesize

              296B

              MD5

              6d4b95098b9a9f9cba6abb84be3f325f

              SHA1

              635dbf01655aa7c254a0742eeccfcc10448ebe3e

              SHA256

              48f32a7b5091f7a2603c9679bfd5183e8a4490603e6d9225d3c4d91c1ff548f5

              SHA512

              a6d05c46f3bcbf3f71f85e796caeaa9435eeb6261972bb5a0e9f00894a22453025e6c1c2861a18301fc2bdae4751d39740d2b2a84976d3e75480fae3f74cdc40

              Download Submit

            • C:\Users\Admin\AppData\Local\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Users\Admin\AppData\Local\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Users\Admin\AppData\Local\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Users\Admin\AppData\Local\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Windows\SysWOW64\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Windows\SysWOW64\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Windows\SysWOW64\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Windows\SysWOW64\n.ini
              Filesize

              19B

              MD5

              e415f059d8566da0d8d44108e0e915fe

              SHA1

              34dff1c646f465308c2804f0f046bbdcdfb53661

              SHA256

              b6765a3102953c72201321bfe2ef838e13e3ce395ef26c72e515a140e6d6d782

              SHA512

              fde3978b4d56abe680806dc62e6b9ad7f10ef2c6cbb1c7999c2f64c180056a600b98503446a1f3d2bd46487ef84d9a13ec1f3246d00451610a51af3fb21fec1b

              Download Submit

            • C:\Windows\SysWOW64\wbem\csrss.exe
              Filesize

              25KB

              MD5

              0ba6a784f270f68fa6e102277f9e04c0

              SHA1

              21c2094526da9ee107fd4421f70e73acfe8c269f

              SHA256

              983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

              SHA512

              d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

              Download Submit

            • C:\Windows\SysWOW64\wbem\csrss.exe
              Filesize

              25KB

              MD5

              0ba6a784f270f68fa6e102277f9e04c0

              SHA1

              21c2094526da9ee107fd4421f70e73acfe8c269f

              SHA256

              983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

              SHA512

              d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

              Download Submit

            • C:\Windows\SysWOW64\wbem\csrss.exe
              Filesize

              25KB

              MD5

              0ba6a784f270f68fa6e102277f9e04c0

              SHA1

              21c2094526da9ee107fd4421f70e73acfe8c269f

              SHA256

              983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

              SHA512

              d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

              Download Submit

            • C:\Windows\SysWOW64\wbem\csrss.exe
              Filesize

              25KB

              MD5

              0ba6a784f270f68fa6e102277f9e04c0

              SHA1

              21c2094526da9ee107fd4421f70e73acfe8c269f

              SHA256

              983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

              SHA512

              d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

              Download Submit

            • C:\Windows\SysWOW64\wbem\csrss.exe
              Filesize

              25KB

              MD5

              0ba6a784f270f68fa6e102277f9e04c0

              SHA1

              21c2094526da9ee107fd4421f70e73acfe8c269f

              SHA256

              983f658e8f38cad710e854b4631c8f3b632c57b537506d98c67e80712f14429e

              SHA512

              d6be5cce86a6edf0b43815adc58bfda9fa9867dd3fcaf68a40e18fe03d938edc7b35a84ff90d5ff2875b6499f6ed47d874ec95b6e2663a418cb6971c3089996e

              Download Submit

            • memory/388-153-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download

            • memory/388-149-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1348-145-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1348-141-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download

            • memory/4256-137-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download

            • memory/4256-132-0x0000000006000000-0x0000000006012000-memory.dmp

              Filesize

              72KB

              Download