Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/12/2022, 01:33

General

  • Target

    918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f.exe

  • Size

    112KB

  • MD5

    4674566e25e78bb4f4ab7a8a1c86f9cb

  • SHA1

    adb83767f85dc9e6270ca934c51bd87203816086

  • SHA256

    918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f

  • SHA512

    9e5ba5a481f7f4c7671615b1861f077976e76a87467b5fe1a45556b68b2e78265ae9cf1a484bd83f3f1ff4f8f56cae1edfad864f80201f80e81d9ae1c99bf318

  • SSDEEP

    1536:kr4vEtHYKKSYP8mxBsEQRn2BkRd4Kp1xtHYKKS8D:kReKKSYh4Eimym2xeKKS8D

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f.exe
    "C:\Users\Admin\AppData\Local\Temp\918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Program Files\sytre\ksoft.exe
      "C:\Program Files\sytre\ksoft.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4780
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\918C7C~1.EXE"
      2⤵
        PID:1356
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:1484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4728 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3188

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\sytre\ksoft.exe

        Filesize

        112KB

        MD5

        4674566e25e78bb4f4ab7a8a1c86f9cb

        SHA1

        adb83767f85dc9e6270ca934c51bd87203816086

        SHA256

        918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f

        SHA512

        9e5ba5a481f7f4c7671615b1861f077976e76a87467b5fe1a45556b68b2e78265ae9cf1a484bd83f3f1ff4f8f56cae1edfad864f80201f80e81d9ae1c99bf318

      • C:\Program Files\sytre\ksoft.exe

        Filesize

        112KB

        MD5

        4674566e25e78bb4f4ab7a8a1c86f9cb

        SHA1

        adb83767f85dc9e6270ca934c51bd87203816086

        SHA256

        918c7c0359cf05bf076302540d40c4131ac09fbbf2d734b6119a4f5cc2397a5f

        SHA512

        9e5ba5a481f7f4c7671615b1861f077976e76a87467b5fe1a45556b68b2e78265ae9cf1a484bd83f3f1ff4f8f56cae1edfad864f80201f80e81d9ae1c99bf318

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

        Filesize

        471B

        MD5

        8b90c80540ac0b7f86a00f00c7adb0e5

        SHA1

        a83d1a28ce3a71303dc0eb7359182812d74539c8

        SHA256

        47d6c62ae69a38a716da5db2d4b4c95193dc1dcbebef3c55dea8c0cfb13ea256

        SHA512

        546494549dbf6e3c8fc547c3269a3564c6ba6e34ba66df238f31f6b53a35f9b46f5973deb38c7a686ee89b484b95cb0be1c4b49b5c771d38d80d42eb66885cd3

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

        Filesize

        434B

        MD5

        449287acae34b701fc574d32b49f687a

        SHA1

        ccef7f480e2f4c9e746c1481d24c5c07c489bf89

        SHA256

        c828efca156b1f5d7dee4bb38017022ef06eaa9aecd4892cf94facb189979dba

        SHA512

        c1f0a1bf0cc49b48edece4d390529c04b48b2ce70a25e213280c0bc96855bbe58c37349349db7af825880276c72e574a9162b8ce2454ed7b205eefbfda51fa5e