Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

sm-free-online.exe

windows7-x64

8

sm-free-online.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20220812-es
  • resource tags

    arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    08/01/2023, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sm-free-online.exe

  • Size

    1.9MB

  • MD5

    d3daccb226696384058d00b613725d94

  • SHA1

    62b090d57920d6330c2904a768cf204a07a68eb0

  • SHA256

    0fcd10a01400f14d238e7793369acea183dc771f124400e3d525db3a0a8740be

  • SHA512

    09c145709878cfa1bc45ddf3ebde789529fc15931f777f2febd8476ce9dcf18269abcbf0a2e89b6659574a20d017cf3d092939b41dc98ed5a4993d9677059083

  • SSDEEP

    49152:Lt4ZnXnnCILzWmoKhK4IPE90uscDvL9ZcCOAtxi3x:LtgnXnnCILzW9MK4IrWP9ZcCXPQx

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Kills process with taskkill 2 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sm-free-online.exe
    "C:\Users\Admin\AppData\Local\Temp\sm-free-online.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe
      "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:792
      • C:\Users\Admin\Downloads\sm_free_x64.exe
        "C:\Users\Admin\Downloads\sm_free_x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniTool ShadowMaker\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniTool ShadowMaker" /LANG=en agreeImprove=1 /online
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1664
        • C:\Users\Admin\AppData\Local\Temp\is-GB0KR.tmp\sm_free_x64.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-GB0KR.tmp\sm_free_x64.tmp" /SL5="$40136,215838957,268800,C:\Users\Admin\Downloads\sm_free_x64.exe" /progress="C:\Users\Admin\AppData\Local\Temp\progress.txt" /VERYSILENT /LOG="C:\Program Files (x86)\MiniTool ShadowMaker\Innosetuplog.txt" /NORESTART /DIR="C:\Program Files (x86)\MiniTool ShadowMaker" /LANG=en agreeImprove=1 /online
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1100
          • C:\Windows\SysWOW64\taskkill.exe
            "taskkill.exe" /f /im "SchedulerService.exe"
            5⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1840
          • C:\Windows\SysWOW64\taskkill.exe
            "taskkill.exe" /f /im "AgentService.exe"
            5⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe
    Filesize

    4.0MB

    MD5

    fd0f3fe0bef80f45d0076945eb2cf637

    SHA1

    df1a423493779e9d3c6b4579179c5df3eae5cfc2

    SHA256

    21ee807a609fb2329ad718d9b9f60f8f9a3676ad2d74cd669b4a40e106dd1800

    SHA512

    78442553f5f645bc33dce718164ef9433a0ad2ef4cd4fb5edc85440b666ab6038929d6271b933cd3793d2dc95813fb4fb302d79cb111d4033ea26516dd275fbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Check_Selected.png
    Filesize

    1KB

    MD5

    6d116dccaac5056d7d1f4a593d5ac0db

    SHA1

    242a6a198c7e1e22bda176065cf0b26a276b6f72

    SHA256

    0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

    SHA512

    037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Close_Nomal.png
    Filesize

    1KB

    MD5

    99fcff2aca703823e083cb90a3192146

    SHA1

    376158f2e3e6c4f42e67415f180539d562bd27fb

    SHA256

    cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

    SHA512

    86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Config.ini
    Filesize

    403B

    MD5

    ebc1e705794cb3b3b4da6a202615dff4

    SHA1

    214cffad28fec3f11988df9009ee8a99eeadc019

    SHA256

    f679fb8df3a97d0980856470dc5b46e473d2fdff1d5caf76728c0a150e77da71

    SHA512

    861c40c13928e19b798128e9b6f11dd5fae4f75f8d1bbeb0943e736aa3e2acc6847901231e89b7107bc0d7e11adbe3e58a4e9ebebbf919422503da77c858e96b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\DownloadUI.xml
    Filesize

    11KB

    MD5

    d2aab2f1f719a3617b37e56c52d4f5c5

    SHA1

    842d5ea133392c9b1324f71b55d2d5e47ca21ad8

    SHA256

    56994510c0733871eb9b3a7853ac715febc2b469c83fa65c82aa262b6020926b

    SHA512

    53b5f5fe4f1041c5cdcea2b2da4062786e0771c3f7c453739acf1be65d6c912b32246b86f54757a5b92cdf8b0d264ff66d4bb0bfe76afc06cac4c7cafd1ac066

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Download_Pic1.png
    Filesize

    24KB

    MD5

    cd50872f08f95b8d3898f6f6ceb84435

    SHA1

    b3b5ba23ca6f0e6579d5f57057e183ed5a03076e

    SHA256

    95838930623658d2f91b81c1875c608621d1d94f7dd09229d39c59c5e7932e55

    SHA512

    66e7f3d94feb5f0cd5c2d33424c8a554a59fa498831433f5340177d2729d5867b7f707a9ffef9c17bcf764acaf6b077373f8012a6f231f218993af62eb033884

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Download_Pic2.png
    Filesize

    22KB

    MD5

    cb41870b5ce652f67448f01ef5750da1

    SHA1

    13ffd19be27a61bd14edf48e12f357576b86aa10

    SHA256

    55a0f3452e9524f18e025747529d5540b901b75a5f1db0f7ca298745adddd41a

    SHA512

    9d5d8ac3a0180783dd0478baf4b38f8dc7eb61c15bd2ac32c4af3f3702c2cb4b168d2a2d4ec31c7189d804253c270335f7a6522e657a686c8a31653985e961dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Download_Pic3.png
    Filesize

    31KB

    MD5

    2e69d0a6a8c3097fc43ec3bbfebfdb6f

    SHA1

    90610213d2630163bcb22551cfd0389383627651

    SHA256

    30672b629b0909f68c1e463ba36440c0a13ab40e0cc8aaa761b324ea9d8bc73b

    SHA512

    8995e8075c376765973d49c7d65c776d9330268d11d5e53c1a0009f55ed3ace464adfcc1f8db52076ce819759edbe56295608baca8e453cf0ebbac6dbfd382cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Download_Pic4.png
    Filesize

    16KB

    MD5

    bfc3c508fce989c7e7dba31ced81643d

    SHA1

    47abab0425f24d55173236d156e0f5240c470881

    SHA256

    43ee936eb96f297344363179b43d84a78c3a3518428a53e271709cdbd7e98e49

    SHA512

    d28ec0d8e7441a1c6b94991aee4a7a1392516db017efecd94d66d986e370f79782a661d514af282175de77b383fd25eb2e4b5422b5df93898d1589c2ff2d17e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Download_SubUI.xml
    Filesize

    1KB

    MD5

    9f811e49c25c095d3710ce2a2c726ecc

    SHA1

    2fe09b749a6109aa58e4f14e936ad9bfd1fc727a

    SHA256

    6fb7b310c0673be802156ebb19a44f8a841654d99f56c8d03444c159a0a486d9

    SHA512

    5430dfbff533ce804f03ca31bc7fee71576f48844cb78eb4639628ea6fa6d51ecb53b50199db967abb855ca1e2a7afe92a770029a355c9b56b6296d31f40b42e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Dropdown_Nomal.png
    Filesize

    1KB

    MD5

    79a297af3cc5d3501558bfc2344f250a

    SHA1

    7cae747038212afaf6ac69ae57e99cdf9a7ee97d

    SHA256

    0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

    SHA512

    e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Installnow_hot.png
    Filesize

    1KB

    MD5

    c897aced408ce92278f3ca7b506e8661

    SHA1

    2af7822dda6e2df6a4260fa482e5393ff2cd1cbf

    SHA256

    9b796444a10eb0454d7b5a31ec5f8fa2e5261386d569c032ec163cae89659e26

    SHA512

    6fd9ba6e27be168ef1a66e8ab5b7fd174f975f48e84e84d75de908058d51425c04ab70d539653d7b20a8bf79820e30e75131f4d20db43e586585e6074ef18716

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Installnow_nomal.png
    Filesize

    1KB

    MD5

    5a02fb88141286b03e5c96bfab807c11

    SHA1

    4639a647d31d267cf08f4d3e92d62e61749ca1fa

    SHA256

    7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

    SHA512

    f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Language.ini
    Filesize

    80B

    MD5

    b242e5140134513d58d4930992d8d2c7

    SHA1

    64b208c1ed80183dbb0982cf33db7a4696f6c734

    SHA256

    7fab414a11faf0e49e79edce34cbc2b4eac52217b9db9b8b26630d7db35a79a6

    SHA512

    bea21e4135712513f1f80e1df287b6f45c143fbb9765312863bb6cca15922a7850303ade462574c130c19d3ff90c1174d232afff0f8175aff20eff52f5944cef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Main.png
    Filesize

    30KB

    MD5

    5adbf3fb03b7d11525e13eca17d81ca6

    SHA1

    9863412957ed1e311203fc1424db58254eab6279

    SHA256

    745f841d49e71e1c6e27e580bedee03cecf1d5883f4a5e550b44fe28eee67cfc

    SHA512

    79d7114e2ae7306908e2011543ac6278a288b32d4071cf1377350fcd03983c298aafb0a8436cc92d3884c18fff9c89cd4f94913ccdc648e2b7360055919374e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\MainUI.xml
    Filesize

    9KB

    MD5

    ea1eb245ad1843da4fd09176eb27b4c1

    SHA1

    759cf4fe2b48b31eb428f034e720562153a85eff

    SHA256

    ded685dc3d3aad3064b341e4969dd2beb91efd0fbfdb30eac990dc75a91b16bf

    SHA512

    00b8b121583295b3549c9b8538b1119a2384a8032b5d94ba5cab429f58e724d337f4d0e0d388b52da712efd477f591b6b51d823643f9581d15b6ed2cefe38112

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Min_Nomal.png
    Filesize

    1KB

    MD5

    cec7303d0563442f004e14ee00e7c266

    SHA1

    9933da818587ed882c93c5812847a89a624ff883

    SHA256

    7f684e9916e99e872a42a8b334f83c41fb3610b93a666faec7eba034e689319f

    SHA512

    af33dd3905b24a9f23a726ce32684970358b4000ad3b7e74a29dcbce1456b00ea5d3953d3fde13feca3c28cef0b34d64b08e08717d290aa387228bef6359ca4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\pro1.png
    Filesize

    1019B

    MD5

    cb08c0b8de0d0d24211f11ead4d56766

    SHA1

    01ea0820df1ec081755ab7d7fb30681722b876d9

    SHA256

    3e3ea167ca42350f96f379c4ee628abe4ab09bbd8f9bd00de4cff1dc9ca62eee

    SHA512

    e10c72cf708f41a7a43542df50f54f0f6338dea62893af3798ba346f9091884f84f2806ae1a408f74174df6e94d4331c9107160bfdd49cf4fd64424252da079d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\pro2.png
    Filesize

    1KB

    MD5

    a7b631b24b7209528e29931625ce6417

    SHA1

    051ce0d551a041b87f776af6c59745500da718e5

    SHA256

    a8e2e387664d507b38fec7b614bf35d863b70253c743a2475d69e468c19b35ae

    SHA512

    05acfeed0f37b8f8c00eee44c479dc9403e39ce9df29ee1b0ed3e64fbed7265e461d92acd0512d12c337e53d2d297520b4acd596c163c9882677d8f08941cfa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-GB0KR.tmp\sm_free_x64.tmp
    Filesize

    1.3MB

    MD5

    ee7aa3dd4fec2da4425a99e48033dce8

    SHA1

    bfe78890dd029a009900265e788eace870ec9297

    SHA256

    c872ceb34b58018f54bb3253411c123ed74f54eee6872535041aa9a604728c10

    SHA512

    8f11570b5fa3e1f6e6d1fbca4b23a96cc0fce8582875106de33fbc5262ded34b8203163e41b9df793bf453e8810a6726b7bcf0862da82a96228e9a66807c2c94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\progress.txt
    Filesize

    1B

    MD5

    cfcd208495d565ef66e7dff9f98764da

    SHA1

    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

    SHA256

    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

    SHA512

    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

    Download Submit

  • C:\Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • C:\Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe
    Filesize

    4.0MB

    MD5

    fd0f3fe0bef80f45d0076945eb2cf637

    SHA1

    df1a423493779e9d3c6b4579179c5df3eae5cfc2

    SHA256

    21ee807a609fb2329ad718d9b9f60f8f9a3676ad2d74cd669b4a40e106dd1800

    SHA512

    78442553f5f645bc33dce718164ef9433a0ad2ef4cd4fb5edc85440b666ab6038929d6271b933cd3793d2dc95813fb4fb302d79cb111d4033ea26516dd275fbb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-GB0KR.tmp\sm_free_x64.tmp
    Filesize

    1.3MB

    MD5

    ee7aa3dd4fec2da4425a99e48033dce8

    SHA1

    bfe78890dd029a009900265e788eace870ec9297

    SHA256

    c872ceb34b58018f54bb3253411c123ed74f54eee6872535041aa9a604728c10

    SHA512

    8f11570b5fa3e1f6e6d1fbca4b23a96cc0fce8582875106de33fbc5262ded34b8203163e41b9df793bf453e8810a6726b7bcf0862da82a96228e9a66807c2c94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-K3SFP.tmp\innocallback.dll
    Filesize

    71KB

    MD5

    620a17c7645622184f9ab49752f69976

    SHA1

    428c45a7adfe271326cd036b35b91da1177e5510

    SHA256

    1fc556924686e9f0c762a95a2fcdc297c46c6ee15cd2bfd0bab9a53bfbc00dd3

    SHA512

    9909e307bef504b3b16f6f79f8a5fd4a9f5543b560811a14b9f8a23bf83a170820e1616092fcd1b1e1d62e0db233e328cf0ef4428b242db6f44088e2fd167fc3

    Download Submit

  • \Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • \Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • \Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • \Users\Admin\Downloads\sm_free_x64.exe
    Filesize

    206.4MB

    MD5

    35729d1555b99ac537c144b2cd1ad010

    SHA1

    5d0b937a781292bdccc931b3ae1ac57113074395

    SHA256

    374ed5b0ca473cf9ec2fab6bced321dd32d40f7318bfcced1adf1d525e016f6b

    SHA512

    35246edadae2aa711485fa4a2cb20350a17e2b01b0a362d1a00a45d39c1151cde2fbed8681a0af5b757b5828d97458117e2da8b33d202d8daceb7a3af782520e

    Download Submit

  • memory/860-54-0x0000000075541000-0x0000000075543000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1100-90-0x00000000003D0000-0x00000000003E5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1664-82-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1664-92-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download