Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

dropper.exe

windows7-x64

3

dropper.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    86s
  • max time network
    86s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/03/2023, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dropper.exe

  • Size

    35KB

  • MD5

    f69e703666a6a41005501bc65645916c

  • SHA1

    c44215f3fe477505b7288a261aff28dce6d5aa32

  • SHA256

    0b2f88a609b82dbad98a8b6624552e9c2e5db2173c148d7dbc2f0ea6133d9cb3

  • SHA512

    6e775cb3cf9ac61da431ac05b07dc26483887d385ed214ba11cb557cdc54c198e79698f44dd82c3fcd974a4f70524388a023f1e955459913cf8199c5e4695dc5

  • SSDEEP

    384:bxiHABz9q3FxmHu+JjOdb932NOHu469aMgMcpMQiW4zmkZXOfq1eK2ZkLCh4fdu1:bCIFqb932NOO7BXbOfq1QkmOnI66N

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dropper.exe
    "C:\Users\Admin\AppData\Local\Temp\dropper.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1716 -s 532
      2⤵
      • Program crash
      PID:928
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:572 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    867B

    MD5

    c5dfb849ca051355ee2dba1ac33eb028

    SHA1

    d69b561148f01c77c54578c10926df5b856976ad

    SHA256

    cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

    SHA512

    88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40ecec874d54c2cc5e002a30009b6275

    SHA1

    c6001dea37e7f74b134454942059da64025af4a1

    SHA256

    bf73501b9ec04e0929e6ffc67a9c0a64c853d0b416869ac032099af7c99fce57

    SHA512

    1d925a89b4bad097d82345d9ae658d684d4e8736e5bdf752d94966ccaa91eef2ad69537e3528d165fb46fee6e653e014a48e838163d5db9f2c368a3d23ba151c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34e8063a8ac9a45545c830ccde789dd3

    SHA1

    25bf0cf94a2897206d3943d3a5f3464a28a8373f

    SHA256

    66271a48fe688f0390bc2a922d691803e8cc8a71df20217569f0b33075272fa1

    SHA512

    58796e1b3fb69438ca9591571084ab71c247090ef67121f52dceb62ca2e6b7a45e31b5d7b8be76671d1221e6a94f19841c7280929b86373dcb0e6507e8f22701

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b429d357230f6f392f2a44354601cc1

    SHA1

    9640e76af4238ac45280cb26cf8cde8b5de82c0a

    SHA256

    8e40bc9985625361c8fd6cde0386bd0b0c96783c8b0e5224a711b6750d92f35f

    SHA512

    b303d3401f06252f083a8bc03a21750a9c0a59ea094ca1b9e8d60d323476a97a7304130b50603c313f7814fb850144fbb0e518d09e36766d9b6dde896b970e2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b429d357230f6f392f2a44354601cc1

    SHA1

    9640e76af4238ac45280cb26cf8cde8b5de82c0a

    SHA256

    8e40bc9985625361c8fd6cde0386bd0b0c96783c8b0e5224a711b6750d92f35f

    SHA512

    b303d3401f06252f083a8bc03a21750a9c0a59ea094ca1b9e8d60d323476a97a7304130b50603c313f7814fb850144fbb0e518d09e36766d9b6dde896b970e2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc468ea1fc933edd100bc10721d60c2f

    SHA1

    8b6e9142babbc1deabf6507394f4d541b410de4a

    SHA256

    33440097c66f933706e56f4285f93908d8d5aa5aed597058ef6a7f6d71228598

    SHA512

    17dcb07961a3625c4e9398207c85264873a0bfae1986876ea5ebd30b52167054a0f73f8163cac30db52d624046973c7f8952e40766c408f08267a8b30af95805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2913b3434a49f8354d8606a73e15f77b

    SHA1

    1c7bca7c02b8246563bdc3f7358c0d22e73d1715

    SHA256

    d0730d5f480c11ee621fb4b8b28fd0d606b97089d53f4cb23c90c1b52948d817

    SHA512

    24f1a0fb1a0fa1601fb79a86492027c780755b03eeb8b350f515f52a96766729b04082c4e4de3b6829059604232f9cacfd96ace4f1abbe14f44b359fc6e59a75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    822fb974cace6e23483a456315e73601

    SHA1

    4633fabbc58c71e8bb3ccd0d07303a333c131de1

    SHA256

    0bc72ee15654a3d11156d3c0abdbb3410c9e073137ca4779c3f2eaffb65b579e

    SHA512

    c16b3c2978826e37741f29f9ba318eee9effea7676ba8acdba13595f3e4dd3a39a24e6d730793c18265dd03e3b6e227acf1dc4f15682dfc5780264519c50b831

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9359c58d81455696d1f637740141eaeb

    SHA1

    39e55b8d89105c03a851da6ae151102d224237fc

    SHA256

    ac7938e7e53a10969793e5a33f3b9962ce1d1c5719796726b12a5395b9389f72

    SHA512

    daca4e4c2f5da03ab767ab255a1b3b76fe7f540609c5e9544c2c8fcac9734df7a663fd4664d20644a323e4a3af8151cd4d37400b10ba9960ad25d32b0440ddf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4749be6913c09684249b1fd1192a70e

    SHA1

    90ee5d9105bbb1d4cc8735061e6742de0d24c149

    SHA256

    2bf61ae2248ae6ae641056a9823d3f5bbc13a5208c10c4d0023086d59ea1ab88

    SHA512

    caaefaaa355da3fdb3da1647808abe6250d4b7b4775f24988ff80cc536e642510bcd848d7d261af7de5dec3aa235fe819180b77058ca97abcfbee2949145f9c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df541f7a00d17c6f7e1095ad138a0f3b

    SHA1

    99c0c2d62a7912125a0b03a9b9afbbb01be01b20

    SHA256

    0c915d5ad4ff3d9eaa0ae29f774dc8a15fa38fca181c111e0465c0cafe1f5561

    SHA512

    369f7f02ba7ca479abe0ac53ff874aeb0477d1b9aa039bdfed833ed44d3f201400ecf6f4b19ca3452ff47ed6f52bcb243ab0686a5a6449051cc630dbaaad3eff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e258e189174232f0102fe5a83aed7b80

    SHA1

    699bd0ab3237d26b0385e7e3a4b5300d47f87776

    SHA256

    2be335130964b5b8d4ea00857a4e8c93407b844f8d86e02eaa906715946c0cde

    SHA512

    66ef435e6a143ab441123685df24947df225136c8c12eafe0cd3681b5a5284088fd7a5d59549d3eebcb2fc1e1441c2c63a7e75c9a9106a7c69171f7184885fb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    242B

    MD5

    3252d0c2b5716fe79c00ac3299b8bb62

    SHA1

    41b9f5cb88820b92137738c5bf137d0856eef006

    SHA256

    94ce052c32f5f9e7deaadbccacf56e4a1fa5e11e8d882bfde10015a3f9d81cb6

    SHA512

    40e4533d6e4b132c427125bc771684e71800fdaf87b037ee1ca7ecb316cd2284e6e1f8fad7a2fc18f6e52cc179041be52b7b931806c4d4d7ad291eb4527b3544

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9ACD.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9DD0.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OEZU1740.txt
    Filesize

    605B

    MD5

    70c8b847c5ec95102329deb94d4e499f

    SHA1

    205d53074e1b0bb025a19d0edb37766af4e02b01

    SHA256

    06945ba433dfb6c39dc635cc4d688e0680752014359650198c93273f64794eaa

    SHA512

    b4dbcbb940ef4ecac432456e4a222717f03fd8dc701678170bc66428fddbe0d1523aaed62e1df108f8301938f9b0f35a0a174b1fee85cd8ff7d4dd4f36d64d9f

    Download Submit

  • memory/572-55-0x0000000002B10000-0x0000000002B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-54-0x0000000000090000-0x00000000000A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1788-56-0x0000000000ED0000-0x0000000000ED2000-memory.dmp

    Filesize

    8KB

    Download