Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
02/04/2023, 07:26
230402-h9svnsfb86 802/04/2023, 07:25
230402-h8859sfb84 802/04/2023, 07:20
230402-h6jgtsfb69 8Analysis
-
max time kernel
117s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
02/04/2023, 07:25
General
-
Target
https://download2391.mediafire.com/dwrifu0d8gngU1esXtH9eVSh1KCRcInDOWqTuzPxia5JviSSG4y4G0r5nZRgM5q6ZIvWFgwR9uIt89n4tNwmhEHZr6M8/edxrydvanz0j7ac/Win_Icon_Pack.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://download2391.mediafire.com/dwrifu0d8gngU1esXtH9eVSh1KCRcInDOWqTuzPxia5JviSSG4y4G0r5nZRgM5q6ZIvWFgwR9uIt89n4tNwmhEHZr6M8/edxrydvanz0j7ac/Win_Icon_Pack.exe1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4376 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\Win_Icon_Pack.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\Win_Icon_Pack.exe"2⤵
-
C:\Program Files (x86)\Windows 10 Insider\iPack_Installer.exe"C:\Program Files (x86)\Windows 10 Insider\iPack_Installer.exe"3⤵
-
C:\Program Files (x86)\Windows 10 Insider\7z.exe"C:\Program Files (x86)\Windows 10 Insider\7z.exe" x -y -bd "C:\Program Files (x86)\Windows 10 Insider\Resource.7z"4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp_del_Windows 10 Insider.bat" "4⤵
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq iPack_Installer.exe"5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\find.exefind /I /N "iPack_Installer.exe"5⤵
-
-
C:\Windows\system32\timeout.exetimeout 25⤵
- Delays execution with timeout.exe
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
148KB
MD5f3d2f74e271da7fa59d9a4c860e6f338
SHA196e9fa8808fbe176494a624b4a7b5afc9306f93a
SHA256d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3
SHA5121553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30
-
Filesize
148KB
MD5f3d2f74e271da7fa59d9a4c860e6f338
SHA196e9fa8808fbe176494a624b4a7b5afc9306f93a
SHA256d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3
SHA5121553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30
-
Filesize
148KB
MD5f3d2f74e271da7fa59d9a4c860e6f338
SHA196e9fa8808fbe176494a624b4a7b5afc9306f93a
SHA256d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3
SHA5121553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30
-
Filesize
36.1MB
MD5cdcf3c73452336ef09c2d6b149e00dc3
SHA150fef89141c4912e58ba8acf625b1274fd8129f8
SHA2568015634f7a794831793baceea236a771d3edeaf1251be0beee67e03327692661
SHA5121069e30ceaa4e098d3cc9b022a77a8ed2c4316c1d1394b729a01b9fbaed90d040d3138439c4cae1548f05be9270f2f9bea29f10f223f65ad4c1fdb861f95ef3f
-
Filesize
1.7MB
MD5ab90972d3cc7c7c7c1f8fc3b7f8d5383
SHA138114c82d6c66a48e535947233595219099aeec9
SHA2567902fdb07422f1d526b5ee498f8bd3019a686be9c509b1fb63490f32b037e333
SHA512d54c6c907bf747d593a0614e5bfe14db031ae95246a0bd519a09e19898de3fdb774345eeb90330ddc7c8faacc9e0509d45b8e3f8a111c0dbbade35684f157631
-
Filesize
168KB
MD5ed930685dbb865073b5c50d856b6431f
SHA1a9374772c0b7a42dc0944462ba23e58a7e7867bd
SHA25627c541db3bfd9bf68c3155b60f4d0008ecb32e80acca3fc4d9814976d0a94de3
SHA51238a61b2c30d1881c335c49e03e7d3a4f8e6de671b9d8b65e5a62ff0d37c306989dfbb94785796fcc87c1423714901e4b058ebd81ee6fd820a028a6a69b2ad207
-
Filesize
11.0MB
MD5dab17c10540ea981f10b4748105a3d77
SHA1a519f703f27e9b854e2abaa6547613851b107d68
SHA25620ae9faeac4e7940a444728a349706822b22bde7194e228167cc0424cb861165
SHA5124b45cc7f4ed50db62d829c0070da009611dc3838958e9365c51549f4d6111c83ec1aa399366c6fdb5f51fff644f1b8c686f5c49ca1e01daad0fe3ebc1f0ed91d
-
Filesize
11.0MB
MD5c78e3a380550933edf0c910d164b2722
SHA1c6c4245da1b27ecb559f547c76e3a9d97d4ad50c
SHA2562418dfbdb9c97e90cf7eb63d249cef3c6efec5c183557ea131166baf5db1dc09
SHA5122aa4fa14b0e4c4db3aa506398cb7d7470136df9d95869aa998f1b9ce42023d7763055821b65ec8eb97567e5c36baae42613a521f2dc5e4901eec2e71c484942d
-
Filesize
18KB
MD505881c368816adce83f69ebe8cdd1e66
SHA1f96830c41d327e818c36662e1e08bee2b3fc30c7
SHA25695debde2e09114ccb0838aaa2a35dba65061c87cd3430bc1a1e0f05d14d930a2
SHA51228480acd811e0ef863b96aa141b5278f8ee16820c400359d70c6b2c8780f35a217c1e5f563aecbc6b4f80eddc399a3884835d1e63a03bc3a69c09d6cd26f573a
-
Filesize
249B
MD5d02ca78c6eefd91f71c7a7622e796370
SHA1fb6d069345127acba59038030083742d2236a3d1
SHA256cece5ea9e14a2821ee8fbd6616f6f93f73e7641f4715bc24e8a4dbeaeff1ef81
SHA512e82b4cd02ffd0199068292d9fdb57d70bef29bc33eaef5e327293268d14ce7cebb03997a8048e93c8bb4fe4b2d5096608c17ffdeab98d09b60771c84665f023d
-
Filesize
941B
MD5a12a2d3a14e3a6dc6250bd7ab5e399c0
SHA1a9eb44510c98d2a066875e4e09904f70333cf8b6
SHA2567893df543413869f797b5733498b2027b2d69b4d3ec3bc998ba9c28e1b633e8d
SHA512af79120051d625288b670d2dc97ed8dcac18410a5763e936c8410a7e752294bf1085cce84405093648204be07232fda38fcf89a1dce1f2fec94069304b626454
-
Filesize
21KB
MD521da3154a1bc6d1d582ba74191f6756e
SHA12e48ce7cc1c888d2525750200e6dd21c14b7f59c
SHA256dea6f44854346692fc183119abed2de5848cadd47aa32d953a0b78ffa2a1868e
SHA512eb169f932b0741803f8f8d6adfac3253f86f57e103e8512d4da53775cca0d344fab8a83313c9014464d581210131b27c2170d1b198a17318c1090239a860d7b6
-
Filesize
988KB
MD5028a0537a0f1ac78babb11d034d660cc
SHA16f0965382aab3b823c36b02a8be409be27cb09dc
SHA2562cd7fabd158d1cd32de6063d03ca6aac3b3b1b877c64dffeed9c7255828d46b4
SHA5121262ce416e62aa88c64ed01acb593786800487108d94ff48d2c2f69fba4f5cd8b66277a93954bb31911614cfff56eb9474ce992f4e176f4a215f010fdcdfd243
-
Filesize
988KB
MD5028a0537a0f1ac78babb11d034d660cc
SHA16f0965382aab3b823c36b02a8be409be27cb09dc
SHA2562cd7fabd158d1cd32de6063d03ca6aac3b3b1b877c64dffeed9c7255828d46b4
SHA5121262ce416e62aa88c64ed01acb593786800487108d94ff48d2c2f69fba4f5cd8b66277a93954bb31911614cfff56eb9474ce992f4e176f4a215f010fdcdfd243
-
Filesize
988KB
MD5028a0537a0f1ac78babb11d034d660cc
SHA16f0965382aab3b823c36b02a8be409be27cb09dc
SHA2562cd7fabd158d1cd32de6063d03ca6aac3b3b1b877c64dffeed9c7255828d46b4
SHA5121262ce416e62aa88c64ed01acb593786800487108d94ff48d2c2f69fba4f5cd8b66277a93954bb31911614cfff56eb9474ce992f4e176f4a215f010fdcdfd243
-
Filesize
171B
MD5cb143eef30f7ad481e715926b63928f4
SHA14bb8ae8914d07d475c4c5bbf97abfa8c60544e00
SHA2566105a59eaa1401813a363239fb193a79179d3abc93abc4f65f180e60770b6e17
SHA512e3067b72b255772a73d8ea4564e4874008fb52de9e18cfcdfda547408288826629f1f2ce7c0efb07b9528d34e0efd0635b91560df50f12edd4b5c19cef5af19d
-
Filesize
471B
MD5c5f20d91cc08608a86cdf45c1e06e8b5
SHA1c0fce1c4a306dc0bf372ed0907cf8b7f4a2d4d37
SHA25648506ee2253275198c9205a541e4fc2a20a31c359ad3206550a678d1cc267a95
SHA5123f2a0dff529fab989e0afaf3c4c43f9d1f847f8569006f5afa3ea50245e364b363fd2d8b6c9dfa8837d8cf59c1a56ec41f03f0ff6acb82e5df9980c0be3e3da6
-
Filesize
434B
MD59a99b7b5e389b3af5927f3d43b72545b
SHA13d28129add48ebf09b5378f098c97809f37a8ad5
SHA25663156a28a4a7f1df090fc4d6635d0c14584fc1b4d0efdd1671e10fda258d65d4
SHA5124896aa5ef40564e5191854e17423aa82c18a382c1608e9c33fb4056cad8ea40be02bca37b79d1c73cd516fbb79979949dc37d20a6992c2353d0ab5ebda314e0e
-
Filesize
11.9MB
MD531214ab9b12c4185a07da2331b2e09db
SHA18a6d6275c564c3098d4346f915b365f23ce16b8b
SHA256f70bd9ffc1c5f7e0b55dcdfea45c15a2febd1709f1ef1d8b6d3d88f37755d2b3
SHA512a649c7d9090682016fc2247b9072bf9f84bb2d56db8b83baa75c80a9ccf0debd9d324d4b4577c0b0f0c720e1375fdda20ad69edb4fe2cf212e36377d74d62868
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
11.9MB
MD531214ab9b12c4185a07da2331b2e09db
SHA18a6d6275c564c3098d4346f915b365f23ce16b8b
SHA256f70bd9ffc1c5f7e0b55dcdfea45c15a2febd1709f1ef1d8b6d3d88f37755d2b3
SHA512a649c7d9090682016fc2247b9072bf9f84bb2d56db8b83baa75c80a9ccf0debd9d324d4b4577c0b0f0c720e1375fdda20ad69edb4fe2cf212e36377d74d62868
-
Filesize
11.9MB
MD531214ab9b12c4185a07da2331b2e09db
SHA18a6d6275c564c3098d4346f915b365f23ce16b8b
SHA256f70bd9ffc1c5f7e0b55dcdfea45c15a2febd1709f1ef1d8b6d3d88f37755d2b3
SHA512a649c7d9090682016fc2247b9072bf9f84bb2d56db8b83baa75c80a9ccf0debd9d324d4b4577c0b0f0c720e1375fdda20ad69edb4fe2cf212e36377d74d62868
-
Filesize
288B
MD5907ef75e503f8243be0a05e7cf5d6220
SHA1d2111aca8b50c636cd064244d0728eb8c0855102
SHA25630369fd2aa831014676c03f84135bc7071d81cbed18672f7d738fbd0b0346d8a
SHA51281df64bfb621b950a4ef3c5e13291a07bc09eda418dafff08270b10a899d17ad85ccd70155c5fbebad149ae9e191977ff893644dc8f23cb9a8a98c27a99b781f
-
Filesize
1016KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4.8MB
-
Filesize
664KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
22.5MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
22.5MB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
360KB
-
Filesize
360KB
