Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Photoshop-...es.exe

windows7-x64

7

Photoshop-...es.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2023, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Photoshop-2023-Windows-24-1-1-es.exe

  • Size

    2.7MB

  • MD5

    ec858a1ee9f40e1ada7ebfb416ed5395

  • SHA1

    f280617f79d23e9b7b899485987cd7a9188ec198

  • SHA256

    c09c6a33c56331d6113ebd3100ea2a6c5efabe79b2cd233729bead18a028a632

  • SHA512

    ed95d6bc80376cb97efc126ab5c9f7ef2562f2218cc2f26152c85f784c6c9207068fd2af7283e10d332783808b6cd6ce11975669e8e6c3e44e0a41b4f81fdec3

  • SSDEEP

    49152:aGTEMisXVCgvAZ6X/b5Bvd11LkrgCuygbwEF2m8o:aGIMis04Agz5/L8jk5

Score
10/10
adobephishingupx

Malware Config

Signatures

  • Detected adobe phishing page
    phishingadobe
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Photoshop-2023-Windows-24-1-1-es.exe
    "C:\Users\Admin\AppData\Local\Temp\Photoshop-2023-Windows-24-1-1-es.exe"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3368

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\styles.fe13d093[1].css
    Filesize

    521KB

    MD5

    1e8ea7921995658527791b2ebdea630b

    SHA1

    bbfa6c544cbcd4da34afedfd69f125f9a9a6cfea

    SHA256

    63f61355dfb9df94f87cd36cc7c2d46d29c9468059a61a9992a2a5d442a41520

    SHA512

    0f0f28f6b4274ac0698a816a90d57d1c292d056dd5b814541434cd8d83a476076fb463992c72248e56a729c9f6983cf1cf4eef7ea978c581206b229fa10e04e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{3F981B1A-5921-4085-93BD-08720DEC4A4B}\CCDInstaller.js
    Filesize

    1.2MB

    MD5

    e7270a034f4d24d41112e8480c64713e

    SHA1

    4dd1df35aff308917b344b0f630f64863bd34c40

    SHA256

    181b14ad0eda3af13306e54a7a5045fce9ab42c1325d7c4e2ebd61d3308d7430

    SHA512

    06ac7c119ce36e0e53d25e8beab05f05cbe719859d3a07b4fbd9821e4ea47ec3fa1646ca5d4da2f17592888a5a1af64e784ddf8c3b829b539c93a270dc8db854

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{3F981B1A-5921-4085-93BD-08720DEC4A4B}\index.html
    Filesize

    426B

    MD5

    a28ab17b18ff254173dfeef03245efd0

    SHA1

    c6ce20924565644601d4e0dd0fba9dde8dea5c77

    SHA256

    886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

    SHA512

    9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

    Download Submit

  • memory/3368-144-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-191-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-243-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-245-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-266-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-268-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-269-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3368-273-0x0000000000550000-0x0000000000E38000-memory.dmp

    Filesize

    8.9MB

    Download