Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://118.107.7.166...

windows10-2004-x64

8

Resubmissions

13/06/2023, 06:23

230613-g5rldaff7x 8

13/06/2023, 05:28

230613-f55mkafe4v 8

Analysis

  • max time kernel
    561s
  • max time network
    571s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2023, 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://118.107.7.166/azu/azu641.exe

Score
8/10
vmprotect

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://118.107.7.166/azu/azu641.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3888 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1376
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\azu641.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\azu641.exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3208

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f00c651bd023e439cef538cb61938602

    SHA1

    7e49f7ce3c00bde7692a5fd85497e1f60b1f616e

    SHA256

    ac671834dcc3d8ef96272da936597334cccd7c1106beeac5919e6cb308f9bb66

    SHA512

    91ddece9b7c3fe2ab0d9b4891fbe522f344b58fedf99b5eee0f06e573770dfb96d69c0727102b94a22d34a671fa28cd51d90e4fd35b28443b260195a9ce53de6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    2d50fdc677ad15edeea33930fb0840ff

    SHA1

    7d80841a69d6befc73fefb8f73f5300d8bb33a1f

    SHA256

    14aa2e9f2165167f68d299d54241cec6b9555b3df5cf429d6c1ad61196c6f2f7

    SHA512

    6edf4623a1bdcf483c7383ce9b1e34bb4e4a2ceba852683ec71bd17934ec2e7102d2208050c7ed05c683a5610edff5afeac3f72b1219bf1df36f0f2a769ad70e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\azu641.exe
    Filesize

    5.7MB

    MD5

    4a3f936b7097831a8dfcc8960a71dbee

    SHA1

    4852cf0f3e412db0e18d5fd5df2dc02d781e2d72

    SHA256

    8d9e334f557a03738bb4d95d2f1439d7275a20ab6f04729daf800ebfc02b2d18

    SHA512

    d6ef400c072ce32b7ead53b3c8ba4162eaa4ee751483c3e74f2651fdf820f7a24c99b454885392a700f47cdd3d686412f7a8a813d40454d0f4290918e5b0ee39

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\azu641.exe.4kuj20j.partial
    Filesize

    5.7MB

    MD5

    4a3f936b7097831a8dfcc8960a71dbee

    SHA1

    4852cf0f3e412db0e18d5fd5df2dc02d781e2d72

    SHA256

    8d9e334f557a03738bb4d95d2f1439d7275a20ab6f04729daf800ebfc02b2d18

    SHA512

    d6ef400c072ce32b7ead53b3c8ba4162eaa4ee751483c3e74f2651fdf820f7a24c99b454885392a700f47cdd3d686412f7a8a813d40454d0f4290918e5b0ee39

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\Desktop\shellcode.bin
    Filesize

    300KB

    MD5

    580130429f81a25eeb36c9f0e63925c6

    SHA1

    6baaf3130046a3daa36df902ba16b5c2c0354ac3

    SHA256

    9f9e9c9ec201fd805e2f0e2817c8c9a447d301900247e8a80ee65cee14a104ce

    SHA512

    7ae0762029d37abb4002bb2fb2234791b4612119238862f1bb3320eeb41b9d0168385d50b25483ad2dd241d212a36d24fae6a6871ed52414f6ecfece95ef9049

    Download Submit

  • memory/3208-164-0x00007FFF3B9B0000-0x00007FFF3B9B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3208-165-0x00007FF709650000-0x00007FF709FF6000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3208-174-0x000002B2E1D90000-0x000002B2E1DDC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3208-175-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-181-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-183-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-184-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-185-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-186-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-187-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-188-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-189-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-190-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-191-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-192-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-193-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-194-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-195-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-196-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-197-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-198-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-199-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-200-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-201-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-202-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-203-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-204-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-205-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-206-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-207-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-208-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-209-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-210-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-211-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-212-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-213-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-214-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-215-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-216-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-217-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-218-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-219-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-220-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-221-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-222-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3208-223-0x0000000180000000-0x0000000180054000-memory.dmp

    Filesize

    336KB

    Download