Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

f5ca2cf5d8...ea.exe

windows7-x64

8

f5ca2cf5d8...ea.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    163s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5ca2cf5d8a27eb3a7c1fcae5179bc11bcf700fd0c40bcc25cf36630adc155ea.exe

  • Size

    4.7MB

  • MD5

    19472b04064e334147087007030d2d5d

  • SHA1

    d449f3beb6c6ea86bb7aa96940a00c79335207c5

  • SHA256

    f5ca2cf5d8a27eb3a7c1fcae5179bc11bcf700fd0c40bcc25cf36630adc155ea

  • SHA512

    a18f548e77798c8c05e65b9936fe6968e144ca92d0f43b9c73fb9086fe785a93932d0216e3c9d5008dc49eaa0d1b2af74e23b1aa0f37375eecba8e9fa89213bb

  • SSDEEP

    98304:/TKOZx36bjNOhhgQYKnoyWFPKdzOJDb4v+t:mOZxgQxnXSSwN0v+t

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5ca2cf5d8a27eb3a7c1fcae5179bc11bcf700fd0c40bcc25cf36630adc155ea.exe
    "C:\Users\Admin\AppData\Local\Temp\f5ca2cf5d8a27eb3a7c1fcae5179bc11bcf700fd0c40bcc25cf36630adc155ea.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4172
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:2248
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      4e760beb58269fea3c9d89ea2d824660

      SHA1

      f537ad0c0261260c141e74c13094c83ab495dd65

      SHA256

      454ce551d6cce149d50ca7e7ac33282770b44abd9a99d01e3c2fecf776963788

      SHA512

      3f80b3b076ff2d5b79c9d6db305bf4a9546e57ce4fa5ada7d45c0614495ba87c6986755b963eea9362c875b2eef1f0f6cb2bd7c0efde898a0a241c9cd0854baf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      1KB

      MD5

      1fdb7a0f3d2c9a98bf7532d909c7cb8a

      SHA1

      67c0095dbad9e51720c8d888e53cc8908fae061f

      SHA256

      ab76371360bf9fcffa002789e417d2c320bf3d6ecb4e3f2daf78e471fc6403bb

      SHA512

      670e67beadd2a07b7aa4309543d9f4ec2c052cb3289b01b601ac05ef1aba84b050b4d6f3f464967eec29dff2ccb3bc983439615c03b408e4e90fadf2512daea2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
      Filesize

      6KB

      MD5

      118ecba1c65444992afac4a02d7e0248

      SHA1

      97ad047afb62e5d890e26ab3ce86c64321398d69

      SHA256

      c173756c7567c7afab0a911adaea993d208a627c47bd610a8326046a0929bf47

      SHA512

      efc0ccf4fb29664b59db56dbd8b394374e47a06258f9912b3f0a67483acdb2ff3f2c3387fa57762a25858bf20b0bc5811d776abd2334e8f33c3bd716f3e3a89c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Yandex\ui
      Filesize

      38B

      MD5

      f8a497d509135b8339cef1ec12da62f4

      SHA1

      4eaae3bf87892fbc0cb6b045914a879bd26ed377

      SHA256

      66012b0c139ddd10b1c22dd946844d6155bb22104eb9cec9325f77839ecd8d4f

      SHA512

      fab202eccebd8da090a2a886a58a3a9b96a442f840e95a0b08ea8df40f5a5ab358c9dbdfbbdd4ffa823cfc84bfc02b0798776517fbfcf5ee9b9d128b01343eea

      Download Submit

    • memory/2112-238-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-241-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-232-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-233-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-234-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-235-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-236-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-237-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-215-0x00000227DE540000-0x00000227DE550000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2112-239-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-240-0x00000227E6B40000-0x00000227E6B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-231-0x00000227E6B10000-0x00000227E6B11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-242-0x00000227E6760000-0x00000227E6761000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-243-0x00000227E6750000-0x00000227E6751000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-245-0x00000227E6760000-0x00000227E6761000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-248-0x00000227E6750000-0x00000227E6751000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-251-0x00000227E6690000-0x00000227E6691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-199-0x00000227DE440000-0x00000227DE450000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2112-263-0x00000227E6890000-0x00000227E6891000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-265-0x00000227E68A0000-0x00000227E68A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-266-0x00000227E68A0000-0x00000227E68A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-267-0x00000227E69B0000-0x00000227E69B1000-memory.dmp

      Filesize

      4KB

      Download