Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

3ee15c0937...a0.exe

windows7-x64

8

3ee15c0937...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0.exe

  • Size

    1.3MB

  • MD5

    9ed7f61fb87a19bebea86acfea9544b4

  • SHA1

    a43b809f358d4211a4d4be8f228ab7459c1f5f8c

  • SHA256

    3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0

  • SHA512

    6111081b68cc56ceb45657b3104340c0d37bf6e72835df158098f2e6c2430ec920e2802207bfbab9b489ce1824fc4bff9803ad813e3a6a81aa934572c2db045d

  • SSDEEP

    24576:Qak/7Nk4RZGuYKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/UudZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0.exe
    "C:\Users\Admin\AppData\Local\Temp\3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0.exe
      "C:\Users\Admin\AppData\Local\Temp\3ee15c0937bbaade501e8fb34fd93763d69f44b455a84979b7969f1dff7c70a0.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2768
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf191a31f6be5c36dacdac2ecbceed1a

    SHA1

    bfb3557e7435c6aaf359d1dfda276a9ec8a5573b

    SHA256

    c698619799af8d7b682f921c6a3fe9f1ac273bbfee9503bc51b67567b5b340dd

    SHA512

    aab93b708317d39ccd786b6cbba9309a440909fdb13222916164c587b65ce386594d2c409ea133803758d567962164fc4cdce436f823e663b7cc4a4ab84d5ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b19a75d9eb13827b0df9dd45a311da21

    SHA1

    22deaa6da12bbdb851583182ee5c2c09cf5dadd8

    SHA256

    59925e893799d3f818ff6e04e5993dde2bbd8bcb637024e103d176538ecc1755

    SHA512

    72b69e98217832c4177a08b5fbe9063ebeaa9b747b806e54dbcd1f2ed676a134ebe8494b89f95bc67a9ba7281abc554eb0a2209a5ff9a291d300a9d2b96b5d0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08ddd7cf43f75203a6c79531c122cd3f

    SHA1

    6f51e8c54634095d34c19e6ebaa3fdabd5b1a385

    SHA256

    14da6f101f3d9d5e422c871e53b638045fdd968270db0a5b10a66f75c1122f19

    SHA512

    e04e8686fbd402bae923b3261649564aa326eb5a802c3428d76428264e0997807971b7ee1832eaf0e0953d4000f28d69da38ade4e4b75a97f5c92e5dc824af78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46f989f3cc324823fc0a89b5e8157ab9

    SHA1

    44b6262410738d16e47c1f9b0e0cb5af67814916

    SHA256

    dd4532548edce3cc5c2e51cd22191d1abbe21ad65a3f60b92bcc4a9c3a0fb371

    SHA512

    ce694f481a53cf5b16c61cca077d0a0c57f8345090525271e866da317744f0baa9d419f3a04790005b88f06ca8c147a6d1dbfaa52c2ee0653ff1ffc80e00c9ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fdd66181cc115e025bed4577d16e839

    SHA1

    369dd93ba8587c6cf4895696746300739c975dfc

    SHA256

    6e66e58b4c6b52dcb429d8a65145c431498bc3331fd9c11b52dfd3f29ffd711f

    SHA512

    6dcf12962049d0193e85bbe087323117abf0783ffc8c97143754589dc1adc0ebafe52885596ce805668488c92896ebaf86995340192ee22d52ff5aeea5280376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e40d34063825c387a004a5ce0a0b257

    SHA1

    ad51fc0b1367020939246c4c1a64561699e30ccc

    SHA256

    5bf6d3891304ec08fe0bcfec81078dd6202d71a850e40dc10f8c94f497b0cd3f

    SHA512

    d0d03598faa7f421b7dc0b2f39452ed9e10725319c1e854b570bb10ce4ba0948c11c10fba67d80a9e61ec437c3a25a985e81967cd36b37a8e0326896ffb3a5cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd2bf280e6c7e1a42368946299ca51cb

    SHA1

    9d97f206c72123119b97b4dada6a4ee264919234

    SHA256

    47aa5200c776d660b5b76ff6e5080d734a0e517d7dd19cad582c085875d724e2

    SHA512

    68be8b796157ab54ec573870db1c98176b62b7f80fcc736d7ac91c454974a5c6e113019dd829e74bf496aadce8bd6228a6a2dfeb140ec22140829fdc6cd8f95d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e89ae5d23dfec92ab903f497be3f322

    SHA1

    f7f136281ae8c7df555edc38f69413ee653b2d8f

    SHA256

    724f702c6727c12777d6bb27b0b6d65681a0a652eab34583d8a47a785d9169c5

    SHA512

    9ddcc2a0a8bd9a45ca6297d712213cc99e2435f87239b1ec878f2245e63f5c28d3918887f0ac7bb2153291e130c49d9e375a4d224c5971535fd9c7f81bdf20d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3df1348acf430867dc9c61c9c5c3a63d

    SHA1

    f0153e0e04ee99de7f59934a5a84f37b711b0552

    SHA256

    5437400a8dc46f664912749ca503f1a60f097586e0904c2df3626506469c1400

    SHA512

    fdf812ea636abac41e81abc026e712c0db88c0f55f0cc768ad56db1ce0a9c2ff8eeef484c8f7a22e59e20792ed109cbdcf369a466e87cb25c11694cba3b7dddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e13ddc8d39367118b8c05f96b8b98ad

    SHA1

    713db040a4c97fd2f322ae5607cf80219c7ebdca

    SHA256

    277aa0e0fa0edfab39eaa64951b728aea4573840a716b33fea0318116820e4fa

    SHA512

    972a672c8fa30d6560fd1377ed569a3a38dd8cac69964396211683f389d21cfea84407123b3ebb689421044d1f67b2bbc7127abfce5ac670d0614e8b4ec3a648

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d1e4f4ecb7f62e5a51d2492b1862033

    SHA1

    a64ce7a40567f4e5d876a2e1b4e7a1db0dd94a34

    SHA256

    9d14c3369fa0ec10756be7052b571d0950a863b4f28d891a0c083b260118cbc2

    SHA512

    31ef1e37a5af9ad987d12e5a80b4e8f2b916505c5f45db7562f8fbedbe41ffa44587cb97983637bb76dab2fed07fbdf2b2c61e5372d54645f5689122cb466cd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eef2e1bad2e0e8b4a1552f333467852a

    SHA1

    971b69ee86d50d1af36c4f74578cc9e7d3f44fe5

    SHA256

    354e4a10a7fdfef3969e563714893b017f8467b6d7d6df57f4707ed16ce05f0b

    SHA512

    939f7ad427b0adebf0a8c06a12d9d4281770b6942f9c5b6ccd8d2e0aaed4a2c08723291e3dac883f93108c606c0651cb12e66ac61d4ce66929e4a58cadaa2855

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53ad4362531e6ccc1c5439252624a1bc

    SHA1

    9d46656e88c491406f9154f0393f390832b3a82b

    SHA256

    b11a5ee26b1f4d0b949539507de848207ee0ad4f7b7ad39ccc26674717c4d6ff

    SHA512

    99d71b75829cb7da971804a523359a9b03b3def962c2d376fb679cb6cf00d04e97760af2709d0457af6d3e849539eb4ee4f3850068cc14498a44e6612359bed7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af013d056a8db2e700aa56da82cd410b

    SHA1

    613fde134995fedd61565beb7f131e1bfd7c58b4

    SHA256

    1aca6e14002d0e9c9b18757585c96c9a17b6eae39ce3974c4bbd904d1ce8c6d1

    SHA512

    5dac635390d8310cf3e0a6aaa84858d22f92832ffd0837ede044e162077700c592420e1aa415c49da3edfee857a069c046ab02804c26745f486ce10d73aa1a55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5abfd95d8d31fd861e01c82cccd2538c

    SHA1

    aba716e15ac47a74b005939d5c7b598950cb4ac7

    SHA256

    7cdffe57b40999fa49ba9398ec984658ff14d8a86051be95cba2ebcb37b6b0ba

    SHA512

    c599205facd8acd56c84bef98937050db3a29addc097711841637a02647c67ea021590afa49d0434e0853857bd2eb1573bf9700b360f3e8626bc433215a7fbe3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0876b54c77f5b081dd1c8dd5751b29e

    SHA1

    0231cce4b23913aae23559081dc87f27add4d907

    SHA256

    5a9d94510ed30eaf108dc0e1a629ecabe3827080a16af66285a838fdf4a152c1

    SHA512

    b0194848f7cb3b9918f22c7f5c835c5a120974906f75d336c869218c0ef2a272dd92166a445d18e571f94776c34ecd4428e13c347a0877a0978eecd245cab51d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b87b0751b25ddf35ddf091ad14bbb092

    SHA1

    6ee55a131f1be7666e01487f004042be806c76bd

    SHA256

    cfd3ef5f8f7ea3399dc8997ca7b05c9e6d33c3dcc53fe68aa1d39aa5d43b9e44

    SHA512

    86cdc60215677b0eabb923fc9f8af8ec3b41847631766f6cede37893027165f2c17065ff2f8ebe3ea390d5ee500fe40d70bc87c6dd2849f32e60b24dea1e8229

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bec040eb53fcee30d03f938e9d4eebe

    SHA1

    5c7b4da054747335d61f934b4c5c29d2589e4e32

    SHA256

    7030e1e8586d1c98ed550865fb7300c0b6660e938e83330d56b994bf4c2ba19f

    SHA512

    73e2bfdfc5eda2165ef7929e75b11c8df56f728cf995bcd7b16661ed295162aa8c0ee5ff3a28877e3953ce1f6b61ab904c10066a67c58be17a6a2a55b9118e1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8bc8868a2ce6c044ab01dd731f64dd98

    SHA1

    b0d7a5d4c129fa8c5568a69a169fc5894b4fce90

    SHA256

    d9424dbb4e6e78ec9cc042b34bbff3ea6d1be3643e6c9c0e64ea3612096ddbc8

    SHA512

    a4c3c9611d9cc36d04b9643da411e8a24ce44895b48090e015648f5ba715d4a8eec956cb817ee3f0dfb430c267b6f36b07dd4248994e93ed0d6c1472dd7cd165

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfbcaacfdbbbde0aedb3dab738cd6d56

    SHA1

    ac26cc06a43ad4417d802c8189362dd6b6f96a7c

    SHA256

    b2c110f9224c9680767acf8dc0cd3e6504bfd44a8e29220f3b7e5160fbd6e8d6

    SHA512

    4f91c09185f7bb43eb6acb806004a150134250fdbdf86f1e3278de74cca779ed93ac9fc0d0c471ed260958e411ba8c2c7dd822a3ce99549e53afa8c91eac9479

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    819f24dfbd72327fd846e96ad5bfdfb4

    SHA1

    d53a93a67316a6a7371a4b6f592460786dd83def

    SHA256

    104780bc882ffeef3e8cf9b8b913548f621453fdae1617476d9ec0e84b45748d

    SHA512

    c9f401aa16331a888d7ef8183af1ed6ac5e15f2f346739af5220c46a36cc5a691dbd954127d81a66952fc54f91015475509377d16dbc59d0b3c4c517a1bc7d1d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB8E4.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB976.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2060-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-15-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-14-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-19-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2060-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2372-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2372-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download