Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

1c2693e212...d6.exe

windows7-x64

3

1c2693e212...d6.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2023, 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c2693e2121f04a66b4b40782b58698a611a69f979f9c07bb08a0950acde15d6.exe

  • Size

    3.9MB

  • MD5

    413f09b9c11b5d2011fb27629baab558

  • SHA1

    af9379675d7578658a451eed078308a0cc8447fd

  • SHA256

    1c2693e2121f04a66b4b40782b58698a611a69f979f9c07bb08a0950acde15d6

  • SHA512

    8e948d37a06ac6e3f01ad5b8fb8206134c239770d5fbe957dc6ed52c03f838d4b27fd0f7857cc1cf1cbb08d8d7bde1cdab8bd7bc0a93870a05dcea66c5baff46

  • SSDEEP

    49152:6vlanL17PmGGDFYTW6dlHQWCBFSx+2i6+AAMDPGgUhGxfmsk9T6kgTvcldlmf2Ok:6a9PmGe2KBFSo2tZmP9ukgYs3otd3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c2693e2121f04a66b4b40782b58698a611a69f979f9c07bb08a0950acde15d6.exe
    "C:\Users\Admin\AppData\Local\Temp\1c2693e2121f04a66b4b40782b58698a611a69f979f9c07bb08a0950acde15d6.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://ojbk.lanzout.com/b09fa832d
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    2193ab686a55bcc065013599725ef974

    SHA1

    f726727322f215ed9729de5979e2ff5d4f963cac

    SHA256

    5450e0cd1deaa94f054f468ba22481a8945ecab40a8acdf9036a7f01ade75cc4

    SHA512

    0bbd4ed4432bc44af4583e4cbca688236a3c08b1ecaffb89c953cd9555b2f83f20fc9f62021d6e6df530a912151ef507efdd948678c205e4e43c0caaa4e1ac3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    363636c9607d70f789c1acca253bf070

    SHA1

    df8f4dc6483bb32baad3949cea5132a0103f3edf

    SHA256

    1beb5d20353b0694ff314a1ec41d34b06ee92a12bb9dbcd405bc8ab1987346a5

    SHA512

    c7053bf41c3afff095781b9012f9127f44f11fa2d0d8ca0d417f8e68aa2b231cf3b2cd0782de5690f80f417978dded2aed6aa4a62c80ee2e9473b01cf03b5aa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b616bd61fffaf45b639aced031215b97

    SHA1

    2dece8ef9ccfbf9171680f07341e16b352779703

    SHA256

    7c51f6691efdd57249917d2259af8290b576d58f66892a38a3afbf72b95e5191

    SHA512

    df7bc22c155958b0d0b7a2135b4dadff14dac0f83acd7a47f1bf503d301122153bc86dd3093a1bea55a40677d7ecb3b6ae1b9e950802bcd4bfef154124bf0530

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8a216e236dbd2775acd0e2bfab14a9fd

    SHA1

    192f632faf85a6cc29d8af9289f26969f7d44412

    SHA256

    4d1655ca70b5ccb8d11617dcc42a6da141c8fedcd88e406ea0d6bb739cd01f3b

    SHA512

    8d22f068453b79910a77e2ee5a255ec0f2bb108183565dd29755a196305bf13180218abb336ec386a678e7017514fb483d411449b71325ddd1f738bc3f8f5c56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a1ae783862ecae7a7d374f1d52b93929

    SHA1

    36c0011e90864273f891f137715f67031146d179

    SHA256

    ff40c70ef0efd584e850f8c1894b2d5c69066c198d15ec4b23b1fda10d65e9bd

    SHA512

    1bd445674d39e40fed9f68c647f3c0c6e944482786e4f2f18703c3a8f7534bf0552fd8186659c5147663dcde0d02658ed263380712275e3905d3db1b578f6e72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d4bc314961ad47bd163c4cefdc93efbd

    SHA1

    bdaea712d0130ccd2cab40a2b0bc5dbcfbbe59c8

    SHA256

    c84338dbd2a8077db37739f3bbed2e502ed4d7a9e63a814393c71a266d549efa

    SHA512

    840a75441fa39347819666f9ec855c71bd0b6b2d57ff32cded953066a0e113792ad11d983877cf4f9169c12679d4cab307d060f8716f87f277c44ec48c6cf7d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c61751dc80cdfdb978c8a5b4e302dd83

    SHA1

    8ff33c402b43a4c2f6de9bf7ee107668c0daccb0

    SHA256

    e545aa0d90340fa2a3f113a852319ad4fdb07a83f88f4875a0eb1853833fb630

    SHA512

    321bf958a0ef16a5e13865ff7174e88a8bf443b927b181fe8742cf9ab1a8c41a3f929556247c6d124f5670f4a94de57dbb16b059d1c76fe3ef8cc53cb72e25fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1622cb32055172ddf2e46507c5e708f2

    SHA1

    712e3d1cfe149afbe399e5a1572a2c8af1477002

    SHA256

    8ce2fc15be20c3a2b6deef8f742aa72051cddbcbe49dafb55572650268b5c7b3

    SHA512

    e95255bc69dd360cb0f6f9f105fa340639aa13a2d03a2422ce49bd3355d9af2fe5f6f2c6e8af8222aab6b50449235d8fd8425612aa5b75b3b414ae108ca23fae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    899525f58fcb152cfcbf86f87e645bd7

    SHA1

    b8e1238fd8adb08e36ae7377aecc9d51f17f99ec

    SHA256

    fa8f8a62a71eb68fe7f6010f5949c6b9d1cbe3d58e56ca52da2101defb70f102

    SHA512

    8e70da315fc3cfd4b2195411de2c5f0ad308feef225cd76ca9d9fc248f510e3417d2c835a2c0912d1945704291bc8b33a180286192396433049e5978a66df776

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f11536e5a2c585bc4a3589d1fa93e8b6

    SHA1

    6353aea8caa4b4e2d11885aabb05eae952e8eea5

    SHA256

    8982573b1fcf99b04aed89d5c3ae7ee5f0a18bacd383c10795f8925929f658a4

    SHA512

    49e0d57e42198601d01af06dd97e5a079dbe49105a95774d3d6d532b7ba48ece0e4dc1e08f2ad2ddb5ea69bd213e6b2631a162c1d022ac2c4efb8ac551c463ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0a1b39454562faff1310044af5c97845

    SHA1

    9f9b82913ba74ab5f392da8e80e8afc49aad4d93

    SHA256

    3672e2927ff8bcc8f1c27ab56f7ea406a1e568d5efe2d74c4f69909d381de3f7

    SHA512

    3f25c44ef7586fd33c2d80b0b3e1c3400faf57bd1c8fecb75e4de9d0b68d161bf2b96b16e7b51412a416faeb562fdd6627f8e99fcd2f94bc40905bb03d6ab8b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    233bf3de354ab29023b4ee4b772af04f

    SHA1

    8af534efed027b04adab6cfe2ba19756203a999e

    SHA256

    db50e18dd9c0d46cea302da6fa10d00378193596fc0ed8b6ebcf3759376df95c

    SHA512

    361f6c1090932e8f199007a399238c3aaa33ca389f85def0c26484eef0944fff7a1853f6296a9006e4abb283e4537ba663fcd4b2505e85a34872c9343c6abd4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    253736e8406dcd965a1db0ad494df7e0

    SHA1

    d51aa86522333847f3041e87d5237524896dbf2c

    SHA256

    ae59374f38fedb83c4935d00e76fdc088af06739eabd968ace767e988b921083

    SHA512

    169bff44c7cfdedff4ccfaa334a5da76d9c0689200efff614a1980a2951bfca8c847d8dfec927893d825d4065f7408e3f22e6ffe0217b6fa78a922ee4306cfc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    981ce3988af1b95683abb5fc9b0f0f45

    SHA1

    5230b0ab7f23fa9c7a4cc2760d8e94eff5e08846

    SHA256

    f81c839736c34336d8d2bf226d5fc0599c67d66dc7453c2f68d61609f0227265

    SHA512

    7ef0742ff8552f4ec6ef31274ff99fbed9f42a585066f4f4ecdd82f98ea720c6d52c6ed8d44fb1fbb33ee0b62a5cffe6e988fc46bece916431b3d51552d2a547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    756a913a8ab18b1fc85afb5a09347a99

    SHA1

    24ca2951db10d105e83f70d52cb26f09af5da66c

    SHA256

    e0597e5a1333d50a41d5dcad0a72871de1a690d24f6598d4a7d3a20d94262217

    SHA512

    b72537ddb67adfe88f37e0d885f6aa434db05793b1b709772b7db5c3195d191c76c365a272236bc2064a30adbddcecd7f5f4aef4e48778e2cf2a3796c9fd3687

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a7ab7b383f8b743c166740a36b4168a4

    SHA1

    7422d08123c4a5364ea36aee84b1cb0f6ce140f6

    SHA256

    ed1c843887b5a62e73c6b571107232e05a79d58ad3540a0bac1794a1ef8cfdf4

    SHA512

    17eee688bcbc3c76ec09c4c8952cda8247a6329dfca322504da2563189aa4e3e99d313fceb8a7823408c447adeb031f3eba497fc8b6cf95701fb4795f1d254f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    945f3bbcc6a696a90325044e7e0e0ec9

    SHA1

    4ef3b9682e20988fd713ceb4ac0244bc2a6453b3

    SHA256

    0e5d8358006b3a6cc8be5ed534a9b7bda65089c7f64d9a8b4eb5c09130465896

    SHA512

    f89febc929788dd03859f73072110248090a084f30655d0682c7ce982764c7c9ab097c8d3dc65e316252dbccee4f747718b448499409f738d9319245db1512e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a3924c19f048c53432d9e2f08fb45439

    SHA1

    51293f59d4bc6c056b12d50038b485474a619fec

    SHA256

    044a4c1a8e92647c02eb41a0327721a80a2a46be28987320415fed3599b7cda3

    SHA512

    199dfec6bfa7405df3e91afe5e4528f0fb3e4344c7be8a1380aff297925821308e48d1dd245a472c32423b572af429066e061aacd75ff07cc09d45c9a0048ed6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    eb6dc55f7a1d6610040c248c27704108

    SHA1

    794a5bee2b6618fbf3a75d872197da692c76da1f

    SHA256

    0c0e1fec705e4a7125326a1a12c06f21b15edc5245590a82727886e36ba831b5

    SHA512

    7e3a64517f724c75683e26ab002908679e99da55ab4da24261d2e1573ac6745cf55d871d9dc894b8bf971ab4dc2034edf2f454533cca5681b6f1657d92002c05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    3a1e300ca91f757458dd59bb32f54fde

    SHA1

    f4c9da1dce86cce7869fb8fd3bab769f515f1224

    SHA256

    6d421dc08f233669eb7184f5a16196bc3b82778047a601a75c73cd5b2efd1e02

    SHA512

    821d21cdb74d055fb5e79353e5cd47fd54d967d42afce18132ab87e5ea7dd090aee5eab1dd2adde73944e8e6cced475419ee3cdb314b79367b555424b46e4e27

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q81kvxe\imagestore.dat
    Filesize

    1KB

    MD5

    0878cf6a40bbc2ec464344dfce900491

    SHA1

    d1631a25d77facff244f4206f15f404c929be7b9

    SHA256

    77ba59e6f16d3182d8e4c89a90d51c7a4f8dd749353a0feb91ae663e14a9b68b

    SHA512

    83c1ef39aea7393d722c10af0c16fc945b9825d46781e619f2f6fb711bb7737e99a51643dc2801d5f1876f4a9baff8307a1703111b07415adcfc21c352ea4363

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCB5UVUE\favicon[1].ico
    Filesize

    1KB

    MD5

    e2a12d30813a67034ecef52f8f5447d9

    SHA1

    87cbf0958c40d8c61c591020fae3f5e2b5dfb6de

    SHA256

    22489aa1578915c922e7d16566a5b926a6c430961f3327e90f0b10dad21f0781

    SHA512

    f9743821b5f4a1253e600813a3ffc81ee37bdc0774379227f9b5dfb2fd7aad3270b01246580fd73e8d42cc0611b6d4078ef09b4b53f2edb2cc6cfa2c83d54c48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E05.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9E16.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2332-4-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2332-0-0x0000000000400000-0x0000000000E2A000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2332-8-0x0000000000E30000-0x0000000000E89000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2332-24-0x0000000000400000-0x0000000000E2A000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2332-2-0x0000000000400000-0x0000000000E2A000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2332-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2332-25-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2332-31-0x0000000000400000-0x0000000000E2A000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2332-32-0x0000000000E30000-0x0000000000E89000-memory.dmp

    Filesize

    356KB

    Download