Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

500d0c1f45...37.exe

windows7-x64

3

500d0c1f45...37.exe

windows10-1703-x64

1

500d0c1f45...37.exe

windows10-2004-x64

1

Resubmissions

12/10/2023, 09:17

231012-k9jccaae7t 7

11/10/2023, 09:08

231011-k4bejsfa98 3

11/10/2023, 09:00

231011-kydbyseg56 7

11/10/2023, 08:53

231011-ktflhsee35 7

05/10/2023, 08:00

231005-jvzv4she8t 7

05/10/2023, 07:52

231005-jqs7rsbd65 3

05/10/2023, 06:28

231005-g8clmaba26 3

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe

  • Size

    727KB

  • MD5

    3bd2bc1fb2ed7ce223505556ee150890

  • SHA1

    4cfd2d4f3c8c7359164eb79cf0830480d4793f1d

  • SHA256

    500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37

  • SHA512

    374eae32c1e803f468ed248d7828ea98b438d1377e21775beb5e0a477b593816ffa543d7dd3da94613d7e448a9d5557269f2c1b27d30726c85cf0a73f89883de

  • SSDEEP

    12288:TcTn6DzlAr6n1X+R1vXAMk8Bm+r7uobOJ6+ShsoaqEkgOsS5:ATn0e6gA0w+3uVzShRag2S5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe
    "C:\Users\Admin\AppData\Local\Temp\500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4980
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4520 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    3B

    MD5

    8a80554c91d9fca8acb82f023de02f11

    SHA1

    5f36b2ea290645ee34d943220a14b54ee5ea5be5

    SHA256

    ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

    SHA512

    ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    3B

    MD5

    8a80554c91d9fca8acb82f023de02f11

    SHA1

    5f36b2ea290645ee34d943220a14b54ee5ea5be5

    SHA256

    ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

    SHA512

    ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    3B

    MD5

    8a80554c91d9fca8acb82f023de02f11

    SHA1

    5f36b2ea290645ee34d943220a14b54ee5ea5be5

    SHA256

    ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

    SHA512

    ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    302B

    MD5

    a09f0ee3e6d1b5cd3b6158e9ddaa3f7c

    SHA1

    bbcf3a79d83cfd537e3cc8698c7d0b20379cb630

    SHA256

    850697736d16e4af69890a41ddb906463deb8cc2fb1066797843f44da7b7970d

    SHA512

    2ab3a6b1c03395ecdbf14ebd82b8b3c57dbbe7e30868ed279f95642d71f5b84be7c7e3b23b69a6abf4b8b5b379c2df7029eed19713da616b64c25d09a4ffa0dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    302B

    MD5

    8e70a461e9d426a11445afe0cf20b561

    SHA1

    a9902972cf072c7d045e68c7fd0d8d087ff40d06

    SHA256

    2426972cbb08f35e7bd98bd816a4bf849c46ff1eaba5bccb02501df71e69d90a

    SHA512

    f1d754c183e899ae557d6443db0ad7c980ea4fd47d0c0c6e89c060dcc511cf2db8a4b419be32515552fb9db3f31e5c18451e2a57a04d795569881e5a15eba41a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    302B

    MD5

    5dd336532666544bf3a780d0c4300db8

    SHA1

    3dc360e094eb994423b4be24157b5af980753e77

    SHA256

    b18d77f3ecf32773468eeb4caf4962d4f66160da62271a786caadd1cf6760540

    SHA512

    e7f24ca692f8651d711b0204d08eab032cddc57741ad7ee726ad14bb31b007985e1852c8a94f01f452741d8e52b99081029b950d1c8923534123fa044578fb79

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\qsml[1].aspx
    Filesize

    3B

    MD5

    8a80554c91d9fca8acb82f023de02f11

    SHA1

    5f36b2ea290645ee34d943220a14b54ee5ea5be5

    SHA256

    ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

    SHA512

    ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

    Download Submit

  • memory/4980-3-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/4980-7-0x0000000003120000-0x0000000003121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4980-6-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/4980-4-0x0000000003120000-0x0000000003121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4980-0-0x00000000001F0000-0x00000000001F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4980-2-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/4980-1-0x0000000000720000-0x0000000000725000-memory.dmp

    Filesize

    20KB

    Download