Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

SecuriteIn...01.exe

windows7-x64

5

SecuriteIn...01.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.CrypterX-gen.501.exe

  • Size

    400KB

  • MD5

    fcbbe720928e4b5f3a30f9b407fa6874

  • SHA1

    2ffd5a3a8feb1d28c6e527646cd91e8dd97e9f75

  • SHA256

    0045fed5ccd3160d994bcf092af98d0e24e26fe1a05ab3a126881e032d1f938f

  • SHA512

    e59d0e68965c1757c3ef4ea7ee94f15a68e4225d2d0264f9a665819798ba5b1decd9ce8734d509dc6fe5fe1098a076cd6f7d7dbd531c51572c18a9b40c8e15b9

  • SSDEEP

    6144:SDAqFtOMBJN41P8LLH3p7n+K7Om2cNm7V3Fnm9HaOspiE:S1FtdBJW10HXpTZ7Omzm7Vm6OspX

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.501.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.501.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"
      2⤵
        PID:2652
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"
        2⤵
          PID:2668
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
          2⤵
            PID:2672
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=mscorsvw.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2620
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
                4⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:2460

        Network

        • flag-us
          DNS
          learn.microsoft.com
          IEXPLORE.EXE
          Remote address:
          8.8.8.8:53
          Request
          learn.microsoft.com
          IN A
          Response
          learn.microsoft.com
          IN CNAME
          learn-public.trafficmanager.net
          learn-public.trafficmanager.net
          IN CNAME
          learn.microsoft.com.edgekey.net
          learn.microsoft.com.edgekey.net
          IN CNAME
          learn.microsoft.com.edgekey.net.globalredir.akadns.net
          learn.microsoft.com.edgekey.net.globalredir.akadns.net
          IN CNAME
          e13636.dscb.akamaiedge.net
          e13636.dscb.akamaiedge.net
          IN A
          104.85.2.139
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          400 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          400 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          362 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          362 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          288 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          tls
          IEXPLORE.EXE
          288 B
           219 B
           5
          5
        • 104.85.2.139:443
          learn.microsoft.com
          IEXPLORE.EXE
          190 B
           92 B
           4
          2
        • 104.85.2.139:443
          learn.microsoft.com
          IEXPLORE.EXE
          190 B
           92 B
           4
          2
        • 204.79.197.200:443
          ieonline.microsoft.com
          tls
          iexplore.exe
          753 B
           7.9kB
           9
          13
        • 204.79.197.200:443
          ieonline.microsoft.com
          tls
          iexplore.exe
          753 B
           7.9kB
           9
          13
        • 204.79.197.200:443
          ieonline.microsoft.com
          tls
          iexplore.exe
          785 B
           7.9kB
           9
          12
        • 8.8.8.8:53
          learn.microsoft.com
          dns
          IEXPLORE.EXE
          65 B
           270 B
           1
          1

          DNS Request

          learn.microsoft.com

          DNS Response

          104.85.2.139

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3bcb00e586729cec50c80800f9c67058

          SHA1

          4df480215333623b61b0a12e3940399f9291bdc1

          SHA256

          ba42a39a444abafb7ee850b88b49f57e623fa658436dae143e311b172327bc92

          SHA512

          576a2595c12090a6c47c3e3e12d737ed6eccc8b04786ac432cf2a699621e3904aac27f3251f5be4ba0a1707137ccaffff124fd298bc5d9bcc45ece187e51b97c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e7a2267fb88e724f9260ccf12024ec9e

          SHA1

          2fd99e7a09eff167cb5b6ad793feffe1c86f04a5

          SHA256

          a8a64ceb19835978e6958ea6883bdde7adb4751f5a74e969407ba426cb2809b3

          SHA512

          3973c3f1258e580d3237ab5df1b692048d4a35d59dc4f98407887c75f2f08a8421835501c625b988ff69738ffab020e2e81ae38216dfef054e2b5d743f230137

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4412c911a5c40a85e150712e53ffb0bb

          SHA1

          41802d3440abfd2fea8b3fc40e5d361d3e455d29

          SHA256

          4ec486046115e0cf26cf8083e1f5acfb1bd76e7d8eb32b37150735cc8700b4f9

          SHA512

          4c03dbb0e22230649d40669211e4d090bca38b6103c82b3f3462b7e30d97af92d8bcde72dcf5fba3325754506ce06b6a81505d37a39fddfb2e0126d7528d295b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          435f811c4dc94e0d045a8972f0fc8db4

          SHA1

          0c06266207169cf21195625c5978a441cfb3f0e8

          SHA256

          177eb180de304c1c6f919e6c66fc886661ef240f25e79aba155637787ce0d5de

          SHA512

          37b74d5b221bd6d6dc86c8b94725429f4c8bddea6f7cd6f5ef35ecf7333512c5e039197b418f086cd559fb04679e7d0868cc437d63f0da4a69514a4d70afe338

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          435f811c4dc94e0d045a8972f0fc8db4

          SHA1

          0c06266207169cf21195625c5978a441cfb3f0e8

          SHA256

          177eb180de304c1c6f919e6c66fc886661ef240f25e79aba155637787ce0d5de

          SHA512

          37b74d5b221bd6d6dc86c8b94725429f4c8bddea6f7cd6f5ef35ecf7333512c5e039197b418f086cd559fb04679e7d0868cc437d63f0da4a69514a4d70afe338

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8afcc2d6affcc2c1c4e36b721f642096

          SHA1

          d1f73859bf5118e9e1fb9c1ee123e313548b6188

          SHA256

          ce345c282d95f7518bb5dab33c0cb4c4f8cbacb2c0ee2ed8b855130e09fbcbb0

          SHA512

          5b93f2c4df252c0c85b06d64eb8a13156361fe4e694c7453b031d9e7bb8d735bbb1d4a80ccf4d935df9de6e37bb3a548cd4bfc235d93256f71e96d88bdbf09c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7e33ec25c9a99dc4b6d0ce5f6179a057

          SHA1

          41c2bf0be04a378661734f324891509f810b9d50

          SHA256

          99573fce6f6b8a6431171f81caaaafbd38a3d5f6a632d64d21419ddad1073cd5

          SHA512

          f73207e858e11e64758b4e6dceb37c9263d6fdb4490a87642b21087a74f00fe46f03956ba258cf1f282d6b57c4b09ad7cd2ec1c53c9fb74588e48c84912e8188

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c2d68f8f79bc220d8f99d7415a035701

          SHA1

          21ffb27bcb4f54de6ac21c9dd470e7f220e02328

          SHA256

          c3096269579561705daae02da61681b8bb42a7289cdca814667ccf862cc0f7a4

          SHA512

          1a861b935074ccebafda05139298a74f4fcfd8a7d3cd8d030203de8fc238eb64ff6b29987e35f57577e3c0a3c95885d2faa5b8ee11685ef134bb204c5dcb3e51

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fb331568c78937900bae97123aa3c9f6

          SHA1

          b71e5ab40701070fdfc6cea20325a00e8793302c

          SHA256

          4948f8393aae9b3af341c9dba47be6445e36c3f3c5bfeff2ffe19cf7f4f753c1

          SHA512

          1f2b0bddb24e12eaecff9a8d130f52da8e97c66b3a120522d709a03f76239f95624734487fa6a817493b9afb4c5ca9ebff1dc809fb5abd02f267afe0f2dcc6de

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          92de59fb117af098c27d62525d31dfd4

          SHA1

          3d4a56bb677f3c74d8c30ec90440575823088239

          SHA256

          496a85d9f7891fa091e397fd26cc12ab66f49f5a5c5bda93102ddbc887f21636

          SHA512

          68aa081f9a132a1d121d49279f723de43118641bea49cdec4b220e65d005fdd432ce1dbb3892de2cf7a7e3a1302d7f9153dcec299ba266c79d85a47f07c62266

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3728317f47436e8dc6ce9bc1555cd339

          SHA1

          6cd309ed2fbb641e3c1be3679ff989e850f4b53b

          SHA256

          21ee766e8f7258519e582f865166820d9ab606b5e608ecda4cf961657661fdcf

          SHA512

          a0550540f813243088c41aeef355e3fda7c3318ced2ecd1c4f0b4a4a97468783fd41930b747a4ed228197b442aa9aad222ded3a4ca616fcd2c39e66993374009

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d06562d5a4f0eee334fc6a6d51c6f1a8

          SHA1

          11660f172597d1c7a6b91fb55b5687b776325a83

          SHA256

          8fca237f232a42a4585a2fa09f0ed7cef8b60020f2527f17d0ab9a23d21d8eb8

          SHA512

          4811233fc9e02715255816880e7126a449139727a917f75e9af052f0b551dd016f41627ea8114b336e04dd6f4cbb8376a0dfe39c7e3850e8fb4892c22a3e0972

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9528f2df32a5599d1a8e664812bbcfad

          SHA1

          9d2457268edbcaec5e7c389c3dc29da1de162e1c

          SHA256

          d125e592c3757b9c84ff24e60b1400cbd6102211198bf25745e52e796a4d62a7

          SHA512

          b294cbcfa79387f8cadd5f508280585662c2d1cee809d791965568d72d5ab7fd221290855b4292ca1f84a6e833f5ae0c9372a5a5acd1ac462ef8097f302d6ade

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e063507fddc8e19deb9808f03a7a854e

          SHA1

          fd11f025255ea1d72a4b90adbd268b63bdaa4a34

          SHA256

          fa8181fabac73a51c7d63d920d3d0e2a14858e032aac92db746879e3c8a3a052

          SHA512

          da6c08863fabe2a95dea528746ffbe94036464d1ee122ac3e9f942070483a0182687885cc4d8faa517688b1420bdd9f7f1741d7d68d83670b05c2c0e0d2859dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cea5f3d9d769baf0b254809a9659e938

          SHA1

          1b3564fd1e251f96875fd1b739a19082163ef8bc

          SHA256

          606ab66742a04a09ab5b40d1e50468c7d6c53f9484b7fedfe47b28a9019e2ac3

          SHA512

          24e6ed865c8b815a10f2346d08e92950d449523c3f4d3c40fa4e951a2054eefa3d2a94ade95e2007ee87242b4be7caa075aaba603d6cde36a315717c13f7feca

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5cfaf94c6bda6b012f4c80a57211d10b

          SHA1

          e1622c120187713ec6b63087a1310e8033a67128

          SHA256

          e4c03db15c9b4c1483d79dd878a1ba394e46ab6da46645fce739be5fa2675fab

          SHA512

          03a3b3f54ca0a27c762d28e5c9195b259e0d9f41bc875072ccd442178a0399e253174c493a73f7099884d6765b929f1b248a2e29d2c61ac1c3734a3f262961d7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          66d9508e6514a80cc53af0610d7fbf48

          SHA1

          d270b4085c94ae94eb348362d1e410cb1f98dc14

          SHA256

          1d66bb9f8b141ee8445f5bcf02bcf9ce011fbc9c3c552103e1cbe3603ddf462b

          SHA512

          70fb1a544f618767e59b971e9b58bb45ff0fa19fc7f34ce8a82e5899d1a3c2291ed6c32774dfbf07946e03cf9962d2511c7b458407ca9787116ac6d7cf078abf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          196099252aace9344c97573099dc1f71

          SHA1

          dc72f09fc780af1618394d36cf50066252b0ceb4

          SHA256

          d422bccb6fdb80d467e8a9c856fb45ba60289b9bdee210f11aa31200e386d810

          SHA512

          e19aa6a0f2a33d35f4963a5f74714ff76c79f481e82becbb90ef1c49bf67af175157c90250518f239ca7ce14af42df2c8e26e3a04df997994a88ba903f162a95

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d87301ddad62b5fe0b42572d681b4857

          SHA1

          2134f30bfe239ea376f01c125fe565c0b20370f9

          SHA256

          f0cea30f63fa7d4568d62f481d0023b24223cadc70c794005cc0f269ef8f8465

          SHA512

          adae83f0589f2ab6492665cefd31992c1e65e55de8aec18f2e377c07f79f4ba517d2cdcaa4f22e13170a263d2a662c0f0caaa64fbace16349637f9e0f2ff3c85

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabD5C7.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD649.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit

        • memory/2644-2-0x00000000009A0000-0x00000000009E0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2644-0-0x00000000741C0000-0x00000000748AE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2644-1-0x0000000000E30000-0x0000000000E98000-memory.dmp

          Filesize

          416KB

          Download

        • memory/2644-3-0x0000000000DB0000-0x0000000000E0E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/2644-4-0x0000000000580000-0x000000000059A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2644-10-0x00000000741C0000-0x00000000748AE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2688-5-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2688-7-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2688-9-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.