Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

726c1e8107...6d.exe

windows7-x64

8

726c1e8107...6d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    726c1e810700efb866463f930e03bc8d49a866db9d1e6e43031b760bc932b86d.exe

  • Size

    3.3MB

  • MD5

    f401372a86a21d9d89adbe8aa556a598

  • SHA1

    480958ae57ab3068971bc5b3c389b08e4020fa74

  • SHA256

    726c1e810700efb866463f930e03bc8d49a866db9d1e6e43031b760bc932b86d

  • SHA512

    54788f61843239ef54e3d49d9cc91d2eca07084bab2f5a8bcb8990f510e3b75b68974f7176b53123b6fba63483de4f9f0b517b949c09b65c33dacb500757af24

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTloPEMhTMTLn0xmZphff2t0lBx:c+8X9G3vP3AMSsMhTMT70xmZHmtC

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\726c1e810700efb866463f930e03bc8d49a866db9d1e6e43031b760bc932b86d.exe
    "C:\Users\Admin\AppData\Local\Temp\726c1e810700efb866463f930e03bc8d49a866db9d1e6e43031b760bc932b86d.exe"
    1⤵
      PID:5056
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4916
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2720
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1508
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4476
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:408
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:1860
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4020
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3696
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:996
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3628
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3188
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4080
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4204
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4592
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4532
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2552
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:956

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
        Filesize

        471B

        MD5

        7f879d6719982112a013f4032fbc8f10

        SHA1

        f40f43a85d7778035daec4ddd29171e26871cd0a

        SHA256

        de312a5c06df4f2432545e9e84431e924635cfb4cd216396d1e8610ce9818082

        SHA512

        633f7e8d972739d53b168ad36ca708187c10a3ff4d0abba384c9a1167257608d48ed873b412241fc3b7f452226a5908a99c9b6056a42134b7fc0740ec1484d97

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
        Filesize

        412B

        MD5

        868d3393234daca7532edcc7b9f0b410

        SHA1

        b96470062949d74d32938111c462928f458cc1b8

        SHA256

        8a607f18c45d8aad071ff41ddaeff4f51b42f8d5e95396e6db822b6781c61397

        SHA512

        23a18f7059be22b641f14dfb0955fc4c59d630f8c6a56a3b179a5878cca5fff5a2986dc4dbe7398529c3a80ece0c40167a16fe901d2fc224591ab75f94e5888e

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}
        Filesize

        36KB

        MD5

        8aaad0f4eb7d3c65f81c6e6b496ba889

        SHA1

        231237a501b9433c292991e4ec200b25c1589050

        SHA256

        813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

        SHA512

        1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
        Filesize

        36KB

        MD5

        406347732c383e23c3b1af590a47bccd

        SHA1

        fae764f62a396f2503dd81eefd3c7f06a5fb8e5f

        SHA256

        e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e

        SHA512

        18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        82b066a0c26e9c3c026d421e012a093e

        SHA1

        2e4493ff239034dd93befa48a286616fa1222526

        SHA256

        a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

        SHA512

        4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

        Download Submit

      • memory/408-14-0x000001F274AB0000-0x000001F274AD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/408-16-0x000001F274A70000-0x000001F274A90000-memory.dmp

        Filesize

        128KB

        Download

      • memory/408-18-0x000001F274E80000-0x000001F274EA0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/1508-7-0x0000000004D80000-0x0000000004D81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1860-29-0x0000000004900000-0x0000000004901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2552-172-0x00000228417C0000-0x00000228417E0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2552-175-0x0000022841ED0000-0x0000022841EF0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2552-169-0x0000022841B00000-0x0000022841B20000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3188-65-0x000001F015DF0000-0x000001F015E10000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3188-61-0x000001F0157E0000-0x000001F015800000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3188-58-0x000001F015A20000-0x000001F015A40000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3696-41-0x000001A7F2640000-0x000001A7F2660000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3696-37-0x000001A7F2270000-0x000001A7F2290000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3696-39-0x000001A7F2230000-0x000001A7F2250000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4080-82-0x000001E597E80000-0x000001E597EA0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4080-84-0x000001E598290000-0x000001E5982B0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4080-79-0x000001E597EC0000-0x000001E597EE0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4204-104-0x000002165DB10000-0x000002165DB30000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4204-102-0x000002165D700000-0x000002165D720000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4204-100-0x000002165D740000-0x000002165D760000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4532-145-0x00000215EA100000-0x00000215EA120000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4532-149-0x00000215E9DB0000-0x00000215E9DD0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4532-152-0x00000215EA4C0000-0x00000215EA4E0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4592-128-0x00000233838C0000-0x00000233838E0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4592-126-0x00000233832A0000-0x00000233832C0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4592-124-0x00000233832E0000-0x0000023383300000-memory.dmp

        Filesize

        128KB

        Download