Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0961d4b3f8...38.exe

windows7-x64

8

0961d4b3f8...38.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    88s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0961d4b3f8585413fe275361d2fd26cd78f834138f100c0ef371438bac3e7e38.exe

  • Size

    2.9MB

  • MD5

    91ac708b065fd3ffc854c76dc093734c

  • SHA1

    06f06ef6b279bafe300c8a1c7e0cf713997a8525

  • SHA256

    0961d4b3f8585413fe275361d2fd26cd78f834138f100c0ef371438bac3e7e38

  • SHA512

    50b5c30558dcb609c33c2cf9d45062e7d719ff3af227d034279b4ebd390ea6ff3f5cf9c229aec5d37a1c0f30bca2ea5328c821ddb9151b6bc91fedd5353a93d3

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlDwf/1GqJ3:Q+8X9G3vP3AM0/1V

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 56 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0961d4b3f8585413fe275361d2fd26cd78f834138f100c0ef371438bac3e7e38.exe
    "C:\Users\Admin\AppData\Local\Temp\0961d4b3f8585413fe275361d2fd26cd78f834138f100c0ef371438bac3e7e38.exe"
    1⤵
      PID:1808
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1988
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4332
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4612
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1192
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3288
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:1788
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:3252
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:180
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5100
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2632
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3836
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4852
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2780
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1900
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4880
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4612
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3320
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:776
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1868
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2912
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3824
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1920
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4924
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4684
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:4872
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4192
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2780
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1328
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4776

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                    Filesize

                                                    471B

                                                    MD5

                                                    976ce2c91cbe61b98378e8e5c5ba4d53

                                                    SHA1

                                                    45b3e1eabb4e759bf46ffeb8f9722077a0d62c72

                                                    SHA256

                                                    255f312d16d7d080cf1a97d4eb255c236c7eee6c059d732d970e3c05c07c158e

                                                    SHA512

                                                    0065b7984960354aea85cd0c6792e019f40a2b359fabf7dcee438193c1bab47d74d59602627c8399df741864dffb0469d9cf8bc48907c1c67015c51d01a7b28a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                                                    Filesize

                                                    338B

                                                    MD5

                                                    a90550e14e714867c124a10e61bff0a7

                                                    SHA1

                                                    5c9aee485cfd46d637b89c0c921fe44e3d91d3d4

                                                    SHA256

                                                    c503e212d8ee316cfbc3b295c1d4a91a3c23ccec5a591da07de49dbd0f38d75e

                                                    SHA512

                                                    a90718af25335da97c73d0acbfe7b8596fa25735cf4531b90e7370c055aa236c001e45cbda06b4f7a4a3222b1520fed3f7f6f42289a391c1a6d21965e9ce6146

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                    Filesize

                                                    412B

                                                    MD5

                                                    ef40baa0a4f852fb92e4db14d3c05e65

                                                    SHA1

                                                    c657b824aa83d2b8c77d19220269f7ff04b4ff9d

                                                    SHA256

                                                    9bd9584c36c0edc293bf71abb8bb71337b7967383c44b2b28afcbc75f151560f

                                                    SHA512

                                                    2858dfeb26e017a375cc591df4d46c437833227979d68f30bc23fde1b4f170d0a4f478f603ad20714694470aff5a8bfccc455d47da98fe530794db3fc14e0dc4

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZVGOYGA8\microsoft.windows[1].xml
                                                    Filesize

                                                    97B

                                                    MD5

                                                    c31f790cfd02ef244af845fc39b43ad4

                                                    SHA1

                                                    947a1baf207f5bc852b97ed0eca9a029c58b5126

                                                    SHA256

                                                    5cf8b4a512238a819ac8e892709eb239e784c6fb6c70fdb8c05bc258962fe489

                                                    SHA512

                                                    135037a2d115efdab8b9fd4211289603115ee8ddfd6cda42b831a12984128e24dcb13ff7669b97077787743ef437a64e0bcb84bad7abe569af4403b4052b09f5

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133416289592793843.txt
                                                    Filesize

                                                    75KB

                                                    MD5

                                                    62d81c2e1e8b21733f95af2a596e4b18

                                                    SHA1

                                                    91c005ecc5ae4171f450c43c02d1ba532b4474c6

                                                    SHA256

                                                    a5596f83717bf64653b95ffe6ec38f20e40fd928456d5e254a53a440804d80b6

                                                    SHA512

                                                    c7f349acf55694ff696750c30a25c265ff07ced95e4d2a88fa2829d047ca3b3007dc824613a8c403c7613085aca4212155afe03f8f237c0d7781fd87e1fb8a7c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZVGOYGA8\microsoft.windows[1].xml
                                                    Filesize

                                                    97B

                                                    MD5

                                                    c31f790cfd02ef244af845fc39b43ad4

                                                    SHA1

                                                    947a1baf207f5bc852b97ed0eca9a029c58b5126

                                                    SHA256

                                                    5cf8b4a512238a819ac8e892709eb239e784c6fb6c70fdb8c05bc258962fe489

                                                    SHA512

                                                    135037a2d115efdab8b9fd4211289603115ee8ddfd6cda42b831a12984128e24dcb13ff7669b97077787743ef437a64e0bcb84bad7abe569af4403b4052b09f5

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZVGOYGA8\microsoft.windows[1].xml
                                                    Filesize

                                                    97B

                                                    MD5

                                                    c31f790cfd02ef244af845fc39b43ad4

                                                    SHA1

                                                    947a1baf207f5bc852b97ed0eca9a029c58b5126

                                                    SHA256

                                                    5cf8b4a512238a819ac8e892709eb239e784c6fb6c70fdb8c05bc258962fe489

                                                    SHA512

                                                    135037a2d115efdab8b9fd4211289603115ee8ddfd6cda42b831a12984128e24dcb13ff7669b97077787743ef437a64e0bcb84bad7abe569af4403b4052b09f5

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZVGOYGA8\microsoft.windows[1].xml
                                                    Filesize

                                                    97B

                                                    MD5

                                                    c31f790cfd02ef244af845fc39b43ad4

                                                    SHA1

                                                    947a1baf207f5bc852b97ed0eca9a029c58b5126

                                                    SHA256

                                                    5cf8b4a512238a819ac8e892709eb239e784c6fb6c70fdb8c05bc258962fe489

                                                    SHA512

                                                    135037a2d115efdab8b9fd4211289603115ee8ddfd6cda42b831a12984128e24dcb13ff7669b97077787743ef437a64e0bcb84bad7abe569af4403b4052b09f5

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZVGOYGA8\microsoft.windows[1].xml
                                                    Filesize

                                                    97B

                                                    MD5

                                                    c31f790cfd02ef244af845fc39b43ad4

                                                    SHA1

                                                    947a1baf207f5bc852b97ed0eca9a029c58b5126

                                                    SHA256

                                                    5cf8b4a512238a819ac8e892709eb239e784c6fb6c70fdb8c05bc258962fe489

                                                    SHA512

                                                    135037a2d115efdab8b9fd4211289603115ee8ddfd6cda42b831a12984128e24dcb13ff7669b97077787743ef437a64e0bcb84bad7abe569af4403b4052b09f5

                                                    Download Submit

                                                  • memory/180-44-0x00000223F00C0000-0x00000223F00E0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/180-50-0x00000223F01B0000-0x00000223F01D0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/180-51-0x00000223F0060000-0x00000223F0080000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/1788-36-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/1900-89-0x000001FFCAEA0000-0x000001FFCAEC0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/1900-85-0x000001FFCAEE0000-0x000001FFCAF00000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/1900-91-0x000001FFCB4C0000-0x000001FFCB4E0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/1988-4-0x0000000002C40000-0x0000000002C41000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2912-121-0x0000000004C30000-0x0000000004C31000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/3320-105-0x000001FA98660000-0x000001FA98680000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3320-112-0x000001FA98A30000-0x000001FA98A50000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3320-108-0x000001FA98620000-0x000001FA98640000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3836-69-0x000001BA327B0000-0x000001BA327D0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3836-62-0x000001BA321E0000-0x000001BA32200000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3836-65-0x000001BA321A0000-0x000001BA321C0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/4612-17-0x0000026E45280000-0x0000026E452A0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/4612-14-0x0000026E45260000-0x0000026E45280000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/4612-11-0x0000026E44F90000-0x0000026E44FB0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/4852-78-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/4880-98-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5100-55-0x00000000040C0000-0x00000000040C1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download