Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

028751c50e...2a.exe

windows7-x64

8

028751c50e...2a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a.exe

  • Size

    1.8MB

  • MD5

    a0ba7d414f72609b035b52a63b938a3b

  • SHA1

    2923b6fd8a90b8e711384d55b4dc9c3c3bd1f526

  • SHA256

    028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a

  • SHA512

    2d55119f0f9a9f82b9d138fceea6115638c38e13eceec45ee810f764cbf8e38cec125441ff090370b433f50055283260b674cc24deeee2f872fdf85217129bc0

  • SSDEEP

    49152:j3dUZTHNLAlDwRJGhFHPKN2E5pPHaynwaD:j3dUZp2SuFKZrTwY

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a.exe
    "C:\Users\Admin\AppData\Local\Temp\028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Users\Admin\AppData\Local\Temp\028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a.exe
      "C:\Users\Admin\AppData\Local\Temp\028751c50e1556fd947e61861dd07fd160b7ad9c3f421cdb47c89b3d7f00702a.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1848
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1ea7e3414afc7d2883ab4651e13f527e

    SHA1

    5f1346b40552a397d891d098ded7e5d8b973b004

    SHA256

    ba327134fb7303bbc98db4a2be49043328483c3ea260cb36dc9d60c5c12b4a6b

    SHA512

    e20ab23742cfc40aaa4d668dc54087ec4bcacbe143546090502675419d5dcf5654d6d3587fdd626c28236ed39af77c48fa11392e794b8248f694d8e6cf371048

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    65e52e7171221da4df3ae7f5123c3ace

    SHA1

    78dc2e97cd98481298723041f2696391ca775803

    SHA256

    2512b5d4e33994c0be0a1d6c64b7a032122bc83f259244629aca58ef014de088

    SHA512

    a539b3ab1253800baef801423aebc93aa3f7b782e386e0e4bc3a39cb9157d402286e4a2ca59d84215a1cbcec31cc021548de4ba3c9d41d1e2bc3680b5d220b7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2bdbf787088a4ffeee8ea0d28d928f10

    SHA1

    5abb02b38e1463b4d3fbe212e6b0e68145dc4416

    SHA256

    ce00f8198c06f4e1f23e54cba772d0eb93c6244dd254a7ee285874cc0e6fe011

    SHA512

    1c37cb20f1f02862d20770fb7fa8e0b52767c015db01d0fe5f8e4f5ce8e4fc685a3ecd12ab06e3bd2aa5cc3f06792fd0d97838691c503779bd038619db51de34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    258285a35aa29da29ba901b220268e63

    SHA1

    1e8cf8bd92bd8f5972d8a23483e1c70198e03368

    SHA256

    8ec11c39b00b1ea4da3ab80d60f636496f6af11b18fc0c873278494100fa6c1d

    SHA512

    2837e02ec0ddda67a119de82d92ea16e0bebf367b235ed51387130a9f3ef357e5d619695f5a800ed451e7dfdfea2984d2cd93f457344924b50743c42593174f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    abf0f3ec740b0e6e6d4b0737925ffb47

    SHA1

    c5c66340c5bd873d6dafb5bc8a900394aeeba3c6

    SHA256

    543046145eae38ce902677318132bd64612aba4e6509ee8f16a94fef0ebb6ca5

    SHA512

    77866a8ae85a493a0dd90a453ee8153860902e4b034b659235b0db517bbe4040057f8d0af6c65302299d8f6a9eb267f29e09f50e75384b402c306f75fa64deb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d8510eb722f1f4be7b5ff1cb2728b586

    SHA1

    842cee72f151633bf2ef896442e4920d14e86235

    SHA256

    2b7f943ff2124eb850df8d1ed5a79089c10d52fbc9aa44aa7f6b519f46eee01d

    SHA512

    be925f5bda4c00fd6a50f54fd38fbebd76d7198d6eea28fd570f11a4852085c3898c05731ae694d4180d1dc4d6b19ebed831359161948e706cc74e7ba27bb8f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6ee8a1493ef01d00a0d6c0062fca792d

    SHA1

    55b06677aa9a0c890f8f6102dc7d0a5a8e317143

    SHA256

    94737df06876940c684c1c0b341f7eea6fb1c214c98ff60d35fdb2ef4f1872ba

    SHA512

    797014d0823cec2b91ca525eb2d267e960c785291fb76fd43226513d4095639ecbd198e6b8527fc536f944bed1c8adfc451b540e8a16eb856c53b467b3ba6ce4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    969c799cd72358860c498bb38e48f61f

    SHA1

    749853b7ac4e0f050eb666532f3d37b49884e245

    SHA256

    3548ed00a582e983fa1b4f47ef0d6ecfc8ac4b38fdeaf291548f08eb180d9ffc

    SHA512

    2e147d58fd3fb9a14aea4f01de45303af203ce9354be9071ca83cecfe1b601d497c3f49675e157fe5fabd267cd39b71feb1d24e34799b15157d1197fbe364033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ac1f6f909053ac1d58c9c43e8d6be112

    SHA1

    193790872e9e2fd49f6ba25323b103954f4030d1

    SHA256

    333c1540a9c0cfefa11ac02020fa2a5d13bd681d2d8ffe3dec5a570e65d4aac3

    SHA512

    0d5d4de42e740760704239adf1214042388d20f394769c65160b026a16dea7b715cf80a1d8c5e74c35b2ea6a95ed57f106b8f9de05a16841d537390bac711315

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ae0669e2145d762aed85b14c08893d23

    SHA1

    29f27c5d419c4fbd5f1d0cd28baea5bddc434e7a

    SHA256

    5c03f370ed147c37338196181d6304fce12ad8bd4d2d0d408814f95086ced163

    SHA512

    96e03dbd2479e8f29618e6ea94b8361e02f500aebc89b8a5b136fe4ec71a786d4883639422deaace38d019d69bcd779c5d2e3fe6fb18e8edc27ef42e6317c4a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d4690e68a4e90a5c8953740b8ed97c1b

    SHA1

    de81556fb152a9e0c9422c715d64ebb6fdbf0ada

    SHA256

    8465533331491c595c156f11d4f631a10b9b88089b9611dfb88d30b8399e9a4e

    SHA512

    f5dfb26b72e8ee553d1717833fa73d17e79aa8b99f0f2f0117d6e1587444d8e73598f26c296a169e9b4151851c8205dd9f38b54b7aa6e55e62cc574be9dde260

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    45d8fd31832923ff80fc3770009b2864

    SHA1

    e694c32b9e85dfac83fec5cc6a11e9fdfac7ab38

    SHA256

    748f12e91c18834185c1db8f4bf52a3018b80d4f689f8149784ecabdf537ef4c

    SHA512

    b480fb0a5a711d01c6f77c563bd41c4a17861b08a8640d65fec5a7fcec52444764cab3ac68668a945133d3c580822b50baf25ef1eba1c6d3f6d7bf398b684c87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c962d55a07888686ac00a85c6a0a24f0

    SHA1

    2d5182036739e94c5a224a851ccc24992f003068

    SHA256

    e762d815f6443b6b145beac45a4c2108e9fee0457f10763d62403a84250456ec

    SHA512

    fb594c7d31aa5889b6400f5d2b6c112acbc05a945af69b172eac24f59cc9e71ff2d6ab9f4e632a5b7bdcab3fe1b21c580487298001967a03c68eaaa10aa28263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1230e05363f5497831b89f8e6496f946

    SHA1

    70647b7a135d804c8f8e0a9e019c880f0318385e

    SHA256

    9f7528586f69fcb0aba94b11b64d68cee4b8d0008ce24045238356acbe3e5010

    SHA512

    8534e70bb26840fd23e4e0e01e6c8d22d23373c55b34cf648f9d1dff3d09eac829ca692f72940227812078c409c0a5635194fb73e7305751abefe8667ece9ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    79ef369ebbd2fd0563ff15033269560f

    SHA1

    c8aa35523e279c709c3127570967cc82d3d60959

    SHA256

    40684c9bfc50542067634e624a710b3a1813cb1884fb1bd4f76c20f82781fe09

    SHA512

    9d4f52f9819f7954f6d4733fc1d348ca125f1d6253e3fdfbeaa9aa68e6f26d6af16807d459023b7b687e4124e1f7b5247ab8bc533d90d5949d890adcf6e7c6b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    193e72cad51f21194e29f435b2575988

    SHA1

    55dd3fde3037367bdd2d75b66682a242a5c8c364

    SHA256

    2eab8462b59a37ace4719f8c344ed1a20e144ff1c097bd3e769a4d875309ca57

    SHA512

    43a269d9fdc3550422890044842397b98b1721d8f9f7f8899864736f5eb802dfa19c527369514ade53e4da97455b21fba378e5ce8ebb31ccb4ecf0e22eda8aec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3779d71da2fc76e3b867c2f64db2220f

    SHA1

    dca348f3e054c9e6293d8edbf11653f299fbad6b

    SHA256

    bea16e877a6edc88c50b148958f2b77add9df7445914cfe0bc8b213ffe9a3343

    SHA512

    3e8a9d7f7c70f4194533e641bff1c2e5c07fc2860bd9a4e29b046eec24796b00af79306203aada889ed8f2a078f9f7d6813303b01890f0c77f37d0bf0b9d1aef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB85A.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB8AB.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2588-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2588-0-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2688-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2688-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-7-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-8-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download