Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

e6c1a4c134...21.exe

windows7-x64

3

e6c1a4c134...21.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2023, 11:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe

  • Size

    1.6MB

  • MD5

    c4ce97ea0e5f20d174769e2d3ec1e57e

  • SHA1

    da353a2aee507e6213a2d3f79e596e59f28b3efb

  • SHA256

    e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921

  • SHA512

    fdc549ad19d84c9a5e59502a06d6c6ef0195c2688b8df2e46e0d5b3888bbfd22c62affba3fc1c5af62f08c4065a2f8f0daef8a43854c5ea25be45e972973daf5

  • SSDEEP

    24576:v1tqdnuoct39hSck7xKUgvW6po1exWtfjJWMvpHt/W0yoG3uPH:vCUoM4ckHY6kxQfjJLvpRxPH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe
    "C:\Users\Admin\AppData\Local\Temp\e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://kolostudio.fun/2022/10/kolo%e4%ba%91%e5%ae%89%e5%85%a8%e8%ae%a1%e5%88%92%e9%9a%90%e7%a7%81%e7%94%b3%e6%98%8e/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.kolostudio.fun/2022/11/kolomina-anti-virus%e8%bd%af%e4%bb%b6%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e6%9c%8d%e5%8a%a1%e9%9a%90%e7%a7%81%e6%94%bf%e7%ad%96/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

  • flag-us
    DNS
    kolostudio.fun
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    kolostudio.fun
    IN A
    Response
    kolostudio.fun
    IN A
    188.114.96.0
    kolostudio.fun
    IN A
    188.114.97.0
  • flag-us
    DNS
    www.kolostudio.fun
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.kolostudio.fun
    IN A
    Response
    www.kolostudio.fun
    IN A
    188.114.96.9
    www.kolostudio.fun
    IN A
    188.114.97.9
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    399 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    395 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    395 B
     219 B
     5
    5
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    399 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    357 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    357 B
     219 B
     5
    5
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    361 B
     219 B
     5
    5
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    361 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 188.114.96.9:443
    www.kolostudio.fun
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 188.114.96.0:443
    kolostudio.fun
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 188.114.96.9:443
    www.kolostudio.fun
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 188.114.96.0:443
    kolostudio.fun
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 188.114.96.9:443
    www.kolostudio.fun
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.9kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.9kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    785 B
     7.9kB
     9
    13
  • 8.8.8.8:53
    kolostudio.fun
    dns
    IEXPLORE.EXE
    60 B
     92 B
     1
    1

    DNS Request

    kolostudio.fun

    DNS Response

    188.114.96.0
    188.114.97.0

  • 8.8.8.8:53
    www.kolostudio.fun
    dns
    IEXPLORE.EXE
    64 B
     96 B
     1
    1

    DNS Request

    www.kolostudio.fun

    DNS Response

    188.114.96.9
    188.114.97.9

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaa032b6c3c0e29be9bd233018d2a55a

    SHA1

    75f73c31cca0ddcc6cc817c5de8c03cab591fe72

    SHA256

    c130c07302059f2ec1b91cc9944053feecc432ea18d230145396c6941053d315

    SHA512

    a9dc76cc049d9c94f19632fc95aa03c293dc152f5c4a2357cab1200898f295c0cb624acf26532f84546143a476c84d2b88cb6c9d207e5f71cf71b4089de3f507

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a170e77d1ceaaf277de5739003213a8e

    SHA1

    df2bae4d81ba3f30fb68392fb52b007e6ea6def8

    SHA256

    bb625c4ef6a5307ed3a5a293dc256518e98582cabae515a1085ed9ae27927c84

    SHA512

    dfa3615f2a1da10e7f42c3421adf3ca44789b6e9963b32e38ccb4fb2a7819ba179bd6f9a60a22291518f1e4d25b87d1ac205395d6b687dd28819e33eb59eab8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a34b2c90b0e70e5a28ba8f2f113dfa6

    SHA1

    8336b0e147b2d46ec5d61579b71cacf1d06d8cc3

    SHA256

    a1a641724fdbab39bf05c5656dba5b60eccfef427fcd031d7e0d1496ff8347e4

    SHA512

    52202c02112516fc1b366fdccb23574e4df072fbbf357015f35ec5df831be419b6b756c4c0a74368feb7fdcf9542c4a02de19dba4e669111635e24135c6edb2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c9692aa910f48d98150a38a42ae05ee

    SHA1

    333331d848d3f510df46a0f19ae483dfdb1e9c2c

    SHA256

    deb2b81f5aa3ddbb8f6639b8f3d43086526c43a153ba77d39945be79f4bc90ae

    SHA512

    c6f6ab7eaf41b3c36e3b316ded96cd95330b33fc440e8824ef3678fb29562a1e3bd31f75dbf0b635187dc6aee056caf7317d7308418cee9864c9ad8c5994ec39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e090bedaa667590f32693f8f0acaae52

    SHA1

    8af1629a1f8b4743cad5365e8215cfd1e6b1cdb9

    SHA256

    85a822382aa6d181c06ddcb87340e1dacf3d79bd2d2d0c796bd6f8501f5378d6

    SHA512

    0b2807999e4616cdf19e82a1a8745453c85d87c59fb156bf5c4821b2bb6234e6afb6f7a757056f3d7a401765ae7c0776819ce75069b2987cce7375cba894b207

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2576a7b4f38d19228144f56da472a0d7

    SHA1

    38f5c56952d35f8cdd7ce08c91e6586a96b261a0

    SHA256

    3066d5def0d4006c49724c41ff9199fdfe6f37a8f79c377793e8deb2c4373ea8

    SHA512

    c91605e04858b878bb29b27e5a54f0e73975a7041dfb13fc175dab05bd33395158a373e894c53b57c869f89aa0b673f304932a62fb8db30400d13100c55ea606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce2aa8e03aca9fd511fe12da3c9ed823

    SHA1

    6e48ed20eb0b7d864e7bea7b531a6b98e59e0609

    SHA256

    8a3edfe3da419bb0b680aaee07f6c1d3d9199d5d8c7f36c8ae40c69a5c75751d

    SHA512

    6da988d3c4767e525c696b5a23763c1cf22a41549294f435bf1bef1d2600c8db37f1393be3fc2ddf35569979b14a27d33e48911d4790007417cf2df90533e0e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3eb2c91e85c6510a5d13b62624c56829

    SHA1

    46ab20e55bde0cb5810734b3184927fa42f9e735

    SHA256

    28465c3f6e425d5512bd51980eed61ed49aeb68b72967c974c18a54ea9427f71

    SHA512

    16ca0895730c1268c002511799830db5ea91687208ebef4de9506cc76bc7f7d128d1e1ee81534c94b8f257ffce3ab9d0af158af130671f5f0dfa728aaeaebe34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bff66d32813a7459c00b3e2d0ed91f3

    SHA1

    e2c8309689e01fd0c2575dbc79b07f25d1c7bc23

    SHA256

    4e7f2125f644d61d1a75f5dc28945218704f2937ffac7ae5a8abe18c4255e6a0

    SHA512

    6b7b161788cf359c57398bf6f856155cda2937d38e79f8c4a710d54c3d31d252fdf95fe88d650bd65de466897f91f48de7f307ccdee947077f1c51f0654901e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f25945f25ce93caea502bc85b420e66

    SHA1

    72b2ebafffed042458c5b77cad96289712f99d58

    SHA256

    f50ce2d7422cb885237d053e03a7cf1477985faf9bbe983ba9482bd8ea0e98e9

    SHA512

    241b11f146e519d648e56dfb763c4e6f2432a88df89492ccc3f6fba05ed5edfc0d44a9780d965958ab3d9f2e66a26d3a7949828c400116422c344a3159db5f85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d4c2f4eb7a4b73965934fd859bfdd5b

    SHA1

    4942a63530042b60d5ff7799251d191680ee5b34

    SHA256

    ac0a655e54f852c5a75c03c4d59c32be62cc10dfe2f1c377741c8a9923b605d1

    SHA512

    4828da12a928bc7312d0a319e0f7f5afd4697c3c4b0a5675ebe99b3317fbe18812f1a85638f3bf616fc15dfb3642ccceffe865443e6f72423268c40a3efacff8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3144cc9367cf06395b3afcbcf3dad665

    SHA1

    386e365554eebb11bd054c6a87b4b9bda4a37abc

    SHA256

    32422f3e3f96dd8f253ef154fa814688b917b7700b9372fd5f4be4f4264c0c64

    SHA512

    2fa0b03701005a604353db3a45b2c40c8ff16e9d5430254ff657e26ecef68665bfb40216e5826177e773cca914f47399a02631fb1bb4fa4cb242f15365268ede

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DE80A4B1-7C98-11EE-B5A0-FA0DBFC6BDAF}.dat
    Filesize

    4KB

    MD5

    452634504a055920267c710258f27732

    SHA1

    0ec3bb145208c28d5286ed72243e3c7a82563fb8

    SHA256

    1005b5f7e4bdb99a74ddfbcc583b5e5bf1f72b5dcac8ce0454b37c4033c2d3e1

    SHA512

    fcfad4fd7ca6e4dca4c9f6f36014341489ab9c5f036386ee4bd0431a0d58a8c011ca9b244ec24d5d34f5abca097703cfbae9d81863b4b2f34874ec8c3ecc1a4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DE80CBC1-7C98-11EE-B5A0-FA0DBFC6BDAF}.dat
    Filesize

    5KB

    MD5

    f01a0080e8dce0e6cc52f1dd61135798

    SHA1

    d529f4737ea8319de5c21acd685a267795b43ef3

    SHA256

    07a84e6edb0972b032055f4c6a3484855694e145dc7f9c55a01bea5f33598fa9

    SHA512

    c9e45f418d9e9bca51d90dc6f6269dd8b1e2055842f34426cf82dc5ee355c07c11422aff321583ee7a5707a5ba61b826c3e7e87b0765ebc7a950e058f45fe67f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6AD5.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6B57.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.