Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    579s
  • max time network
    620s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2023, 16:38

General

  • Target

    Lethal Company/MonoBleedingEdge/etc/mono/mconfig/config.xml

  • Size

    25KB

  • MD5

    f34b330f20dce1bdcce9058fca287099

  • SHA1

    936520d5bb5c00a1985d7a4c4f0ef763a9031862

  • SHA256

    0c56e34c69124510fa8c19e7b4c2ca6c1c4ff460ae19f798dd0ca035809e396d

  • SHA512

    d6d4a8321eb44c117755a41a2590296be86a0568d27a5347f9d7f32f2d151d8f7e169675c83faed2dab5ad0f8d81858f8cd1167e439cd4bff7e68c243e3544fd

  • SSDEEP

    192:Bt074zTxASaKp3T7pJsPpPT8B13eeaVonGdEBMmhVbeyeTfWDBzmAwdavahmhNIa:LAMDp35JyPCCu96yJwgag

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Lethal Company\MonoBleedingEdge\etc\mono\mconfig\config.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2524
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67f49e5ba5cdb5e1b03bc610c9525623

    SHA1

    8945a7ba47ff3fbe9b2d391161edc9e28a9622d8

    SHA256

    a276f19ae8b03a3ebd256a534853a30dc40803467cdce909c3d02e5dd50e37fb

    SHA512

    51a2f82ceb08ad6522ced86842274e32e1f6e2a06b5cb716cebc3eb8a474cf7f5dd91e93125fa83c8cd895ca42be02364f85a25832a7b2fe3150edeb3069b829

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    799446282673bee4224447b21700ecef

    SHA1

    e9eb359b0007bdc6b3c535e9f454fd686d0fcbce

    SHA256

    ba812b8fbfcf928bbd1eb0cf937f85738a812bbad8a7bdf74a15ed773d53329b

    SHA512

    4e334f10d5d04a09ae149b33006cac5579a2b8c93d457d935ae00d38c0d6039c6013b5984f4b99879ac3e01d2b0e4b4067d5fcbb14df88bb44e8511a299a6151

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c5917bf7b51dbe647e25d59d759e68a4

    SHA1

    d357929236e11de8d171b5d544d8f4e8e9bf96df

    SHA256

    21fd06c6241268228f518a11c4d97819b6e202586148b8a8df323546e3cb3ec8

    SHA512

    47e576ce7d6ce231c242c95e8c285b737d3d0ba34ac0fa77230fda1d4f69478893615db2ad5a8852b3219f34efe5884f5d86d50eda3a219566bd254161ad7c35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c2017b673f95624039708cde86400610

    SHA1

    1821a273585a0a5dad844b10b75f60a76d39967d

    SHA256

    47e8ac09c73828b82afa868ba525501b85ce33fef3ddf1d2465de1a1500509b8

    SHA512

    cfc571d43d3439ae2be41c060fad81ec6b7bbb07ea58796d1e474a288f847a02079a90f07063ecb8970c8806c3d75cbcc2dabf309787d1b65ea9c2c05fa6d3b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1f22d84563b2be54b0cd84224d75fa68

    SHA1

    557d75e7ea875af7543f931f4ca1eb971d3f8f90

    SHA256

    dc07e7ad1b7dd676d21e0f10a3544173c512a16afc90de136eb5d1e80c09115a

    SHA512

    a3541a69c3ed00e23d8fb17d3d437057ea9cbb385289e6e6f622c911b48b2c74f1bae8b4e839de8568c89b0b2e6853ff9c6aeb921f19521d55721b55d90a82ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    63f93303aabc5f8032ae4ac73b007f88

    SHA1

    070b8874b83a115dfb0da231d87c5b2ed5c387a0

    SHA256

    3be11ad2276ff2a5ada7af12e1edd8677d82191988d72011004e870f551ca0cf

    SHA512

    1d3d02caf9809af13a411a46683c3b5edb75495e8278faf1b454408c0a15964b329acc57b837e035f1cfd904e04317f80de33c2a8cc36754d399edefa8908fc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e6c4b9bd4833b4881f66be42d0fc56d5

    SHA1

    e61043f20e6e184eb8e91c8ebfc5ce5c63ed52a1

    SHA256

    0ab9931eff809b81a57a57fea77941d23c7382ee40b16cce371cc49e69a52723

    SHA512

    bd6cc313a07a046a515267f7c737f2a3fb2353de45dbb39362c23b090e07951bd98d082fece9bcfb764bb58447bc89307f4a62c58e4f5425bdf56278cb21923c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a424978b14151dcb90372060ffe9e3de

    SHA1

    f35d9b19edff9c643cf46295153ab60c50196880

    SHA256

    303d88e9f94f55aef43ad3127a3f929a751e4e992ee301fffaf5c1155a9348b8

    SHA512

    e340b86c03790901fe4bc27b6f87090ee20b075d74b8ad1f0b2714c7440203f94f2bd463441cd434f04a74ac5a88415f9430b4813b7d28f24323780f67183c7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ac875e024f84ace11692fdc3ee7e9b84

    SHA1

    6d42f847763b863edb050d748dcb614771fdf7e1

    SHA256

    385416af6d476c237d2fcb787723e5b700666829d5f70229c74ac98ba8bbabc1

    SHA512

    dc6ab3f3fbc00630bbc89cc6c183550c92487667045893bc8f45202ee15342ddd40e3bcd0b331288a531dd545b7965ef5a54d580c6bbde66b15d73cbb112df08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c7a4f808a9e2a92a6b0e7edbdfc4cb03

    SHA1

    fda3c02daecfba2bf3e1d4673949ce01c375294d

    SHA256

    3c73005f7e80950c22806d2abe42bf9c1f294a558108bda8183c44afd3570f25

    SHA512

    dd36dc941c83f4b9b82ba249c46bd60ce84642f19c77f8e7481efcc2d8eef6f10d3a63d2768d20447f4b8af126a3c8ce6f2b625919a2d7e285eeb094472f2efe

  • C:\Users\Admin\AppData\Local\Temp\Cab3AB.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar42C.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf