Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

1568044c54...07.exe

windows7-x64

7

1568044c54...07.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1568044c54c2b1e025bde945685ca407.exe

  • Size

    290KB

  • MD5

    1568044c54c2b1e025bde945685ca407

  • SHA1

    aa3a140086f8e9b52e7c17e000f90421f2698970

  • SHA256

    016424eed02f66ebda644bed14f02781d51398cd883f6a7ae63e8fea76b08e0f

  • SHA512

    5a9de32ed0fccb06bab46dce762b60fc1a639b9fca1ce1475c678f685f5d6535127e888ebc905f650627e669503f8e4bba19485a8b0a2166cc47397ae24cec64

  • SSDEEP

    6144:BfsUV09Du+Rc9DMQtc9LMojzmx1i68Nbt67pkkDvarldYLx3IhpDV:Bp2C9DGh1wi6AtephDveY13QpD

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1084
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1196
        • C:\Users\Admin\AppData\Local\Temp\1568044c54c2b1e025bde945685ca407.exe
          "C:\Users\Admin\AppData\Local\Temp\1568044c54c2b1e025bde945685ca407.exe"
          2⤵
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:2228
          • C:\Users\Admin\AppData\Roaming\Tabec\syag.exe
            "C:\Users\Admin\AppData\Roaming\Tabec\syag.exe"
            3⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of UnmapMainImage
            • Suspicious use of WriteProcessMemory
            PID:288
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp4b095dd4.bat"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1900
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 116
              4⤵
              • Program crash
              PID:1248
      • C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
        1⤵
          PID:2480
        • C:\Windows\system32\Dwm.exe
          "C:\Windows\system32\Dwm.exe"
          1⤵
            PID:1144
          • C:\Windows\system32\conhost.exe
            \??\C:\Windows\system32\conhost.exe "-759560948-13949099431938739070-662912317218288515-1907576775-20270341271796949413"
            1⤵
              PID:1612

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\Ofun\estao.yrq
              Filesize

              366B

              MD5

              798151d2b7154fcd617c86ff8edd7f0b

              SHA1

              392c7dba43c66e4bb5accef79233841e5b5ef287

              SHA256

              cefb26491fed087a3356a2074116a0a509bb0073ce5eb547bdb681c703d990ee

              SHA512

              906610ff2ddc6be445d7c8babc6078d0ed2f8355995f7b570828187eaf4c95817f25f90085b0a68a4f6d640a585160ebe0f58c88cc92829fdd862262493f0929

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Tabec\syag.exe
              Filesize

              181KB

              MD5

              75919f7a4e0a92a8b6492835f057ef4e

              SHA1

              1d82fd98b983a2f15b95bbe4791f2aa872e078f7

              SHA256

              fee9d68fc188758dcde2728c2409e7e7f322c01f5ce80f54aaec65af25de6535

              SHA512

              1b00046a93514759f1d57c6aaf5776ac24704cba9d4dc9fa9c021f7bfc26201d82150503dec877e628547f0e39b76e385ca1c2f32deb81c3551047b45adb86e0

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Tabec\syag.exe
              Filesize

              149KB

              MD5

              1ba8cfa59433e574b3db70f4b4915892

              SHA1

              0109f2ae8990b243f6a2decff17655b5ae035fd2

              SHA256

              4b2ffaa633922a126d9def08269049a75b15d0af095340fba256cbe506924c87

              SHA512

              23bbae93895fd117b557ecf15a3c21fd1d544b733f86a38e1f20b644899a3f63a131de9d624c028a441f0dd204a1b057e1892c09bac6e8588d7814acf6beeea6

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Tabec\syag.exe
              Filesize

              111KB

              MD5

              f347ed8dce7d59b7bebc5049761819ae

              SHA1

              07944ad3516da5f2c62a097bb337ce3d32a16ff9

              SHA256

              afb17c7eb26c26cb834247182d335bc1f1ad8c43b08ec253fbb2421402b5ef74

              SHA512

              5ed881cc9949a46758a33a5c3e34982c19f6f7b118f22c5db4f59ed7d6b5e6a66e4039f53439eab8b34c87664317c1e9db2bc83e390efe40e9b30a004a48bb19

              Download Submit

            • \Users\Admin\AppData\Roaming\Tabec\syag.exe
              Filesize

              124KB

              MD5

              edd1f3c99f90f8bc02209973603ad94e

              SHA1

              31a4bf10b827603f0d7fc31143810aa4998cb2b2

              SHA256

              c31b381b0800465881a7ff3f379c709499ef71367bbfb4386f0286ebf483f7a4

              SHA512

              0c320fd000a67c30e15cbf1ea8134f30eb32220fff6a9d11c6fd5c80dcf4661240588c995ed397392e1a8babd184c253a4f40ebba1f2a6b99adc8072268bc366

              Download Submit

            • \Users\Admin\AppData\Roaming\Tabec\syag.exe
              Filesize

              123KB

              MD5

              be405efd5d6f2dceefa2e9a3afd300d8

              SHA1

              1151a304ac48823176f133ea6295d0f9b51780f2

              SHA256

              a6d7fbf73f3be648619bfb44004f11151a704da93afdad6385d6952a303d2a31

              SHA512

              3b545bbb41ccfbaa1a875f34f41c0687dbf0a1f99afd4e4b099be5bfa021065b28a2667a6c6be06acd04be5e3789a01b478064ddb09ef8117c12cad049a2f7ab

              Download Submit

            • memory/288-18-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/288-291-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/288-15-0x00000000002C0000-0x0000000000301000-memory.dmp

              Filesize

              260KB

              Download

            • memory/288-17-0x0000000000390000-0x00000000003E0000-memory.dmp

              Filesize

              320KB

              Download

            • memory/1084-25-0x00000000001D0000-0x0000000000211000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1084-23-0x00000000001D0000-0x0000000000211000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1084-21-0x00000000001D0000-0x0000000000211000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1084-19-0x00000000001D0000-0x0000000000211000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1084-27-0x00000000001D0000-0x0000000000211000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1144-31-0x00000000001C0000-0x0000000000201000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1144-33-0x00000000001C0000-0x0000000000201000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1144-35-0x00000000001C0000-0x0000000000201000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1144-37-0x00000000001C0000-0x0000000000201000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1196-40-0x00000000029C0000-0x0000000002A01000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1196-42-0x00000000029C0000-0x0000000002A01000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1196-43-0x00000000029C0000-0x0000000002A01000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1196-41-0x00000000029C0000-0x0000000002A01000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1248-293-0x0000000002370000-0x00000000023B1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1248-290-0x00000000005D0000-0x00000000005D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1248-287-0x0000000077390000-0x0000000077391000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1248-193-0x0000000077390000-0x0000000077391000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1248-192-0x0000000002370000-0x00000000023B1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-61-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-50-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-74-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-72-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-70-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-68-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-66-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-151-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-78-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-59-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-56-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-54-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-52-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-76-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-80-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-0-0x0000000000290000-0x00000000002D1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-65-0x0000000077390000-0x0000000077391000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-63-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2228-5-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-4-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-174-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-2-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-58-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2228-1-0x00000000004C0000-0x0000000000510000-memory.dmp

              Filesize

              320KB

              Download

            • memory/2480-48-0x0000000001BD0000-0x0000000001C11000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2480-47-0x0000000001BD0000-0x0000000001C11000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2480-46-0x0000000001BD0000-0x0000000001C11000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2480-45-0x0000000001BD0000-0x0000000001C11000-memory.dmp

              Filesize

              260KB

              Download