Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

005ca359e4...88.exe

windows7-x64

7

005ca359e4...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    005ca359e486fa01c674abe428e85388.exe

  • Size

    25KB

  • MD5

    005ca359e486fa01c674abe428e85388

  • SHA1

    379d207a9ce451b2cba106de0789ccde9a5f3fd2

  • SHA256

    e216119736fbcc6d236c1dabc511495a347ba03c14d81d4250e8832c1d3aeb0c

  • SHA512

    6a459e879f01fade08c9cf5562a8840b3082fbf3b5ffa6bb5a5e62e8857e5c5471c249f07a7447ff2df0cb299b0bd863a0e4c54591d32b552d3391bca3e02ad5

  • SSDEEP

    768:2sbTNKi5LRTB8Syx+4L+LTBmYFBkZQRy7XnWwp:265Ki5Po+t1mHSWXnh

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\005ca359e486fa01c674abe428e85388.exe
    "C:\Users\Admin\AppData\Local\Temp\005ca359e486fa01c674abe428e85388.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3832
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\CTBNCNNXNV.js"
      2⤵
        PID:1600
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:2312
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3020
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2076

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\CTBNCNNXNV.js
        Filesize

        2KB

        MD5

        b1db733cff888e446ea0bebfc23e3288

        SHA1

        8156cb75bee1d5afe304333632b3e3dae6df9c29

        SHA256

        8a7da155437f2dabfd4cd23975d1f4a278b62d65cad6a98e802dbbaa1fbfcf75

        SHA512

        f403a0ebe647a98a2ffa3f40639ec2992f0c6b7086debfdc136bd1d3ff4d742a4e864c6d9dc12996fb7c5a800dc3a5118369a1c816b16acaccc85752153c6687

        Download Submit

      • memory/3832-0-0x0000000000010000-0x0000000000025000-memory.dmp

        Filesize

        84KB

        Download

      • memory/3832-5-0x0000000000010000-0x0000000000025000-memory.dmp

        Filesize

        84KB

        Download