Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

042d47eb51...a2.exe

windows7-x64

7

042d47eb51...a2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    042d47eb51d6a3d799a5f68fba4197a2.exe

  • Size

    298KB

  • MD5

    042d47eb51d6a3d799a5f68fba4197a2

  • SHA1

    ce89cc2dcd05260481a398e956d3ff5b58023cba

  • SHA256

    34e44584e027f3cc20492606ea1353314566d7edda23030640b33216df4c5931

  • SHA512

    3431600313c353bfa5ecd6a2a4084f7de8d1be9792a38938b0f60fdf2199afe0825b7dcf9c3c4874acdfc54ccc894cbaf280083816f3d1838dd5735e29565501

  • SSDEEP

    6144:CzSY0RcrnbIFMzEOjh64JDZs6z7/WKtuujadWpOAX2uBYhmbK:uKcrnbIA7dTYKsujae2uChmbK

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 24 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\042d47eb51d6a3d799a5f68fba4197a2.exe
    "C:\Users\Admin\AppData\Local\Temp\042d47eb51d6a3d799a5f68fba4197a2.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun60.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:936
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3⤵
          PID:2560
        • C:\Windows\SysWOW64\cacls.exe
          cacls "C:\Users\Admin\Desktop\Internet Explorer.lnk" /G Everyone:R /C
          3⤵
            PID:2408
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun31.bat" "
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:4448
          • C:\Windows\SysWOW64\cacls.exe
            cacls "C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe" /G Everyone:R /C
            3⤵
              PID:5008
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /S /D /c" echo Y"
              3⤵
                PID:4544
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun83.bat" "
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:852
              • C:\Windows\SysWOW64\cacls.exe
                cacls "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\╞⌠╢» Internet Explorer Σ»└└╞≈.lnk" /G Everyone:R /C
                3⤵
                  PID:412
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                  3⤵
                    PID:2280

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe
                Filesize

                814KB

                MD5

                5e5f63cd0ca3ee94c61a2db20ce33fc9

                SHA1

                c90ea9645c7cc1ad7553675a7ecdf880b1fb4621

                SHA256

                219280ffebd3d771102fc3a7f26529e5e9161366e3a5de2f8943d81dda7756bf

                SHA512

                b36df698f1cbe52df754db9fcfba7e6811b6fc74f44a89378ce29356630f66a10d526402e9d133f8ab608bb614e2214945c0b732b4db3d0cad3d3665e062edcb

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\srun31.bat
                Filesize

                142B

                MD5

                de4d1de797a02c49f52de44ab64f85a4

                SHA1

                8732f32a26ca896f8dc7cf5364edfe4667e918c7

                SHA256

                67ffac484b1287c9ccdf3dbc220cd1964fb266311bb9055a3f0e2c5c0b030c5b

                SHA512

                8bf42a0abff1fa82e3a45e03e688e08f72ff730519bd87f01a71a41ba0156740f8b5be2c46bc18e62ab4de3f5e9f89dc21250314486057a00a65ba922a98ffe5

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\srun60.bat
                Filesize

                130B

                MD5

                0ed20e05f54d2cf22b6e0dc1dd85b595

                SHA1

                887a0b44d838c479ea8c7e3fe02751515d3e8e27

                SHA256

                9d95fb3cbd1505b75517f95146255987b005ca2a493046604da6e587db67d386

                SHA512

                184f8b920549232288724b459954b465d7503142667b71328eefa62ca7302966ec13832608232d8c3f2a72ab7220c48ed774b451531b308fa12d7501280f37ee

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\srun83.bat
                Filesize

                191B

                MD5

                542e1265467c6a4b23d7ef07aa00bb6f

                SHA1

                607be982972f32d1a57d609ff100d87d6a547560

                SHA256

                2bfc1c64ae2f40d1a5d659d1d24d51a1d1167f8ace27ef09c6056cd4089109f8

                SHA512

                e230b664c21962bd2b06bf9b8d1aa6b171cbddfb15e130f0425e8e2d9fc887587d8a3a18d14d8616d306d618975094f10a77a10858fa9dea8355f86a9fdfec33

                Download Submit

              • C:\Users\Admin\Desktop\Internet Explorer.lnk
                Filesize

                1KB

                MD5

                b9c30dd5624addb5d2e35f3088a09dbd

                SHA1

                b1b8b8bf405549bcb4598e6ee5b5c47a41d149fa

                SHA256

                baf171df7be4decb566bf8ffd48648b3704ad4b2075aae1bbd83fd1d66d950b2

                SHA512

                df7204fcf840b585e46152188c57686a24fed5bf1f524b9729d30590993e5ef37af1ae9d2c4d0b8e1c8a82cfd5a49d565e7e7759eb5fc6662a80f898b6bb8894

                Download Submit

              • C:\Windows\SysWOW64\Pnkd.exe
                Filesize

                298KB

                MD5

                d9132b25a7578d2adad207968b0ab16d

                SHA1

                75a5aa5631ae3c96cbd760b35577573397047def

                SHA256

                9e289bde9f99e02f0be31561ff93a538f462620c64d29cb9f208efd23d94bda6

                SHA512

                6453c17bb99256a3c2db8bb597cba7f00bdc0499363d075ed88df1821be6e5483df56a2fcd90082c1d1649a4953b24da8aa3bda965eed11d35dbee5ab6856baa

                Download Submit

              • memory/1344-0-0x00000000007E0000-0x00000000007E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1344-26-0x0000000000400000-0x00000000004CD000-memory.dmp

                Filesize

                820KB

                Download