Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

12aca17fb6...8c.exe

windows7-x64

7

12aca17fb6...8c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12aca17fb6209a76474045ceb82cf48c.exe

  • Size

    112KB

  • MD5

    12aca17fb6209a76474045ceb82cf48c

  • SHA1

    df4e7d61f73f12380bb74876fd3a53a5ad706654

  • SHA256

    ff97369d1c9721baad12f8cb8e3bc1581dd46d81f4310bf53d8dfed57f8e0b37

  • SHA512

    090cd8a6990fa6c61c0d83b9cf175c4668e14bac38c47a0b1d341e9fd30e4603d1f023707e7d301c1c4238d2e8bfa7387bb71e07cf9132bb0387309fa74ec4d7

  • SSDEEP

    3072:EX7DItrfaocyTgfsqQOlJCeqgKJ+BChFO+Krmj5I8I:EsaocyLCWgKVFO+vzI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12aca17fb6209a76474045ceb82cf48c.exe
    "C:\Users\Admin\AppData\Local\Temp\12aca17fb6209a76474045ceb82cf48c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://best4games.ru/load/0-0-0-1070-20
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa793f06b504de13c8d7e336da7cb3d0

    SHA1

    86e640f8ba2e8e1ca3b8f7ddc1b9b665c9d70bb1

    SHA256

    0b69639be7d8e2593d5acb3dd73d908861876de8e1df572e1ae178c13cdbda36

    SHA512

    58dfbb878d6a07d85e81fc1265707f8a1fe577474f327c6f9ac8e44d957895411f5d0aa8a00ff1912af0c0acb81f30b52e6adda7bf755db8f504fdff426b0078

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fbdaed854c24321da07f3172803608a

    SHA1

    c09ed5a02b56d67f6fd1afdb619ece0e50cd005c

    SHA256

    1dc6938bdb91506c819da0772704b65cabaa544448d8f8fff12246e792960817

    SHA512

    2df8cf42f503070ba0f20c5c2ac40b2af8c326c256751a5397dff35a81c1d0c810afe04a9fab214961d37e9325cfe55007c57e42b3909be9a91667f3a99b30d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93a0c6aabff91fa50897c1439ec15431

    SHA1

    d5a04ec3f94a0182a6e9aa7fdb2435e64fe5461f

    SHA256

    07357edd901279ae6a60b355e01033f2c39446218a37b8ebed487a6776bf045c

    SHA512

    ebfc3d226ef65caa312342a1fd0791dffc2e82c2731bec7b7d2b6bbf369c7de63e259e3b9540c68639b66e160b76d743e6a55b8c643adb3f065b209f5d0c7093

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c788a2b13161dcff3aa46c5cfb2a417

    SHA1

    96e9db1343dddc67ad9a90cc5a20238451ddc516

    SHA256

    c20f005eda0334896f30141b75548717bf2e446b526d8978bd0b614cefd46b19

    SHA512

    b4d4a8cb4fef5aed2421181a568d6f312167e1e7c9eb56666343dcfcf7ee919af6f0a979da7b4ece62a03786c90be387dbed6995b1cfcc8dfd2e1ab81ce2ca77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b69d4a2ef1f6a56a0d3bb5f8a25ed4bf

    SHA1

    5b5f7f9d662d75c90aab7ca8ef104879f8392890

    SHA256

    ae7cff104eeb51381c16ccfbfd2442db6efb3756d2bbe4c2561a89a7843e2691

    SHA512

    a27a5ac3a5fe0089a58c35e20a197d5a7296ee85314933d4d70497297b066d3f77083f342e4bc277606dfe7254401cd2d09465a406eeedd43b43455682dde01f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49bd287603eb5bc3dfbf2a67a8080394

    SHA1

    7791607e5537976ad035b7dd13f4ba06388d8768

    SHA256

    dbefa5231803a7a79e9482c8bac7a76a340ee93aadd2f640ffd587b874ad67c7

    SHA512

    0c572b9c964fc4dce59a828d53748555a738ea06f0317f1978f798ab942a32da5c7e5ab34830f6878d06e353f3862720f48250c8b59183bd4424ab77b316f29e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e029d444ae64315668ad60e14260125b

    SHA1

    392e4937be0ed31be7ff903fa4fb98acc81229fe

    SHA256

    c72ed74fac4d0af6277cfbf90ff97fdd81e0ca48d60621366651aa1bc62f3384

    SHA512

    ee5d45d24b5daab51f0db8b4569ce969b5a87654038af1a1cdc46111ccd2a073a64d3b54fea675a34ffda1e0141c1b939989ab1c1d6583d0f78fe125e8267c05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e58bf264afcb7b5c258b1a88942a4cb

    SHA1

    20a509cd7bfdaff14255042c1f7f0bf1ef3ae27d

    SHA256

    1299ad382b10b95770843717882a0632cb656c15a37c1c433671f27a66f6bbdc

    SHA512

    6ef1352e34b74149cd53d8cac5b7e92c0afd6ba59d843f0138371de2ca9e66e73b674a2f35c622f8730e4dea3528130ff923e4b45d2c4ae71e60551351dad22f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAKM7KDF\best4games[1].xml
    Filesize

    1KB

    MD5

    9fa8dcf749c9a320effb185e4795fe87

    SHA1

    99ca582b860805283ba105e19100d847bf02767a

    SHA256

    cb60815620cdde97877ca6449bfeef7e786616d1ed21e144e1bff23a0cbb6b09

    SHA512

    0e7e3984d213d4b5be29ac14adc51ebb1a51d6b6cad18702759eed406326ce90297ac29d55aed549e32860c4c49ee234ea4dcc9430429dc46a1127af0f0ebdcc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAKM7KDF\best4games[1].xml
    Filesize

    1KB

    MD5

    aa72e06f5a2eeb46dbac9f8ee406e3e6

    SHA1

    0c76506729129d045887acd96507de3cecb51687

    SHA256

    7252a8a432159cb63253f8bb95a48d30ed4ba8119b4972ab32c006c2d33b668c

    SHA512

    2c736ecd88bbcf649076b377a265f9e29ab19bcb9f66c30b879836f050989c8fbdb2da977e8f7c387c9b0875796228082a043634cdc51dc87f1a7cb42fa7f3e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAKM7KDF\best4games[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAKM7KDF\best4games[1].xml
    Filesize

    86B

    MD5

    315e0537b8d77681246e4f9e6dcb947e

    SHA1

    26dfc74954ff9a3e4251ed73ccbb368db0088282

    SHA256

    62a7711235887e8c0993228cc9ee7ee78af4dfd0c68a47e437ac4c572119dd5b

    SHA512

    0c3d5ec0dbc04647cd304ca02477cbdc1630422b2b0030713aa7f5225153cb68305b44af7346d2364090deca2474f30e78879483a15004996e59c99378a91b90

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAKM7KDF\best4games[1].xml
    Filesize

    257B

    MD5

    0649dab0178cb5c0fba344183410e0ec

    SHA1

    46d36d7b485d184ce43a8fc2d9bb26aed18d12a3

    SHA256

    02821c8f52963a7d26e10b101acd3cc703fbe630e0032428fcb6fab0ca7e0545

    SHA512

    8d55835b70e334bf3ffd3b44addb037af8e78670460fac5206ddf339c206427d31b27a5a8a59c827d425e3282aa1e1c9556782d4e3d3f754b6244ba17a44af49

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat
    Filesize

    1004B

    MD5

    e090e959a765f48fe7c1c6015a0e9412

    SHA1

    f61bcddd0778d235b3534f36ac5ac9d89d565aec

    SHA256

    4792b130cfd387d0267bd4f5823e9d4d62bc3d4423dda1a34f72377c0c11e293

    SHA512

    f68b5e98dff456eca5604db6aa6fd055e635e3fb31dbf4a58864d63ca73b18567fb18cd4b8e3264e7ec8bc10e814fce350a9e367a459355d71b81c86fe4838a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico
    Filesize

    894B

    MD5

    5b0c0eb79f8a8bc8325018975e16e6dc

    SHA1

    eac2fba9461ff4c75beafafe4f38dcad7ea7820b

    SHA256

    de8784c6d71124d154e375736403bc94a0551ed99e9245d7abde40d341f59406

    SHA512

    01e68ca8ada93c209f8f67e33586b807df80350fced15ac66cf7ae7c1df030c430b5b39b3510c35c9c4298d6b6f9cba52bbcfe7be1f46f162892ed4406d9ddda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab58EA.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar59E7.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1383.tmp\System.dll
    Filesize

    23KB

    MD5

    a64b9c1f10a5434738f6efec8a1399c9

    SHA1

    a66e15e4125cb358c1e1998ce393f9660e4f65bb

    SHA256

    2d863a8cebd864ce51052984bd2031d37c9b022bb80c80ec0b1ca382160ae57b

    SHA512

    53510079aff46a1b98ff7e0055288af2dce8ec3224fa5869fca4c29b33b26bad7bddecde0ded08a07e162d1bfbcca1120c0717a6156967f944567eeb99f942ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1383.tmp\nsDialogs.dll
    Filesize

    11KB

    MD5

    51b31092bc19fff637a4b0433b2bd36e

    SHA1

    ed35222ff897af309ce25bd7a215c08e1188c6f2

    SHA256

    04e9d5b91cf9782066ccd043cb1cc2e5eda08b8340cc98ea5786597669f8237c

    SHA512

    c10535cd7a1dcb07eaa4975b329effe6e6563e9946f5ed4dfa42ad50c06f1ef038aeaf62868ebe7c13745328bf3bfd0a7430105683c7fa154a4cee4116df0e7a

    Download Submit

  • memory/1732-11-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1732-12-0x000000006E940000-0x000000006E94A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1732-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download