Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

0cd30e2262...6d.exe

windows7-x64

6

0cd30e2262...6d.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    161s
  • max time network
    178s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cd30e2262762b165f137ce1260ad06d.exe

  • Size

    141KB

  • MD5

    0cd30e2262762b165f137ce1260ad06d

  • SHA1

    67e58987648c09fb34a671ca5fbdeda3c66f259a

  • SHA256

    bdc7413cd2d2030fea4283747bd223ad083cd038e52d80d9c407ad9eb62a3ffd

  • SHA512

    7cad7883eafa89107c90871cbb453e064ca96f2892e3aef615f6a2c9024dc663a71b88b9f4b8d01e0485b89f6843a8ef59a3af144b235a36923cc4a6b437e726

  • SSDEEP

    3072:yeTm+CNY4t+DXMf1zeO3hubUEhqau/+58joUBtB0UD301gff6:yv+/D8JJjEh8/BjLj1fff

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cd30e2262762b165f137ce1260ad06d.exe
    "C:\Users\Admin\AppData\Local\Temp\0cd30e2262762b165f137ce1260ad06d.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    559e9044561541c991db310596f3f844

    SHA1

    697effbad50f0ae44646cc68422194246d67d02f

    SHA256

    0cda469fe81e8e3f7ca1985d28d9e50439258c7b75de1d89c470f1c5fbefbaeb

    SHA512

    36dbbf4f65cf8295c7d3c37280885dc106c848a931d29e4b59d5dddd799c2350c1df2f788e00d7a1aa4c6572271a078090402cd1dd93dcc109a8fd83299ec29d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58da832452cb19535e1d643bf653b2ec

    SHA1

    7e022806d41414c48dd05c566e13b322149c11d3

    SHA256

    c1edc6800d82bffd5f2e69d13a05ea78b196a28ab55fddb2ef9d8ba051347ce1

    SHA512

    a23860a110c35e039203a4579aedd641c847982a1ea64bdf129b58571eeceb09d886b09bfe85631cc3790e382fbcaa6c57736dfdb3d15a661f74564f667a9aaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    836f863063ce89a65f38414868a1d78f

    SHA1

    b4512de4c9c57262323af6ea7e5cea100f3958ca

    SHA256

    b14ce188a4dfd966fc8795199cbe34278ae5307698d404aa24e67b60185d91c0

    SHA512

    13159526e6c0a37035d1d648ce29440985fa1aa5348d97e1fd8f7bfee2c45a78502d8c3c9c770c4a7b364daae1c8b8415bc3a0366f6f7a914c7bad88098be38d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4057c2fe9b2c075d22ba7dfdab897a8

    SHA1

    8f130d491e92167b3380845d0cd762a81700c233

    SHA256

    173ff76f4f42631eeb29f9dca4eeec54f18cf936a7c7f30c11d6ec466efea1c5

    SHA512

    b05722771d51635e949c43c7b7faf1e2944a32d3a2b44b720a2fa1db8150f55bdd4940ed7da971711bca46af85ee13c54abfab06b27e06f4000340c7e281c737

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    791d1c5a308257a7cd7bc3ba54b5315a

    SHA1

    3f574507e2013695df1a4640dc21d447567c9872

    SHA256

    0556f42e091e2d8e0ce5085830b4de6dedaf17b40a33f0f78dd685e22b80a472

    SHA512

    d4425b502a2f6c7f66145069fa3ed5e6ed3ae36dbcb48e5d425bb36765caefe08a9317ca5c1def02c13bfef0e32031b7767fa270d1bf37667eb8950c74f31c38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7da372143e78fe681e574b4fba4c3ebd

    SHA1

    a0b19ca993f4be8f77f1d56801ef4c4785548c58

    SHA256

    a900820cc1e2cfe23644ddd29810bbc9d02ee5b51a7822d48203003431e0a8a5

    SHA512

    b4d54f6bdccdac5b5e9a36ab495b518952b656be97fd3fd1733361a02d02b629b0a6e2d85f73ff6ff0ba16fb81511360063cb16530ebdd10b644b278ffd3104e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f30b589a2efd202c83f9b9f155830b9

    SHA1

    b37d4cbd2053278033a9d5aa76b86b66b0022118

    SHA256

    8ae411a8341e9f01b75e2a60234153d2d367c7b6a4da56509fca33b33abf4c8a

    SHA512

    41a00fe356947abda186fcf6382018e41eb75d0597c99784929e3f8309448ca5c15e9a03e9105a1e894ba026705b598d853159ca7f8c7d2236a882e655929ac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    175fc6cbba610faa1fd3526896df44d4

    SHA1

    bc3b667b35596091011892213795cbb5de09bbf4

    SHA256

    b479928a3c6374b381add988611570bd845be172c56cbe7f2455abb5b2d09687

    SHA512

    b4f9c4650979345ca39ac9a46c4e772c66c2ce61b912b95ad770de79e9dd32e9dff97c33425ec0c39be6c300122ea2d455f0ad655d805dafe9fe234e1c79c89c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8ba2ff2dfbe0f002d4b061923bbc2bb

    SHA1

    88020fb0e9ee7ff14d6f94a2f4693fd3f11414d6

    SHA256

    3231b9d9091440a5c1bac42dbe935f9fe6cd4fc02ac3bad403bc612a2f8879fd

    SHA512

    f26c522a200edabb2c662806883fb34293f0755475967a6289592adc80d2bde8926bb643833e469b2d98c37c25d66a1f77df5d1553ead3f852320882c98cef5c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat
    Filesize

    1KB

    MD5

    8c61e8f9493d34392cd2a9ad95f45a10

    SHA1

    79d1a46207dc52adf7a1a539bd770cb7a3319912

    SHA256

    cd530d516168c783f0bdedeb15a9c58c4c60940ce1ea3516b032d6d14882c1c5

    SHA512

    63ad0d4177ea6db5f6b30f8a74c60f086e8ce5648e84fd42ead83a39c643f4dc034aef6a603a3026d4a9c5f699d233bccd4cbac552a8ccd6a3d1d50eedda0006

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\favicon[1].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab343C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar370C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2720-1-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2720-7-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2720-6-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2720-3-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2720-2-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download