Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/12/2023, 10:09
General
-
Target
1631fd1307d62dffa2fc5c238f5630c8.exe
-
Size
250KB
-
MD5
1631fd1307d62dffa2fc5c238f5630c8
-
SHA1
47566b36258b6ad7e08b5c8cfb7cd9eeb4b063e1
-
SHA256
7ec3a4a7872f40773186d53eeba2352c498ee3178104359638abb3a4c7578800
-
SHA512
e6f2341d2fd34ace68bc64a91c7b96bd8cf482bd1f4faee2904a90ed70927d3eb8d286b70b52fd99bf19ce71613fd56102df94338d57f9af247e501556713489
-
SSDEEP
6144:wciEde2K/IyHwihFp7non6Y/PUaKwtapzVmS5nJfcQ/4hz9Vm6Reqhj7D:bF/K/IyHpb4m3UQWz9Vvn
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\1631fd1307d62dffa2fc5c238f5630c8.exe"C:\Users\Admin\AppData\Local\Temp\1631fd1307d62dffa2fc5c238f5630c8.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\stub.vbs"3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\sfx.exe"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\sfx.exe" -p456jh34k5h6bj4563j456j3456jjj45jjj4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\input.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\input.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Cumax\ytosi.exe"C:\Users\Admin\AppData\Roaming\Cumax\ytosi.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp5b6412cc.bat"6⤵
-
-
-
-
-
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Program Files\Windows Mail\WinMail.exe"C:\Program Files\Windows Mail\WinMail.exe" -Embedding1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "5199182524831246113209405351800321467-36422714418249882819708225941454827285"1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD5e604dd6ee29e8d6b44dd59da98c366f8
SHA16691eeff79e009986430980a5a8387604b122b69
SHA2567b994e2a623f229de9f2a32ccdf7fe68b9873c11a561d9fbc349d28e5c401eca
SHA512a77636bf13fa9bb96a4dd393bc730e26a84f25381c627e7723b87e30e99d7cad8fa5b7a174435b06c78cb50ebb2edac949bf868c70551ce12eeec1130c074f6e
-
Filesize
132B
MD5826c3dfb5d027b8a9c9ddbd74216f9b4
SHA1c0a1efd6d81b81dbf21c33464edc885e54404226
SHA2567ac2d95d5b2d56142c35b51690f50d211af96797795d00ba2fd7d65bc12a71b2
SHA512f66f948c519c956aaf57a53cad09247af267fa644fae500567380acb7f438abacd70cc9dc8c340b972aca0e56d48bc67134ff9118e3463e84ea2859334d6ae67
-
Filesize
212KB
MD5851b984fbd8967a644ef367087a6328d
SHA1dcaf74e9bceac1bb1e3d9959907093f06e17fdbf
SHA25699ba4621d0286e835238810bcd80055fa72f189db3459c072f4a23d5a0b135ff
SHA5126fc2b1ec9c3805d6cabf665122c7a704086ac467a02c1fa6f7741e3e1a31b8fbb44ac85a4835a5a3c6c022ae83c05a92545141886f05bbfbdf441448b8b58f9b
-
Filesize
209KB
MD5e426a3ed568d303211945f0d005346a0
SHA186271a7e27e291260687291a12b3756e702835b0
SHA25623600ab6542b70ea5aab1b367f5793832a9ac7bc5e3477f7e20a0cb70644d21f
SHA512a9568edef1f0b46f34903d56ecb494001ecb7138279314fecd639ad109379f019a0a59b0b18657e315a4f6c07509dda80827bc445bc44b4150a541822e86cf1e
-
Filesize
92KB
MD5ecd1dba159bef17eccf0bff58f9540df
SHA167a8f2cf28fff51eb43098c2c8d49fb3942aec92
SHA25686cad6b65556bd5f762ecf87d2fc73fe1d6d193f34a6f45bee7d02f2fe4cd91b
SHA512d33803173d6d4138ef95f1f077172f8cb30670022526e708ce8171a2c625d718d285b9ea05a9bd7d89a782862663a143fc43a1d4d9b4a6744cd6e9fbe4338706
-
Filesize
212KB
MD5f1a95e1188877bb7907718ec51df6825
SHA1beecaae344e95afb35088129f25710fb2167707e
SHA2564440c610862ca5396a7e377b50d452cebb1ecc12f5b8c6954575c9b60925dea6
SHA5125bf4a0d5a194106255ee10b47a500115135994371cd788d7644674aaa7d4dcb3efbfd4263c9ec8406478374c0c119d814d1f21adc4c103dc6d427ba613284f2b
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
4KB