Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5b906587a5...3a.exe

windows7-x64

7

5b906587a5...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b906587a5be3427f67fbebf8c52743a.exe

  • Size

    767KB

  • MD5

    5b906587a5be3427f67fbebf8c52743a

  • SHA1

    e0b09a152493c18a19442847189eb05652318654

  • SHA256

    856e717d098a404466029967ca61644b48495599464d98a9b9b93ef5013fda9d

  • SHA512

    5f9d47bee9f25b0dd3aa632d49b043acd5ad922b586daacbe9aaab5d5945b0acc9bcc0d0991ee2c5c4fe95a983c5f376079c579b39c3644c14d45c689d91e89f

  • SSDEEP

    12288:IWDLGQ5voSnS2cKiU/kXXZEDQBFmNO1leA4LuUyr/wuZyc200rkWiyayfak2+g:BLGQ5vlnSCiUsnZcQFe5JyrYqEqrfP

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 11 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 40 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b906587a5be3427f67fbebf8c52743a.exe
    "C:\Users\Admin\AppData\Local\Temp\5b906587a5be3427f67fbebf8c52743a.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\csrss.exe
      "C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\csrss.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1748
      • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\hex.exe
        "C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\hex.exe" "mIRC DB" /hide
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\aliases.ini
    Filesize

    11B

    MD5

    2218df9cdffc814a3dc25c81dd8619dd

    SHA1

    0290f796218937f61331adc8803788e7cd4c2299

    SHA256

    455831b583cfa9549746bcd296a60f5191d2eff7829d469e029b68768c5e56d1

    SHA512

    7aa4c745dfce7b2c38c4930e8275885727a19480597f685f89ab0e536175c31a2d5ee61cfd84b483f73eb211970a1a4fefcc59d8ef97b9af7bf09b7dcf932efa

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\control.ini
    Filesize

    42B

    MD5

    ebd168066eaee15a37a50388364c6232

    SHA1

    b8329223ca54729cbf768c652e1d1b7c0618c95d

    SHA256

    fbdd704fd9ee031d53bf9d6f31a502d5da30e96af89193c7f5ca29aa17a61b2a

    SHA512

    87e3e80b08b4e5e2c2bab762dfc7b730c0972cba4fb3085b70dd49fe8bbd25374f37505477f2e29e45082405cda7ac6cee1de4e4ea0bd77c282274a297bf0910

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\control.ini
    Filesize

    61B

    MD5

    f5d1a3af67f05f5af2b0fca009887a97

    SHA1

    bddaa45a9849524c4648fb778b7e0601d35ecbed

    SHA256

    d846844887cfecb6cfbf1fa51dd2380cd203b21d154e1938df15567c256f97a5

    SHA512

    21d84f8fb1cc2c3abda0452704f45e3c79092b33e7bb3a5fdc3973cacc53014681ba7977df60818f0375353fdac4e58977048c4db275c1c689f6ed4aef2a3496

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\hex.exe
    Filesize

    33KB

    MD5

    00b41a87e536de8908af134692ceadf6

    SHA1

    0fca1c072a39e3c9b8b7e0efd1a18528fa52671f

    SHA256

    825d347f3f6d71131764a4700755a51a304ae4bcd1474488d2d85019d3ba8434

    SHA512

    a0440a146d269ba078ddb1cb64722b4536d299408d636dc1ad309c01e8474017e423e082e25716c5bc1f50e4bfc6e8fb3c71d922e39b6a19fd703e93129eb9fb

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    75fe3ee0f690a65809a87249c1942a8a

    SHA1

    dbe5e5fc5a6edefaf7606eb5151a53d87f89c708

    SHA256

    b31c6b1a5082b58d3354ff04e309902e3242991d66df4601bd816d5884baf17b

    SHA512

    6da7ea44aab097fbd0a8f6b2eb923c5d2862ec8146ca8585d77ff5fab5b44df9a3ee7be43d9745a7404170cea8d94c78760d130b0c4f83d9bec5f2f2cc2abc28

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    9bb64071826001fdce159ce9fd967b3c

    SHA1

    28ae48b1efc5510b561672de77fc0191a56f0f4f

    SHA256

    a24e8c73fb8b82ad65a5de97f0eaaf284e1e6d4bae0a2cce5fe3d7cd1d5f4656

    SHA512

    6c50a11c1867ea9e349004a93bb2e9bec5e59bd426808254a139ca9eec1e7cdbceb5c8751b471d4beb3ec05f4deed1da7180d00b2f072dab7b9e589f5b8d1f37

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    70f9049e721e9bbcbe2ca0c75f089ee8

    SHA1

    65ccfdd649905d6ed6726dc67e1141945ced0057

    SHA256

    a045136393c82afbbdc1eaf9ce3855fda53972c65f0ad0506405399b5cf37e52

    SHA512

    f3d4d0c2af4e3af71618e740e4e433221a14cc20b6d873562e42b0d0b97a857c18501ca269d158536a1371d177758a8ebfbc346a3f160a17512588123c0e4473

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    776911e8f3c479ed2dcabea12d98de5b

    SHA1

    fb75a003c60195df6cae9cbc4d87d2712d48ca10

    SHA256

    7db34a547e5e90212a3954ca50a412b7310e6cef2870813f164ff98190e3fc28

    SHA512

    e68ee868078c39c7aa6ac0cab90c1e0e40bf7a6b53c7d4edac2cb091fce4eb9fcbef530d024e3c5e0abc04782c16da4fd48e068dbbb1d7ce70edd76f9ff09560

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    d0e3dc1f63d55ee3a769bc2d1f4b3cc6

    SHA1

    5463b8f6b4d535e87142ca45d462865808d3eb4a

    SHA256

    d7e358402bc1ff3446950167958d4a94a3426414745ef798a7aca43654b7f25d

    SHA512

    71e175e31192f56cfee289895d14453851924cd61f24d1dc041b92adf62b304da720b08c00f49198f0b2bacc29f44971ef9d1c28ebf11a36ff73e683296a50da

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    fab6ed7ec490f110a5de526ba3d539b0

    SHA1

    598c15a1d73c2b4c74f941a51c17c9255d54a962

    SHA256

    31b95a152638e2de01a196aedb5e320bf098afab7ac9166fe7abc1615c976959

    SHA512

    b2b9da2ab62459c0c56d4beef2cfb7361096d310b027533f3eea2a4300cf0171b6e860fd3e8548bc67a3c421b3bac8f153f4995e972a7e03a949288834d9691f

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    11e5cb5018a5ab09464ed4cee8562979

    SHA1

    4d2c8d69fe4fee520b66a54df9f92caee4dfb8e8

    SHA256

    3749c66f2a9c44a755b824eaa777e9ef23e86ddc00fb8f52a6a3e84a9773dfec

    SHA512

    f906aa867521b135ea48eca52ba338850cf77d158e4131e87fcd3868cafc39934b1aba630a779b4d5b45ff51b0b9cec099f66b73e0a884056f5bd3a52cc5e40a

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    af6cc69c2d2d654558e3202c1fedf8a9

    SHA1

    8c1caed7d1d2f4a54888058678bffbd27faba613

    SHA256

    8db236d17cac11c94641bb87ffbebac12c813cfa2daf09d571aa8cc009ca0882

    SHA512

    51e501cb33bedba3217b2aed54e6ca54531b983d99be05ecc9cd45954b6e8cd5d7cf7c83c0c2433174464861d8e6f30bb38299333ff80ed45d87e8640c7ac6c0

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    752b13a1dd169e9187eb4d1c1cf8ef1c

    SHA1

    376ca17e39d2d6c02de9755f5783bae30c2dd4e7

    SHA256

    cca7f582fd39579914a33128e812eca9d62222f0fbb7df4844c49ac62c60f2b2

    SHA512

    aa89e65e343ee13e85311b9de93cc3dcd629e22dac9edd95fa72e8ce6282ca5b168fa4cdee2f7b10282962c9402a4e67398de9940497628e569d5654313502c5

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\mirc.ini
    Filesize

    3KB

    MD5

    96a023a37c5053f84474124fc8eb6b7e

    SHA1

    c87f741549a527dd514e32ec38878dcc83f3bbcc

    SHA256

    1dc24bd7e569ef096fed7f122b3c924f5fd8bea4d06ddc3c259db8ad8e26077a

    SHA512

    2cba19538ea039821d266e86d00000729e4300488bcb2a7bec4c164f3ec97e8b145b7b57d9e4f0d37173b80d972f5b9184f12142c9b497a3b0b0d5f9d009d44d

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\remote.ini
    Filesize

    2KB

    MD5

    6a2ce79d28b432c2b4909926649ecb1c

    SHA1

    8787c5393711d2222e172f7c8886c8344e098843

    SHA256

    bcf7180410ba287dfb2ce61fc8455b7dd935892c9f7d18f300f6f431b25f62c5

    SHA512

    e6f8fb1d296e05705cfd75a720a3445e66ef993f9e1fbd3fda16275de50e64cdf454b390bc0aa8c5e2db995693cd8147291769f64eba13c08116215aed608873

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\remote.ini
    Filesize

    2KB

    MD5

    48ae0659005835ecca6ff6e4f317521e

    SHA1

    8887713c19f744cbb1c4ec06aca1c47d7e0c95f8

    SHA256

    9bc1a950e92792a975ff25539d85fef285657cc988e9229ec47d5f244f7cc53f

    SHA512

    7147f983ce2d688628b868dabf6d8de0e592bec79ee56414cc08c41f1ecf5aa75361901330a0ecc3349b65815cdc350102c5fba2ec87b0f655ddfd4b90885889

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\script.ini
    Filesize

    16KB

    MD5

    c571bca31ae93710f4e9d7f53f63ff42

    SHA1

    58606888034131d8cb1faf7c182450ca019cd70b

    SHA256

    bd3f67757e75ff5120bbb13139cd4c873a41d6e9a9292fc8d576a3a6e9160f25

    SHA512

    9aaf1d2c43a7138ff444408d64910e9f6e8dcba3b815faea70dad0a89057abbb76d25cac61f0b1ceff27dfe708183d631680bf922e1899df56f2fe5c43f54d71

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\servers.ini
    Filesize

    1KB

    MD5

    1d29e51b879b0461ead2dca830c92125

    SHA1

    9c15972479dd55bfc7635f032a629fdaa6280dba

    SHA256

    e3df538a425b2b75479615c049f79db1facb475cb1745d04d7a58510694d06f5

    SHA512

    fa31bd971178794c2cab5c999111d6179699d6a40a8d7c4554dce233270ef0f8ea5cc46837aa3bb154b104a355728c9c27c932265ae2ad027430b67fb1feaa6e

    Download Submit

  • C:\RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\users.ini
    Filesize

    353B

    MD5

    0e7428e05c5b7e7e503ab74abd34bca8

    SHA1

    488b4b656ca04ffa43d5947aec434d4355aef3b7

    SHA256

    85aa176c46a06782a8328d37f9a90d39852d5c998c404b57a9c2e9374600244a

    SHA512

    8b160566d196eec86c2211de5d8817def61b2b3e7151f8c1fda3a8b67a2ef768df91f43f861f8c2ce27dc85a7ffb1fe96390da540ef3bad770366ea25fc1ed33

    Download Submit

  • \RECYCLER\S-1-5-21-3252328098-71414409-2463015037-501\csrss.exe
    Filesize

    592KB

    MD5

    90285a5088ce2fa0d125633d48e37de0

    SHA1

    18910f618319ba8119f4b437356e894e9816f12a

    SHA256

    e8c923dde7dc35d8b4cabf4c2aecc4a22c23351c241849c9fcd6bc26b9bdc620

    SHA512

    6a954e1e03d11ec4966757e2687bd65c30ef11672a0e844eedbb65b5cd399c400d5632dc413623e9f9d89269cc87443c24ba923c97d849b476c00b4a2dc95dbe

    Download Submit

  • memory/1748-378-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-406-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-370-0x0000000000ED0000-0x0000000001096000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-371-0x0000000000ED0000-0x0000000001096000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-364-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-383-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-389-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-54-0x0000000000EB0000-0x0000000000EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1748-394-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-411-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-369-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-399-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-368-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-418-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-422-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-426-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-434-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-45-0x0000000000ED0000-0x0000000001096000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-44-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1748-438-0x0000000000400000-0x00000000005C6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2164-38-0x0000000003380000-0x0000000003546000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2164-37-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download