Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

7731e2a4fb...32.exe

windows7-x64

6

7731e2a4fb...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7731e2a4fbe7744d6452bb2ea41ff532.exe

  • Size

    1.3MB

  • MD5

    7731e2a4fbe7744d6452bb2ea41ff532

  • SHA1

    3ff93b9b6870dcd2efd7ef1de4afd9bcae207f3d

  • SHA256

    c917944cdffeb82d6e332884bdbcfbcbab780e022c51ffe9501e1d676eb75f98

  • SHA512

    2cc75a9f50f22cba18cced5ff2d52de2c38e5dc54c5098dbf017a513ce076e64c88fdeb3eed1a96842834c028c2b437b315548f4de3661ee730b9c7818276d34

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistN:U/eDNAuaE6tiI

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7731e2a4fbe7744d6452bb2ea41ff532.exe
    "C:\Users\Admin\AppData\Local\Temp\7731e2a4fbe7744d6452bb2ea41ff532.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bigfishgames.com/download-games/1244/kudos/download.html?afcode=af628d3a27a2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c11aa47166f0d377c418ac6462138c2

    SHA1

    2a1be13cff7e4c3883796ad4b4664687c407b41a

    SHA256

    f60fc0473705a57b2bc6c616b2a418a9bf2d23f5d32712bf2924af4869759ac7

    SHA512

    96060b09ba11f11bb7e5fdee5508e8f1aa0eec0af1339b18db1aa608b4c038ea0f9aa862088ce09a4ba34167593c1db343ea1c49ea2837b8edf4a7a8f37581f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2bbe776c598d3b4a5835992c416fd8a9

    SHA1

    cf5a9edef2cb41ce90a8d994b12b27b6af77b57a

    SHA256

    996df1d4415a439bf2cb5455e36480ff7dbc8b7c8b3a4e2eb67ce65d4a887c1b

    SHA512

    55aa0df123683a04119ff59dccc3d8f1aa59a1d169d05458525ea2546f593a5f130ce8576455f32d0bed2bfc1902e1780177266b0cebc65d28e91e22ea08871d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e71fcd66b8c88384fd1e076fdc71b823

    SHA1

    6cc84ca813685193aceaf788a22943d4c85317b4

    SHA256

    a1dfa04d2c294f115a1c50cccd9618d6f7d0234ce2f7f9bece5b6e6f0ee62dbd

    SHA512

    a36c9460bf6ec46f94ce6784410e4543eeda3b850213b36f7deb26e7721f2c90aa64e208f7e40b8b3354edd06ced9f3e0124c0087ac2692f29fe545450a794b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63ed28a7d8be1b8783ad301fd42e79e2

    SHA1

    7980d23a6998bb2dff897fd77ed39af77ada602b

    SHA256

    e4c07e6cc9c138d6cd09533d29b1ff9b38bc3fa1926a720173c2e91f916f8be4

    SHA512

    52b73d333fff8ac0eb8b25a270d3e35c314a20b07c73173ce479609fd9ac2f9bce42c4b81088b585b4386234f8a8adcce4061b02c80f69673de421a501db97a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3005a6d7260e503c5f63fa949c931de

    SHA1

    6bcd56faa02255b7b113ecaf9f6cc45891c1d94d

    SHA256

    3aa93acaaef3877d47c2c565322b699bd224bce7c5af4103dd9c31793e65d72d

    SHA512

    c07ebe064b7e2807917f4435bb8d7f3431c8c0778d2e7d091cd6202cd8684bc367428ed620bab4c77f55184e6f61639b4cbb92930fef18cb2df9fdd9fa5377b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09d23f5683aae9878ed4168089ecf269

    SHA1

    d0a937f29c0d6291867e5a987f281fd54b61690a

    SHA256

    a2dfdb976570d3167f73787d0c3dd343cb7c02b694d1357b1db290eabbb51b28

    SHA512

    2647b484fb6265a0bc4f7eba1e782086ba38cdc02f9ccdb635cb902477b93ee8a31980698f6819911578fd758d9ab61225d9f71f5d1491dc8f6f2afde20bf6f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2258fbdbcec82bc23857b314786e3011

    SHA1

    1efc2ef45c9532d9dd3407c301f9711af3264527

    SHA256

    c32fba82b93b5c6fefdb1f2b850f0f649716da3682bd956065458ea312ce72d3

    SHA512

    c6f11e1a2f2097b5d397029a93924f2c3b0b6d69b8b38a65ce6364539b4cbf75f57cd4590532bfed10d8e115a9f758552d29deadbbecd97d69e8aede79461724

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1d44fdc06522c4d99d5f552a89a6909

    SHA1

    1c09cd7d3abfe83bfa2a71919c2cb66f34f8754c

    SHA256

    74bde8c7dd7bf52b407b1ef5a035787e76c8bbfaa125a132995584e021e7e82f

    SHA512

    4132d4fc73cda054b4f3628240d3f3fe4a5dc44bca13df522f339f738c97e44018230a09a84d714fc0c743966beb28e058fc5b3238df30abd02e104fcdbb0ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7f05d1c377cc50067e921bdb5caa79f

    SHA1

    15e4b9c9a1e0362a7c873ad2ac05a81e6a33ac2a

    SHA256

    34730e8630850c7e39d8a0bbb8a9340f92a0f21e4105529fdbda5735e67ec606

    SHA512

    69ff1749767a29d898156575817f4e6f51de3da571b5467ac4e08cf5306e63f3840d5086d22f8f69391b501daae917f628ffeb322b82075a32b097cc5159fbd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9926902402f0a9c0dbc6d5322f801222

    SHA1

    4bc7de37b43e3ca9d8ee72aae1a5cfd96e15ee87

    SHA256

    1037bd1d08cc60a09c37c51a33319d57006ff501cca6794892b21a75f637de1c

    SHA512

    fef49cef3bfb3553204c4ed364ae592b54fe2c6e7c1d44f5042d85fa455c1a3066a0998ead62df51b23f5c406400a0edef4dc142eabc6767952f0e5053c01f22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c674748f9068e4ea205b107fcf58b6b

    SHA1

    f72008aaab3eb5b7ef0bc32bcd1442c6ee1a530e

    SHA256

    bcf04a576c7627eb86093eb5101c36e8798b273025ef5e38ac3f9ad5481a4026

    SHA512

    a1c6511d6f7501a5aaf71727b77a64496c7d59c11c723edd10639b2a2c5b2a5de3df68d15d2d12b73fed0af523fcec4a01ebf201acd2ac8da9c4aa86a3d75055

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC238.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC27A.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2400-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download