Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

06a410454b...d4.exe

windows7-x64

8

06a410454b...d4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06a410454b1f0524ddf8df5e33201ed4.exe

  • Size

    164KB

  • MD5

    06a410454b1f0524ddf8df5e33201ed4

  • SHA1

    c45664f51a910935cc3035e42f750a470a2a3c22

  • SHA256

    3ba00d19455f442072d8afa52f94783070d474ddf0c1eaf0cec28481130f9b19

  • SHA512

    58100c3a449ac8d40ee02ec2227e2baddc66f0f98284507dad62b45acea62bc6e2af0fb731b268b15794d04f5ff3bd6c506749b56f5371a77ef76c76e03a3bef

  • SSDEEP

    1536:iICvS60bmM+DLgI4MaHoHuCj/WaPLNcE9J7gGifarSwjfRnqpfNiXN8sWLhJz:zFpbmM+DL8MpAaquJhuL4ZqOiLvz

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1240
      • C:\Users\Admin\AppData\Local\Temp\06a410454b1f0524ddf8df5e33201ed4.exe
        "C:\Users\Admin\AppData\Local\Temp\06a410454b1f0524ddf8df5e33201ed4.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2644
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2772
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2572
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dfDelmlljy.bat" "
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:2972
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\zyndf16.ini
      Filesize

      129B

      MD5

      36465d106a381034e6d1b7583160226a

      SHA1

      7bd7e768b5aad49fdcb13eacb1e92a6af54ba92f

      SHA256

      630754e068e8369a089f920a7b22cbf3ca350dd87e99e0d334af22018cabb3ba

      SHA512

      9100bf7c8686467b42a67e2599ef38953bb9ccb45a0131bfe6d80be8377e8e4ec4e869ef3ac31a0b0a630c9f45dc5cba0806e1d29d465c82a2d6e9b6ae9e7757

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c350814b2dc946b2b7d9dbdc0e97f10

      SHA1

      9975e16e4f9fab6dc9601744e6fd2cb8a68df6e8

      SHA256

      4c64a4b0ad19d38ef54699a0f22e2a787bd10ee7dd8e261a44f58dc1bc0df453

      SHA512

      8aa3acf542d0b34e58a0362733e066e31a117b5c01a3273a1c9f89b8c3767d47a725d010e0f169faaf81ed0f16bb6b88489f09247f6410c91efae29fd976e85c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18fdc801482187713ebd3f6fdb026248

      SHA1

      5ce54adbe0029927a8b7194be2adc2c5cc22ca55

      SHA256

      67e95a4470c6d9b380f7aece1fe85521690b0a98e3a2ce9b5c85e90f51cbf3e0

      SHA512

      40775f643b6511c2a8cc0c6d2c5424c90c24409c136a8a393afe1e9f14589934c07a5b36726650b56f84153493ec0e29648acbfe959af3f9230add15abf3c2e3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dd21ff19c4bb691ed5e5a19b02a234a5

      SHA1

      95669d1e2b7c2a5d71641b11771e6f617290e232

      SHA256

      af9917fe033621012786a7845dc743856247d27bf8177e794f9a1e9155b6ac6e

      SHA512

      291fafc36ddc433839ca631c013bcd943637ebd39df0b17d06bb0d532b2eab7396ae1ca7643abf02b5ce0df6dbfeb030d45c536f136dfd73727074ed40c649ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7270bf51011a57a749a935009aa18199

      SHA1

      1c3655e390397c0c4c2fda4f7299531619e33bf1

      SHA256

      5dcd038bdda1bfbcb90e8649ac5893ea1e513ccb9e1460b9795a9738dcc7a901

      SHA512

      bea12d2b398f6b1862762b3bf6d2b069489fa34726039c158e2aaa246505d49b59556aed0809335eea07ec8c103eb27d35af5a25de001e36c2363e702a563ebb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c1499d3f87ac5471f4c634699050343

      SHA1

      35a07c13deb95bf1d0ad0ddea802c66882b20120

      SHA256

      65c2434eb2b355dd5b715988bba7c870a45832ee353070b4c823a61914ca37fe

      SHA512

      abd9f80187fbdd563bd16596d649a7f88f4874502171c38c37a4ed91dee3f13857c8aa48f4225b95c43701ac0a5ffdb42c3632cf92214abd1cc1c92caefee8ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      161792f8e39f5365d7773e2a725c3340

      SHA1

      e57b5cfeeeefe77030549552105f2976baf38480

      SHA256

      ea09033e51fe8a36decff2c6524be2fc0d16a10f92885ef7ed4da5f52d181fc7

      SHA512

      99f57d2e7478f4a003c48c324cd64930e0030f025997f8121aa1a934d876d4b19583dc74abac0964dbd99287e8218073ffdf9c38066559ff60e0b2f3f94949b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0cdf7cbed94734d657d1b0c5a88dc0f

      SHA1

      1195c8db2721a1d65f3066613a553e437f2c5a15

      SHA256

      7b3d566a0f0bef46f54a90b8a7536a618e50156cc1493086415a23078b43e959

      SHA512

      fa72a8ffe6d317f84745522af8af3fbe2412e8fbad07a34134cfc071cd58b2fb912c089e4dab63397ebb8aa5e094f2af9c8403201231606be4cd75fde12201dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      256266ee5ade0ff2fc10cb590c5ad756

      SHA1

      36e1ab783567eff6d24eab31880cefe416406ef6

      SHA256

      e0d6f2b93b2151df7a89291d813f9240a4fc67be0a2686cd0fa931858d1e3815

      SHA512

      207e0b94f294bd1282e227eae624b2b8734e50d2fa253f56bbc6c4f567632589ca6b0cfb88f3d5b34f0f9a0fa3f2f5efd6e290e1e832c8575fef4ad151a69623

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      922745de80a083dd8e7b58ae470445f9

      SHA1

      8ce6039ea317d6bc005eae4b7716d50588d85df3

      SHA256

      d540e3ab11310e4337cf01a38b8ad21c0bc27865943c55f93242635dfda80170

      SHA512

      217d025f821bb8216a9f3631ea20ce6d379b81c53e3088585433d8ed6313819788ba8730a7f27c772b8c2644b51e40374e837ee6166270cbaf7c214c62eb791a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ed33fdde3b708d188804caf608f91230

      SHA1

      870b7a05ab74dc88a8c3d21e08d67ef24f2da563

      SHA256

      6454b7b47cb438cf2ba5625250ee89ec97f326b73e86a3b7af0304564bc64397

      SHA512

      f3f3869d6cca38a90d03e1d9239871908664c42551daa586ece2e295e6205f529d28785b46190a00ad9cee0ad27ad4899cd02c520b4de68a1b12e9e7eba9bcc0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      187e52a78f674916ac4337bcf7a65c14

      SHA1

      360f7c35e3929243d749544b064c38d37f171bb0

      SHA256

      b0a47e8848e341eb08a4a13c7097d02a5f590de1d2e053fd84fb78175fec2c7f

      SHA512

      3253f65e7f8b9ca3466248729de1b87c2f265b89ee29c5874b512b86cc658ced7b6f660245a0f67d691e4539dfd86cc004ba5dbf8a8dfa7e1d11105eadaad3c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAA18.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAA59.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\dfDelmlljy.bat
      Filesize

      205B

      MD5

      50cf598db4e0aa063c5278f03ff33e25

      SHA1

      5a50dd4493a8d878a298040df6aee820ecbaf095

      SHA256

      697ca5b19ee635ef73f755118201af2d881e93e4e503775fcb2a9a66e265f98d

      SHA512

      8edca7ed8fffdc20bc07d7805e7324d6e868b9b23f053931ea8ffb1b3408aeb0f58d0a1f8e10a64bbd6465afa65bbe4211c928a58c566d0e8acd8bfddbea20fc

      Download Submit

    • memory/1240-19-0x00000000021E0000-0x00000000021E1000-memory.dmp

      Filesize

      4KB

      Download