Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0626220c6b...b4.exe

windows7-x64

7

0626220c6b...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0626220c6b36b91ef947bfadb5ffc3b4.exe

  • Size

    353KB

  • MD5

    0626220c6b36b91ef947bfadb5ffc3b4

  • SHA1

    3d90a5f553480b4e27aecb1529a0f355e1304615

  • SHA256

    bc89ef35f15c4ae4268961e8a8bc53a883afe23b3bf8e841a17499e0e9957b96

  • SHA512

    fe4ebbe0f4111ed569f64be4c57d6bd2345f853973ec8f1191a5d15de5fae85a43b38bdf53a0369414672c5e8320721605bbc3efb466aba78010837f0bf2ef0e

  • SSDEEP

    6144:WX7eov9mh+35YitVNuwGwKl+/97/x0jG4nO8NZHATQW+F6YYN+onLYcyz:4Ah+35Yit8vUF7/xN4N/Az+4v6

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 16 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0626220c6b36b91ef947bfadb5ffc3b4.exe
    "C:\Users\Admin\AppData\Local\Temp\0626220c6b36b91ef947bfadb5ffc3b4.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:1140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\nst51AC.dll
    Filesize

    64KB

    MD5

    a91ce4c9ddbe4507905f769adf888032

    SHA1

    dd8b9f1fab3952040028b5b1bc8c01d4da19819f

    SHA256

    0ed32615c0c868abe8ab06413fb77546adffe600dea2be0e819cdefab810f26d

    SHA512

    305d2ac8835c25ee2e2770a834df7373432565a4db2b543ab4c2ecfddc1a5bcbcc6ed8689b0a6de31cea74dfeb8cd3018f03b2689663cac92664cca99b1d83c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy5044.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    997ae296af5b7ca9aaa52f6844075439

    SHA1

    9814f0b09219ac2eed875d842b9362c3b32bec6f

    SHA256

    1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8

    SHA512

    a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy5044.tmp\System.dll
    Filesize

    10KB

    MD5

    32465a07028b927b22c38e642c2cb836

    SHA1

    309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    SHA256

    eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    SHA512

    9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    Download Submit

  • \Windows\SysWOW64\nst51AC.dll
    Filesize

    356KB

    MD5

    3b758b989821e5ca2b73033707430ccb

    SHA1

    f4563245e38e5c746f9cc0ea7b1f1a38c7113b2b

    SHA256

    9c365454cdb24ca83cda0667f75ab32dff1b0abf8bb5861f83ad8c73ead7b7d7

    SHA512

    f113ff7403b7305c6686f3d57d3c9e66262f29593c385de387d5258bcdebda323c8e4eacb79542c0db87952c6dc957754e30f16ee565404144c952fb755fc732

    Download Submit

  • \Windows\SysWOW64\nst51AC.dll
    Filesize

    254KB

    MD5

    eb22aae6e0af764f3be90ab782978352

    SHA1

    93ad118da333498e9906823cad0f5904a1e3798c

    SHA256

    63a61b7e97168abe3a74f157e7ad2fda357f4ada0d3c3838fd9a96bae01347a9

    SHA512

    8e820bb2f3884eae1fc133ef956fbf96d83c33db687b2ea4d896197d4e9ebe7cece372498e8c28b5eb7b70844d21e27f56c7a2e3da4ba07d307530c743f53faa

    Download Submit

  • \Windows\SysWOW64\nst51AC.dll
    Filesize

    106KB

    MD5

    d70b156224e23b7a2afc06601012b88c

    SHA1

    df3ae6966484df94b98df1d3628822f64c81a5e1

    SHA256

    ea4d93c6993f10ab9cded5cf33f4aa8970d4a39226e17fb4b40afbde4a95bcac

    SHA512

    e05a9307b04ef3895e2ce3a0a82584f798ee3b695a871d7e53c1ab62ff16e84a2e6a72dc28f51fef2864f01029d9fc17f0bdd5b318a019a0bba4e7dde00e328c

    Download Submit

  • memory/1140-51-0x0000000001DE0000-0x0000000001E3E000-memory.dmp

    Filesize

    376KB

    Download