Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3S3tupp__Ps...31.rar
windows7-x64
3S3tupp__Ps...31.rar
windows10-2004-x64
7S3tupp__Ps...up.exe
windows7-x64
1S3tupp__Ps...up.exe
windows10-2004-x64
3S3tupp__Ps...cr.dll
windows7-x64
1S3tupp__Ps...cr.dll
windows10-2004-x64
4S3tupp__Ps...re.dll
windows7-x64
3S3tupp__Ps...re.dll
windows10-2004-x64
3S3tupp__Ps...ui.dll
windows7-x64
3S3tupp__Ps...ui.dll
windows10-2004-x64
3S3tupp__Ps...rk.dll
windows7-x64
3S3tupp__Ps...rk.dll
windows10-2004-x64
3S3tupp__Ps...vg.dll
windows7-x64
3S3tupp__Ps...vg.dll
windows10-2004-x64
3S3tupp__Ps...ts.dll
windows7-x64
3S3tupp__Ps...ts.dll
windows10-2004-x64
3S3tupp__Ps...ty.xml
windows7-x64
1S3tupp__Ps...ty.xml
windows10-2004-x64
1S3tupp__Ps...xt.xml
windows7-x64
1S3tupp__Ps...xt.xml
windows10-2004-x64
1S3tupp__Ps...ck.png
windows7-x64
3S3tupp__Ps...ck.png
windows10-2004-x64
3S3tupp__Ps...te.png
windows7-x64
3S3tupp__Ps...te.png
windows10-2004-x64
3S3tupp__Ps...80.png
windows7-x64
3S3tupp__Ps...80.png
windows10-2004-x64
3S3tupp__Ps...st.png
windows7-x64
3S3tupp__Ps...st.png
windows10-2004-x64
3S3tupp__Ps...on.png
windows7-x64
3S3tupp__Ps...on.png
windows10-2004-x64
3S3tupp__Ps...ig.xml
windows7-x64
1S3tupp__Ps...ig.xml
windows10-2004-x64
1Analysis
-
max time kernel
169s -
max time network
248s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 00:39
Static task
static1
Behavioral task
behavioral1
Sample
S3tupp__Pswrd--1231.rar
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
S3tupp__Pswrd--1231.rar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
S3tupp__Pswrd--1231/Setup.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
S3tupp__Pswrd--1231/Setup.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
S3tupp__Pswrd--1231/cr.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
S3tupp__Pswrd--1231/cr.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
S3tupp__Pswrd--1231/dll/Qt5Core.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
S3tupp__Pswrd--1231/dll/Qt5Core.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
S3tupp__Pswrd--1231/dll/Qt5Gui.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
S3tupp__Pswrd--1231/dll/Qt5Gui.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
S3tupp__Pswrd--1231/dll/Qt5Network.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
S3tupp__Pswrd--1231/dll/Qt5Network.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
S3tupp__Pswrd--1231/dll/Qt5Svg.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
S3tupp__Pswrd--1231/dll/Qt5Svg.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
S3tupp__Pswrd--1231/dll/Qt5Widgets.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
S3tupp__Pswrd--1231/dll/Qt5Widgets.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
S3tupp__Pswrd--1231/files/libs/WsmPty.xml
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
S3tupp__Pswrd--1231/files/libs/WsmPty.xml
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
S3tupp__Pswrd--1231/files/libs/WsmTxt.xml
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
S3tupp__Pswrd--1231/files/libs/WsmTxt.xml
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
S3tupp__Pswrd--1231/files/libs/X_80.contrast-black.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
S3tupp__Pswrd--1231/files/libs/X_80.contrast-black.png
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
S3tupp__Pswrd--1231/files/libs/X_80.contrast-white.png
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
S3tupp__Pswrd--1231/files/libs/X_80.contrast-white.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
S3tupp__Pswrd--1231/files/libs/X_80.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
S3tupp__Pswrd--1231/files/libs/X_80.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
S3tupp__Pswrd--1231/files/libs/wpcatltoast.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
S3tupp__Pswrd--1231/files/libs/wpcatltoast.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
S3tupp__Pswrd--1231/files/libs/wpcmon.png
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
S3tupp__Pswrd--1231/files/libs/wpcmon.png
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
S3tupp__Pswrd--1231/files/libs/wpr.config.xml
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
S3tupp__Pswrd--1231/files/libs/wpr.config.xml
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
S3tupp__Pswrd--1231/files/libs/WsmTxt.xml
-
Size
2KB
-
MD5
b2edf82825d979928ae07cbe9c7a2160
-
SHA1
647fa4eebecbc3686394f434a52f1ae8420b2e30
-
SHA256
78afa5d402539bf4b46f9f3ac76e82cf6426eb69ef090d1aa087dce597d850e7
-
SHA512
1f18ad56e53a9a5fb1c9bef204a483a1d500ed2f5aebd7fefd65346edce9cabf1764eff0a3bf793f4586eee334ce65b4bb1c6e7b0ac7028f055931b36dd7d02e
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01e06c2ba3ada01 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000007b47320235a9a4340ac70aeef887ff9a796a62c1e131f30db527764879caa987000000000e800000000200002000000051d6366cda91a94a14548b9b21f1e947b5fe1d076bc995b84c2c0e40e95ff7c5200000008338e592b4000ef5584975e42d74010be820adcb7c555605cdf8a23371c260b840000000b786737c0261ab6a0aa03e49fe2bf8e68ef9878501a807ac40fc4e3a8919e7f136a26ede322c9a6b5b19bbe82738c79f02b86a890b490666d8a8a2946a6cfc0e IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000003c5c03123f839ca4dbb1b00c9c776d4638142be0dce9ba0c514490ce1217e8c6000000000e80000000020000200000004559e7c9cb32fe72cdd560f975aa0f994f2307822e76fd8dcd6879b63256b7c790000000295180f65f178768c87690e6d1578441d0f1142c822a6f1f7cf6e911b8fd07450285160a612163c28a6ff398a3e8ea3e29de563845090857488bf07685c84e03d1d770a869a45f67588400f92b67cbcfb45884f2140bfc2af8f213a037023e221daf2d1aca03618f1710e2d5077783c87a6e2d827c40addd869893ef6d7efe84d6f8ae9933b399b47569088a5737f76040000000dd240fbd955e6bf0b2d585e498ca8b011bccd89c94fca69fbebbe3dac4555fe22c8fc868cf654134e75806969d7ecc780e37531fad71c2a48d5d656d62a1e777 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E050E901-A6AD-11EE-A623-CE9B5D0C5DE4} = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410059498" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2948 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 1092 IEXPLORE.EXE 1092 IEXPLORE.EXE 1092 IEXPLORE.EXE 1092 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2900 wrote to memory of 1872 2900 MSOXMLED.EXE 29 PID 2900 wrote to memory of 1872 2900 MSOXMLED.EXE 29 PID 2900 wrote to memory of 1872 2900 MSOXMLED.EXE 29 PID 2900 wrote to memory of 1872 2900 MSOXMLED.EXE 29 PID 1872 wrote to memory of 2948 1872 iexplore.exe 30 PID 1872 wrote to memory of 2948 1872 iexplore.exe 30 PID 1872 wrote to memory of 2948 1872 iexplore.exe 30 PID 1872 wrote to memory of 2948 1872 iexplore.exe 30 PID 2948 wrote to memory of 1092 2948 IEXPLORE.EXE 31 PID 2948 wrote to memory of 1092 2948 IEXPLORE.EXE 31 PID 2948 wrote to memory of 1092 2948 IEXPLORE.EXE 31 PID 2948 wrote to memory of 1092 2948 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\S3tupp__Pswrd--1231\files\libs\WsmTxt.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1092
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD545478e9928e58cf8f3cd06ed6e26c960
SHA1b6c27e7149aed27852a62c3569a5b17c087d2c2d
SHA256bc857fa96e0d7f9f04b8b39435ccc82c93a3bc3fc402760b98343820ac47f36f
SHA512815836e3cc2f1a3828a5a54085b958ed227659368d0aeaf914040f44c042c17948c2ac800accfe0ee3eb08201e833cd6169fd657023df85ef976b8ada3eb95cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501af87ff85f4b9d18eaf89555f0bd1f0
SHA13b8135de81e90bf621c16ac3fedcfcd67b9173dd
SHA2565a10d8736cd701b11d16c6ee37cac29f866c1fdb9b87ee68c2bf4ef692394706
SHA512673934122e7014090ed1e7cec6bedbd70ce6aa76f13b4cc7145b845dcdf15bcd423cd869e5cea925482037382c7307c8e6e4d0e78b731bf2ca5faf82debc836a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06