Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

09614c4a0e...b5.exe

windows7-x64

3

09614c4a0e...b5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    69s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09614c4a0ee6bead24ee56b6f8ea45b5.exe

  • Size

    198KB

  • MD5

    09614c4a0ee6bead24ee56b6f8ea45b5

  • SHA1

    70c5e52406cb4ab849a9aab1c14145330f6a2318

  • SHA256

    b0817b6ad499d6e995c790054b3c348487fef158e3c9fc93b768e85869720647

  • SHA512

    7b69db354fd6c33bcc355bc899d788d142291a481aa25d449d5ae3af82b93d425cff05bc3ea500a332bb578873e0965aad508bdf6e54023265bbe7f48aae17bb

  • SSDEEP

    6144:Cg1cnoDUQe9OLWyY2+whhKTG9CPUJSUhjl9QnIQS:yoDUQa0JY2+whhmsJSOx92S

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2684
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.vivo.com.br/portal/home.php/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3064
  • C:\Users\Admin\AppData\Local\Temp\09614c4a0ee6bead24ee56b6f8ea45b5.exe
    "C:\Users\Admin\AppData\Local\Temp\09614c4a0ee6bead24ee56b6f8ea45b5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928

Network

  • flag-us
    DNS
    www.vivo.com.br
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.vivo.com.br
    IN A
    Response
    www.vivo.com.br
    IN CNAME
    vivo.cname.vivo.com.br
    vivo.cname.vivo.com.br
    IN CNAME
    vivo.cname.vivo.com.br.cdn.cloudflare.net
    vivo.cname.vivo.com.br.cdn.cloudflare.net
    IN A
    162.159.136.63
    vivo.cname.vivo.com.br.cdn.cloudflare.net
    IN A
    162.159.135.63
  • flag-us
    DNS
    astalavistawornz.sitesled.com
    09614c4a0ee6bead24ee56b6f8ea45b5.exe
    Remote address:
    8.8.8.8:53
    Request
    astalavistawornz.sitesled.com
    IN A
    Response
  • flag-us
    GET
    http://www.vivo.com.br/portal/home.php/
    IEXPLORE.EXE
    Remote address:
    162.159.136.63:80
    Request
    GET /portal/home.php/ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.vivo.com.br
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 30 Dec 2023 12:19:19 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sat, 30 Dec 2023 13:19:19 GMT
    Location: https://www.vivo.com.br/portal/home.php/
    Set-Cookie: __cf_bm=ZhMgXWiIOj1RRaY9qtdOdchwIP6bRq.EbmAxl7HCFS4-1703938759-1-AaNDQfCn5PGYpWVbVH11yP+CGRczwxmijA2mnLV3Ys1+UJ/XsaQJFbgyghH3dNxzakZbGlNROjaraB6n0R8ATjY=; path=/; expires=Sat, 30-Dec-23 12:49:19 GMT; domain=.www.vivo.com.br; HttpOnly; SameSite=None
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 83da3afc0cb9dd84-LHR
  • flag-us
    GET
    https://www.vivo.com.br/portal/home.php/
    IEXPLORE.EXE
    Remote address:
    162.159.136.63:443
    Request
    GET /portal/home.php/ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.vivo.com.br
    Connection: Keep-Alive
    Cookie: __cf_bm=ZhMgXWiIOj1RRaY9qtdOdchwIP6bRq.EbmAxl7HCFS4-1703938759-1-AaNDQfCn5PGYpWVbVH11yP+CGRczwxmijA2mnLV3Ys1+UJ/XsaQJFbgyghH3dNxzakZbGlNROjaraB6n0R8ATjY=
  • flag-us
    DNS
    www.microsoft.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    GET
    http://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    92.123.128.150:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    X-MSEdge-Ref: Ref A: FF7F9C6CB1714EC59EFAB3D4C612DCB2 Ref B: LTSEDGE1121 Ref C: 2023-01-04T16:48:40Z
    Date: Sat, 30 Dec 2023 12:20:03 GMT
    Connection: keep-alive
    X-CDN-TraceID: 0.96777b5c.1703938803.62186cb8
  • flag-us
    DNS
    iexplore.exe
    Remote address:
    92.123.128.150:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Sat, 30 Dec 2023 12:20:37 GMT
    Content-Type: text/html
    Content-Length: 218
    Expires: Sat, 30 Dec 2023 12:20:37 GMT
  • 162.159.136.63:80
    www.vivo.com.br
    IEXPLORE.EXE
    472 B
     104 B
     10
    2
  • 162.159.136.63:80
    http://www.vivo.com.br/portal/home.php/
    http
    IEXPLORE.EXE
    848 B
     756 B
     7
    4

    HTTP Request

    GET http://www.vivo.com.br/portal/home.php/

    HTTP Response

    301
  • 162.159.136.63:443
    https://www.vivo.com.br/portal/home.php/
    tls, http
    IEXPLORE.EXE
    1.2kB
     6.4kB
     10
    12

    HTTP Request

    GET https://www.vivo.com.br/portal/home.php/
  • 92.123.128.150:80
    http://www.bing.com/favicon.ico
    http
    iexplore.exe
    762 B
     5.8kB
     7
    7

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 92.123.128.150:80
    www.bing.com
    http
    iexplore.exe
    294 B
     650 B
     6
    5

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     7.8kB
     12
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     7.8kB
     12
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    1.3kB
     7.8kB
     12
    13
  • 8.8.8.8:53
    www.vivo.com.br
    dns
    IEXPLORE.EXE
    61 B
     173 B
     1
    1

    DNS Request

    www.vivo.com.br

    DNS Response

    162.159.136.63
    162.159.135.63

  • 8.8.8.8:53
    astalavistawornz.sitesled.com
    dns
    09614c4a0ee6bead24ee56b6f8ea45b5.exe
    75 B
     151 B
     1
    1

    DNS Request

    astalavistawornz.sitesled.com

  • 8.8.8.8:53
    www.microsoft.com
    dns
    IEXPLORE.EXE
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    975164096c3dd51054b54f97970be394

    SHA1

    f9e6a16640962e7a96cacdff74d47375b315e456

    SHA256

    33814c36a9eb26e782df9b927baf177a1f505c4daf5550afb8b67ab5014c3039

    SHA512

    dd19200d48b1437be9adf3b609a2304925f30fcda2a95d6d94204add31d7baa40f52785b1212a1e4cff97a19b242641d86d0ad7a9c0a4ea0f36504a92ae3a598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    097c156c204a6a68cdad5853eea028c4

    SHA1

    7fd5a89ef9ecec548b4a287d1f351beda0893227

    SHA256

    248e7db0e852ac21dd7ff4a5dbb3f956d5ec8aab73cf7bfb2d01d9f49cc0b75d

    SHA512

    a2d0310bc620fdd8e3f3e6ace341dd4e6edc7cb995d7daf678f650aeb518348ad5155378ec1c3dd03dabbc8c2424e8b261d5e9da57a66c2f4591afd8d796e220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f040af9b5d89bb917a8f7e29e5448b01

    SHA1

    aa45c9c589d9c7afe3664d178ebc44ded2ee7c53

    SHA256

    90a3530b7eefd8cad513659d9f45cfb66faef0f31cb3f5d8b5d139e2a3183aa6

    SHA512

    aec1c3cd1b041a93ffb995fab593ca0363d3c7495fea31631c7161d1241e9b206f2c443edfc079388579b15ebab6555dac46e8b2ea3e68aa3045e572f87adbcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8137e139f056840299ba386717bd24f5

    SHA1

    319491901518b91ecdce1b5de6e2c6dac234aea0

    SHA256

    a7f5a481115dd00343763a5d5a508f6948c5183ed51aa0b94d1064ddc4d37b97

    SHA512

    fd97f56373d997fe54ce9361306a5a778c216764a617f979049d2576380630f3fbc88f30342d0aab2f0f3cee039ed819ee96d2c753fa97455759be23738e4c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7be0f00837166b6c062893938a0481a3

    SHA1

    5a8371e4867d858046ea1d8d42e63e49dda06435

    SHA256

    02dca3bc97ed0dbffa3f1821c0f282ebe9ff7ad17566f021805c7c4cc26e401c

    SHA512

    11f724ae6e7331bb9c5e02bb38119eae7205385fad1e2b46f7f4a29f2ba5ec8ab772d1d2256ea28dd987dd338be7ca23d099f710913777b841af4fd83bf05c8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb599180e0a6df57a95d6be4da64c18c

    SHA1

    abd5defedb9659aa4d991fd052f9ba05919f6025

    SHA256

    9ebc5100de66edf34f7dc3e82b432a53ac0ae5f21083d88c87bf4c08c0609e55

    SHA512

    37c9b85b2d9e1c1ac998a7f3d250307bc1a801bb340e2f9ff1f53dc0135ac0f43ce394952d141ddb37014c6ffc9d0f070ea249618be14f2aded2be8661a88829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c46c6c9f101b43a4cde22c9678a503ea

    SHA1

    28bf354bea8e0a98d562f406e527239119783d74

    SHA256

    0ab41ee0169eb9582f95e53a0e71bd2831e59e541b6246e54a51c11392c384fa

    SHA512

    5328c9b06bba454046170a0fc78d394ecaac4c3326c393f974fcfa62b14c237d086db452740b5c6e5825f0302a6ce5a6fa5bdb70d59e59321c838665058b7dcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • memory/2928-29-0x0000000074AB0000-0x0000000074AB7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2928-3-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-26-0x0000000076C60000-0x0000000076D50000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2928-25-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2928-24-0x0000000075030000-0x0000000075038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2928-16-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-15-0x0000000074AB0000-0x0000000074AB7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2928-14-0x0000000074AB0000-0x0000000074B08000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2928-11-0x0000000076C60000-0x0000000076D50000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2928-10-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-8-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-7-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-6-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-5-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-4-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-27-0x00000000751A0000-0x00000000751AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2928-2-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-1-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-28-0x0000000075840000-0x0000000075846000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2928-0-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2928-30-0x0000000074A60000-0x0000000074AAF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2928-21-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-17-0x0000000074A60000-0x0000000074AAF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2928-19-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-20-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-18-0x0000000075840000-0x0000000075846000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2928-13-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-12-0x00000000751A0000-0x00000000751AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2928-9-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.