Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 07:46
General
-
Target
12833057a651cc13e0ca13c5e787e865.exe
-
Size
684KB
-
MD5
12833057a651cc13e0ca13c5e787e865
-
SHA1
91b893de10365e5103c0af1dacc3ead518bf312d
-
SHA256
3fa4dec95c282d7aadf80ea9573ad0b79fcc037348e25ba427000bb884a84afa
-
SHA512
a42bdd2ee642d8bc789641163b5fe5ba4b3d79322d9e079ae937a93a5841adcd290dd5c895ea2da74c24869aae8f6dc11ec9d0de9398cf5204824824f73bdd2c
-
SSDEEP
12288:QCspLBd4fGi46m/X9J1OaSYeGtpJmvtSvLQTtrcntmwfgEepwuNIifZ:gVUVm/XT17SYHnGqQTtAVfVOIix
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 24 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12833057a651cc13e0ca13c5e787e865.exe"C:\Users\Admin\AppData\Local\Temp\12833057a651cc13e0ca13c5e787e865.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" /unregister "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" /unregister "C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" /unregister "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" /unregister "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBarShower.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /u "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBarShower.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\GAC_MSIL\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBarShower.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /u "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBarShower.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar.dll"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://connectbar.net/thankyou.html2⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:17410 /prefetch:23⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" "C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regAsm.exe" "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /if "C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /if "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /if "C:\Users\Admin\AppData\Roaming\ConnectBar\BandObjectLib.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /if "C:\Users\Admin\AppData\Roaming\ConnectBar\HtmlEditor.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /if "C:\Users\Admin\AppData\Roaming\ConnectBar\Interop.SHDocVw.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\GAC_MSIL\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /u "C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\GAC_MSIL\C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\gacutil.exe" /u "C:\Users\Admin\AppData\Roaming\ConnectBar\ShowConnectBar2.dll"2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Windows\assembly\GAC_MSIL\C:\Users\Admin\AppData\Roaming\ConnectBar\ConnectBar2.dll"2⤵
-
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20B
MD5b3ac9d09e3a47d5fd00c37e075a70ecb
SHA1ad14e6d0e07b00bd10d77a06d68841b20675680b
SHA2567a23c6e7ccd8811ecdf038d3a89d5c7d68ed37324bae2d4954125d9128fa9432
SHA51209b609ee1061205aa45b3c954efc6c1a03c8fd6b3011ff88cf2c060e19b1d7fd51ee0cb9d02a39310125f3a66aa0146261bdee3d804f472034df711bc942e316
-
Filesize
1.6MB
-
Filesize
4KB
-
Filesize
1.6MB
-
Filesize
4KB
-
Filesize
1.6MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
64KB