Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

183ccd5188...aa.exe

windows7-x64

6

183ccd5188...aa.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    131s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    183ccd51888da52faaf6bbb22d689eaa.exe

  • Size

    1.7MB

  • MD5

    183ccd51888da52faaf6bbb22d689eaa

  • SHA1

    83fc7d6ec156ee3fe875da13b2946f785f9603ca

  • SHA256

    02a5f48e0286c3462301b1f6f323d79683018bb4b9ca869e2add59edc3762137

  • SHA512

    02c1a1b9725865967acd245ede2334cd785b7f1e6094b699c67ffb0690634af7768f4e9173278d276fa08cb0bc75948832f4c153661d7fa02f710cc2c6560f47

  • SSDEEP

    12288:dPlisTgjgcOB4RRHOJr/TJGBXUx1Qo0Bkr4XbAOeeeZeeeeEhMEr6CX4zistI:dlisTgjgcOI5UoHBkULAuaE6ti/

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\183ccd51888da52faaf6bbb22d689eaa.exe
    "C:\Users\Admin\AppData\Local\Temp\183ccd51888da52faaf6bbb22d689eaa.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=909
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2498a7d27f3a23be4222e2deba960501

    SHA1

    1ff905e707d895a95e8b1738ee31a4422d49f863

    SHA256

    a58c7e4987b3ce0abca3c58c812c4d0da203ee5397e201e41411e4304a34ef53

    SHA512

    c2ec69e382469e45b5296566fd6756ba2b9a523033f274ae75dbed7f112f6043ba16cd612645078a01a5150743ad83c14d9a4570c3d2068c792dbc8d522a25d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4193e080738f1ee7277f1aa5659b3d4

    SHA1

    7257d83e6f4fe8f6231f0b93865a48f41263c36c

    SHA256

    24a15f062e02b8fbfce758763849c3966061a958c9683acf3d2d32016c6ac0e2

    SHA512

    6365884b5766e6a99d8abcb4042f7c54a7638766091a67ed5070dbe024fd30113b5c030a83441673c80eb70f93c0a42e980bc787936632ce045b7cb18373a2da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7f8ce554808f3e9dc0a5aded8386e11

    SHA1

    f707782fdbee7ae219eccdf7c4b32560370961d4

    SHA256

    8346d3a8f878d2864bfb02492f3a27e3de4972dbdcfad463bc59b200407330dd

    SHA512

    bd9aa64460dcc4b97b55ca44b1b38b51d6f8e53f0f2153ccc8071f6f4d28af6f7b7573f513f49e711cf3a4abda529386968bbe8639d2579d59a03e6106f9c7af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d04480c20d0ef22344532a245261c4e

    SHA1

    5c4a216d6d3da86e5f30737aeb4233b01f3f0c25

    SHA256

    2f69e5a18f70ef66810278e78b551444cba2e412e3c3444d25189c3966c2df5c

    SHA512

    c533e1dbafafc296b50e7584190e02fd0be38995786c7f1904e678bfcc6d65406fae3afaa0e60e608072ea8526245de4fd2848eff621413f9ccee4886040e982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    207f5390dafd60734498a7218fd105c4

    SHA1

    f337ce1e8b708aaa4b871831bf35ddc53b836e67

    SHA256

    0279e5a7f42578740e00bcf5c6c6870d86284ac6504693a06a1750ac1d6a1eeb

    SHA512

    bf5a6f648d69c5b92fb58518b0c8c04121d47816556758db28ac5aac699749c19244d134bde3cd5ceb49addf01874e591b4ed77b2928d3c7674289d30478793b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d38cf3488b2eb0d5f344daa1ae763e17

    SHA1

    e775c96661c26dd124d823317e5b7b0e7e53f1e5

    SHA256

    91a0e10c19f22253201d465b15b5d342f3fd57038e66ddc1f98db081656b286e

    SHA512

    8f3675228258c66152e14792ef04abdc6e98935c87e65b12b081b13b48d2eb2ee2073bfd32676e7b012963edacc45d69ae0bef5438ebb3d61c61f38bf0fb219b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02c8921ab1e2f2a233c30bac400d9521

    SHA1

    909ff6353769126d95d45f6b2f2046845d5e8e08

    SHA256

    2b89ee386389ef5b0ceed7445e63d7b390c97e82377049721a0cd609352e4449

    SHA512

    2d467fabf5f2af76a300e39d98e9bfad89c416c21008d622c364326b2db0d578aa0b6d75fb9110db6077c4dcc9ef8f7d4e9786f5d6bf33dfa13abff983414584

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f4d21718676ff8d20a7122f3af34247

    SHA1

    afcf47b2a12b97b5e52578455cc406d59b99da5f

    SHA256

    f794cbf2c63605e442ab6138ec8e0e7c04774c85dd3f6804118225018e4391f8

    SHA512

    30abf1d7af31925ac64d243eaeb309b3819d13a3891e1f86809bc8af80010156460154252a50d9505ca3131b16210a21ad3a9b4085261e54d1a2ca8742abceea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd04baaad293182d4f676ffe38cbc3f1

    SHA1

    6f9d46d4b56350135cd8d96cbf5757c0a55e2855

    SHA256

    c7af71780e6115949f763aa279044f76729dbb47649ab2bbaaaabe2842e6f609

    SHA512

    852b5c4ae44ee00c17d69cbeb42b9b0b7d0c8c08bfdbb8278923e205e3422a5b566ba26a44568f7d5af225b9f62662f0edc17bdde81c8a1492ace1ced0437823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d1f3222d6f147cad23bae4d15dbaf15

    SHA1

    381fc30be552e6b7868769423dff457b0fb8c8eb

    SHA256

    ed0a3c2c040f0aa4da25c46ad499b5c43cb8f0d45cec27d7e10542f2a64b4da0

    SHA512

    dce1c6452b0b53bc9840e7a76e0312dd3268369787822f46065f3a9aded8ab122da916171ee38a62238921c187a632478b3e45ba2c6547b93dd06766d6388fe5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2C61.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2D0F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1664-0-0x0000000000400000-0x00000000005B8000-memory.dmp

    Filesize

    1.7MB

    Download