Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

19fa4877aa...a5.exe

windows7-x64

7

19fa4877aa...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19fa4877aa1c78adeeb533a3cf2baea5.exe

  • Size

    32KB

  • MD5

    19fa4877aa1c78adeeb533a3cf2baea5

  • SHA1

    d75afdd6fa3aa0ba480c0bfc4eb7707fe402ca78

  • SHA256

    f93189551b6350bfccca998a53d81d334493c4a5f614f433dd5d3eced9593838

  • SHA512

    a02956daa8c63600ad320894a7059c4c55e1e9c459bc8b967c63ae3ca69d13ac9d6be632dad53f765f33b57faf6f3998d7c9c37bccbc590c288097b59c70de99

  • SSDEEP

    768:IGMMYw0PyHD1jSI4h5lgFrcP114lZaQv4cpSnbcuyD7U:INMYlyjAI4rlkcd14lZaQv/onouy8

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19fa4877aa1c78adeeb533a3cf2baea5.exe
    "C:\Users\Admin\AppData\Local\Temp\19fa4877aa1c78adeeb533a3cf2baea5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\bKfSEOabB.js" "C:\Users\Admin\AppData\Local\Temp\19fa4877aa1c78adeeb533a3cf2baea5.exe"
      2⤵
        PID:2320
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:1258512 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1176
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:1389595 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b31eef1e047332abd4fb2eed2c0c141b

      SHA1

      57ae891ea2e2f6e31d5876480e54bddbcbdf5811

      SHA256

      d3f611adf3c759ad80b780ad2b89fcb7453643a9e24503c4ed38a058cb9f1656

      SHA512

      d86c4b5ef48cc8e6db44a26438d8e6f4b223b50590026b99e5207d9712d7ec84f398aaf45127f6630965eb0155e4adf8c5058fb0db8e4372c45a9b58bd295c7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      82dcb2f438c7d1ca47cf624484c7c525

      SHA1

      29ef05cb4f813ed17d0e02faf2fed1297f64f8f9

      SHA256

      3d2da6824455ff32c925f395c8d8e06e2781c490c9dfa37e88ffaf355d986e83

      SHA512

      c775bf1662803f0f45e272f7f2fd960af2bbcf12667cea15a53bff8c032899c8757f3fa4988c119fdf9216b434d8c2649273f432682247022f5de0447110cdf8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3509a806ab89ecb93a0d18ac5fcb8a70

      SHA1

      6b94e26ccdb3fbca6e8208d76019d600a70c195f

      SHA256

      059ac5cdcd944a9ba3b90244d76d015b0502275972b1c3230a64786c37c4683c

      SHA512

      1ddbeab6ce412ca50ba44643cae51e5b13f63ec479cba53110fe90c3b4f4ce3807eb261e6ee75b1596c79061a638bcb0a0ea284022e3b6b46a9e4dd4456efc04

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      68c289cce8871abd5ae82c254b8d3c41

      SHA1

      7c077ddb97dd3227bb315865fe90f00df491caf0

      SHA256

      2099473414a5e507cf77e9c74beffdb0861d1bd7a14ef6854dea12d7c42ce21a

      SHA512

      8d8873212a9933e22c4f1a467340f3ca930f462669dc8dca250d711ff278127515c0592bfe21bdbb6a0437e72839a80839c51e8ab3ac2f920477b4b174b6a629

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      124058a13b616b6844f75fbee8a25e5b

      SHA1

      9753a6eabcc0ffde8594c095a3c2c0cf9c0b240e

      SHA256

      33cd8bd668d8e4d258355abd569c00f5d8b75d528047a3ae7d35a68c849e5eb2

      SHA512

      d6280c9f2e6f17e9d0ca9ec75d9d5162f3e0b3e2fc8f4a826d58fb439d2af78316fc24ce7106265fc626a5b5a43024e49bec10e2fc0a5f6b2984da7589d9ca17

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a20bab6feab23d0dc4c62f1cbb3e3321

      SHA1

      52db3a1223c13a592f4d8c8fb3eb3cd47130b0a4

      SHA256

      624ddc474c89b380010515667292ad68ecd54ec38040fe6ec9e998239f29c489

      SHA512

      555889d4f6dcbb90e36d88668c0c0abfb7b273c8f95c4066bc6a21611333058ecbf90b662bdb166cc6a07771731eb3956a581fb1c2d03f52672dc440dd608858

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[1].htm
      Filesize

      291B

      MD5

      b73189024a094989653a1002fb6a790b

      SHA1

      0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

      SHA256

      014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

      SHA512

      1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA3A1.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarABDF.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\bKfSEOabB.js
      Filesize

      15KB

      MD5

      0675193a4d63893ba814e941ed10e663

      SHA1

      dfbd0e0525f99545e6920dc4ec2981a2e56ff335

      SHA256

      1cd0b8cac74843422570e54ecd42aab967b228aee1533658d4656445b9f03acd

      SHA512

      a925676e2e319f5575389e0e300e1f039f9ba0c5b3de16ec6a5da8925824bb84f327b8467643b25a6087217b42c1cf320d24cd78063897e1f693549422763c93

      Download Submit

    • memory/2320-480-0x0000000000130000-0x0000000000132000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2420-3-0x0000000000010000-0x0000000000031000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2420-0-0x0000000000010000-0x0000000000031000-memory.dmp

      Filesize

      132KB

      Download