Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

233824f841...8a.exe

windows7-x64

10

233824f841...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    233824f841bf6a47547bf0d741fc458a.exe

  • Size

    90KB

  • MD5

    233824f841bf6a47547bf0d741fc458a

  • SHA1

    fcbf05e0f648bd1a10e91890c3284dc653a00b13

  • SHA256

    e2eb111cb66d5c6ecaae532a841138e60eb25ae0392464634f14ebfd2c383cbd

  • SHA512

    074f52b361c1f6680a5a1330cc9cd191697ccdb4e30c1cffe233106eab1d108ae74afb910c347d0b91a0aa92b67b6132e9d4f3a343cd3e8138c125d1bb4f9074

  • SSDEEP

    1536:OYl5SI4ZL+inPsQ5CZggsnbFdTILy/wSUOTIKWZg4TxSZJjx6YGroB8q:OYl5SI4ZLBaVgbnELyNIfZ2N6b0B8q

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in System32 directory 10 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\233824f841bf6a47547bf0d741fc458a.exe
    "C:\Users\Admin\AppData\Local\Temp\233824f841bf6a47547bf0d741fc458a.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2812
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\myDelm.bat
      2⤵
      • Deletes itself
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ca2812e472d13f0794e04f598a01285

    SHA1

    811eb6f6a0270e6265a6efd159cb245938cb0fc1

    SHA256

    b7324c68e304a1ddbecdf7280798bb4b6066cadbe4893765a5d5201a372ca7bf

    SHA512

    90c182e205333449096936a7d8070cb8d67421056a167776948f65659f9a00a41bd723194258fe1492d96af84f92c5be2dfb2f7f0e8e7de1854c8f464dd34ad3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21db868edd5dc5be3ee5617c750f27c3

    SHA1

    52d70d4d5bc96fb367cdc220bcbb74b0165601d9

    SHA256

    f2312b112b2a3ca1d2900887a14cba62741aee6072bcb5799c834d4ba12b6d2b

    SHA512

    6700cc03599d03f9e175ff3fe9f780623c102e2250049e2544661f70b7c71c64cea0b2d3f3efe382a6776e07d40077fe83d864e89359e1fbbd5dc73e0452600c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a695e84fe34f22ab7dd4e4ef81b073c

    SHA1

    b46cbbd0fa34224c0f3f073ddd9cf66cc87711d6

    SHA256

    55c3b86936949370052e6b5b9ad34cc712e39d556b0947aacbfbcab45210fc44

    SHA512

    5ff707c0d36501d265a48e6dba3659a45ecec6030abf189a6c2a80b91f4c6d764fe51d0d181f522cbc75704be5607bb323f225d0844059030da8ae2f9873fd77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39d66a83c368ada9b36afbac19bd1e98

    SHA1

    08c32e21b28c0f7c3037de0c68c8c9ea15c66628

    SHA256

    8ceb41c72ae1ca9d6c55e5a975f98ba1d61c0c14427b8f4497b5b3a8511393d6

    SHA512

    44cbd10eb16e7f74b1ba242983340804a607c6e490c8907d3ac638ecdfb8f2680051feda5f86f4d4346cd6c2ae4f20d807d750b424c934617e91f4041393d6a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6925faa267a2eabb153999807ed4183

    SHA1

    2899ff8a363f646f2d581ca81b745e59251d0e1b

    SHA256

    0d6a0ce16c3e8d506511bffc360cbab833fd27d5f66a924cf6ecee169226df46

    SHA512

    c8f704d322c2a525ee1790df3256817a45a5f4d14e401acdfc0e18d9621d2057f34a2024f9ddb65d12c3ab8497e902c27aa57fb67dfa98b6707090c8625ef436

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    954cfe22ca8ce4ec581ca76ea9c40d75

    SHA1

    0965be574f8dc77b76f770f127a01e59e0f6d1d6

    SHA256

    fde27bf6bbe02d9877c120979e47667d02d647ff506b616ee66d7f6205048e65

    SHA512

    0dba2f6e1da220acb8963437eeb751190730b21d1236a6bdc745427710c60cf6e60fb27f966e97310793e72902ea79a0f438d2f2a36fab95a9779758ccfc8066

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8432e169876b2c8fd67069b096314281

    SHA1

    73c75bae03c84582d3b6840fa6d35159a2dca5f2

    SHA256

    45d408ca49da17aee6d3d9436e11619bb0f4f8f0d60220fd02f3223a202f820f

    SHA512

    02dfcaab9a9d974694ac7705b83c0e450a724e0700f1a2dfaeba10cdcb9008b88d9ca6ac6b0c7f9ef38bdc0b5405676db25b9f3da2864bead150f525ab25319a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbf852cb851d16f7d604e824fc1ea1e3

    SHA1

    b0a09a816e765aeac609c6468f1f8090b44c2610

    SHA256

    84a2f5d798cc2c0c4ed4e9f4ad60c6e3959f1721f782801fcb4e62f528b4a10f

    SHA512

    936bd71a95313dc3efe004472d983505378668b2f43c1709e11e0ee5001a336054f321653aff6e5ddb608b35b53cd6f4ddbe29338b891883bdbc7e9f2a88c1ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54d649046ce1337fa62d142f286b3912

    SHA1

    8fba76c0ec99afde5a0b880e6801ca9d34c4b5a0

    SHA256

    ff403078d1770070c83fc935ab81fe7373ca86edba9cc4bb83e8252c88872f18

    SHA512

    be510f35265360a6357da65a4ac6f88b53d890aba2cf2082a3af829b77f322bd4e14033a5b457def8bf04913500a5546b8dd4058b6ef6a2921f8f0ccbb0a44a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    62894ff012030c29d5b09f52bbc4b134

    SHA1

    fe0835554db31b7cf56c62a8635538e331d6955c

    SHA256

    f9ffad78e72dc704d5f2762649996b6f1b05b3f669f39b917d77517c250d3fbe

    SHA512

    24f3c4e31294eb9cc213d4f8e48423c695b7e7acddf7a9f71c9ac179e23da890797f2f1084dc44412e8eb11024423dc19e0444a9d00ebf7896262451bfc54e59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e8da2854768060d71ea8b6b10292ba9

    SHA1

    0430f6c526b87bdc5fb7a22d4bc2aebb30874dda

    SHA256

    5302da0183ef3adfc2dbe7ff5a0e9dc08a612dcc6efece97af9bb8b015fa8172

    SHA512

    12426ab44409148557f9ce58d39fd7bc88a85adc32f58bd2c85b889662b8fe3bb4a2c7c7a5e9e843b789cfc99958c2e4d79474805ed271f5aa2f4c8ddd205de0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5E39.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar61F4.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\mywinsys.ini
    Filesize

    336B

    MD5

    7163770bc735df609e439f14f96c3682

    SHA1

    e71d793c8faa359c8ec18dca33d5dbb5d2eafa39

    SHA256

    da0ee050db90259788dc1950bc28bad6eed3d04d976fff338ee5410a92f1e4ef

    SHA512

    3ca1ab4502b30b2b065a26f8d3b8dbe3c1afba23d9454e94af59395b9fc9f02b7dab600864ac8f7070f08362cc6021d50d213975a4805eb33e981e15b2cd6766

    Download Submit

  • C:\myDelm.bat
    Filesize

    184B

    MD5

    18b9538b8feb8da10fd4464559e19c3c

    SHA1

    80adfe01c77be34254c605a7f49c0a09a87e4c52

    SHA256

    038bf62d7cbc8645aaab8fcaa6b42aa9af9d42a300e8f36a0cd29f3105808aa3

    SHA512

    df4bfa77dbd07b02b369cf6ed361cf83abf39dcc5909ca63a699d85e20d5bbf4ad49472b1212a0dcc0f9cc40a45059308d60e1e38a674d3ca324f6469e116b4d

    Download Submit

  • memory/2088-78-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2088-1-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download