Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

3871824518...af.exe

windows7-x64

8

3871824518...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38718245184746f131ef7b4fe08d6faf.exe

  • Size

    160KB

  • MD5

    38718245184746f131ef7b4fe08d6faf

  • SHA1

    55d7f8be2c2e1a9fe01e1e448137f1aaee76dad3

  • SHA256

    7c6ff03fb7195480f0cc40cb6f33e08127b2a6777ff4648fdef264df79b3c194

  • SHA512

    9e74efeb53b0cdd010f6f0f81d3b658cafa026722ea9f2007ff8fed64f9aa97ce4a5a779695394729683896950e6ebc5463d0d8c88f05d277f2a85a612774308

  • SSDEEP

    768:tesigqKesigqH9wp42PVqtTfVvHREDBhRlC3IsOaQiBFfFtr8xoT6j:obnc42PVoZRUBH8ROaQiBlzn

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1340
      • C:\Users\Admin\AppData\Local\Temp\38718245184746f131ef7b4fe08d6faf.exe
        "C:\Users\Admin\AppData\Local\Temp\38718245184746f131ef7b4fe08d6faf.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2764
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2820
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dfDelmlljy.bat" "
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:2500
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\zyndf16.ini
      Filesize

      129B

      MD5

      bd50afa2636ed5fe184d70e0543de22d

      SHA1

      3594dcd2e612f539167a5f6a2df285b1ae665924

      SHA256

      66965bab1a8d8fef779f51322a100ea7b582fd040d42116d0da5b7de77ce9294

      SHA512

      a7263496913dbd034e0e27728ce7e59abadfcfba40867647e476c1434bdf24e3d3f8ddc3e2dafa2be58ef9d941770185e1449fdbdeaf8b3ace2e20a0ca581572

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c27a56f1ecddca57aa2007d8eb77d01

      SHA1

      9c71269b6099d1e961ec5c4dcb28ba65f14a5ecb

      SHA256

      329896257b8fc9de8549c352770d913078f33efe5df176389d3859e22006fb99

      SHA512

      15aadcab02aac687d9eb59c09e0997d8a7c3d06abd1dc219662e049620e2c76cc883cee04963ce36a94c184665eb5c878d6eb7f7af6959cdcdfbc951768651a0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      63cec4e3f8f46634a4c8cad6ba460fe3

      SHA1

      ff15c1bcf801363f9fb44a7d179741669a9a4002

      SHA256

      53f536387b73620250e35e7f64d9452857e2e1c7cd43e693d7fef9651f954c39

      SHA512

      e2ae843be9ad5ef0ca9ad7c3cdad01225e977566335df9c3e5c9a7b62a3ab4c1ef56233a47c3cfc191bea59aaa6207c53db7881655e28b8e2bbcb2fef0a10137

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      25ef45acac1ee9fa59f2326ef9d58cac

      SHA1

      54e3f54728e8c78c5f6a018a2b24549ffd8ee808

      SHA256

      16ac7a1da2aa9934115853117fbb39fe3450636512ad84bb68c259161a084380

      SHA512

      8c967b9570ed4a3734f8b1d3695ada100df2ee1cef9d0ba244af98ff485cbef7cc214651386e95022d3ce241e2fac165c7e706d1a39b4cf2da03d4e4b342db13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9574d21105388d12ad2086c017f16ae5

      SHA1

      303a5c7571987a005ae2a0aedaf88ac599398a82

      SHA256

      78407bb25c11d1d6ca19b3a4d222615202fe1ec118024b7234742794aa5d43b6

      SHA512

      c44d4e21e1ec951a5344f1e61c2d8c05065169dc25077db9c73aeac59862eb25b6c68f5e2311b1a967fa59f031a48a7bcd470a924218ecdc4333ed03b276194f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18f3423f8af5d82c59146564a7796d3c

      SHA1

      9641cd55eb535a3f54991b55a298022194288c95

      SHA256

      e7aa5eb3f0a97d8cc0d5691c5e698a8a0cfc61c715e676a3febdc1290a4f1b05

      SHA512

      4115033b4a301110cf8489cb32e9f1f72b9093e131b8e902db1253065edef8d7b5384adc06d4de8663ecc6fcea48ee67b879e92267ec5e177ce2e4ccf59d67ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6504034e62cf0497446c4b6085180433

      SHA1

      a645092b69fca20c6e508f6ba3a541bceb4f7a9f

      SHA256

      b91f5acaf32997158308e58e6952d2ae181bfb00e6ae6031356655540d654030

      SHA512

      24e2e4123d0a4fb830bc1c3c8ddd8b0ea3dc1a5342e2ffbd866665349538dcaa5e9836466740b3962ce3340327669aeb8c0b656170cdc63db218b3ca4ad18dc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      35c469a935b69bdc9cdca6c820fe8635

      SHA1

      89c9f984c1ee036e3628df3fc98b8aaf228a7285

      SHA256

      93a25a985f1522c34c564f7e3a837b2ecef946a7abc7f106abb56ed662971750

      SHA512

      9370dabdc195dab76111f76695b357997282d43743a3eb8b4eae4e5f6ecc2fa03ace58801c1a7fe0e4061e7507da798f450a1328a4ba071d4e8419dad4b3bc86

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      444f6a822720c73ca9f785e11e1d6538

      SHA1

      20afe368acd10f811b24ce6f044cb86b63638e39

      SHA256

      709c2e384745befb9e27d3f051626b20eedcca7fa242bea884be7be971098bc8

      SHA512

      605c810f3dd9747bc35c969f3b88d60f7cb4e576a8bdc2bf23731fa9a10863e0a1a7d89f0ec3cfc56756a24efefa2edde3c8c40e20a72eb0eeb3d3f6d347ccbf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0d7593896fd546a565f85a695e799cb

      SHA1

      146033825745fcd16eb7d3141ec405a486fdec91

      SHA256

      6a0353b2f0cf9b6370b0034a72785d07631b05b94680f68b91e4b25f3b415de4

      SHA512

      da32b47c742a141842766601dc65f9e77ef91385a45034e51507a1da3606efe987bd37f0c086ddc9482aefbba6d70b006b5940cf3266398811b8f6bd7bb74c32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cc32e147cb28b73c3305c5110b5219c8

      SHA1

      8b21cde9d5a574fbfd33b9ca6c2a9d2cce79dd77

      SHA256

      203b983fe3caa667923c4b11a5de7570cb9a6181a48d11f410d252ff20f484fe

      SHA512

      c794a375adca40fb6266edf57f9ce122fded009896f4857104f18b5a628269846feff66f1937e28ff0b3d7e18d615fe7c1e07032007dcf9ff3876d5517cba48a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ca2d867487ce80c5611b7c792d76fea4

      SHA1

      ec2f034b46d9d714771e5bbe133aeaf9ef7acf63

      SHA256

      b05b239680b6f105d8d53308337dfe7ed0b609a2c355a7d54bc4e30dfaf2cef4

      SHA512

      d872a6b69a6cbdaaa19d221877472463feb306023f9b29a15655150e78ba03742921c3c8fc975f550b5060513a71fb4833d2aee66d8b33b9c0934f9cd3cb0411

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2c011613933dd16df48f9768a87408ef

      SHA1

      a77591010dafecf3a59ca8e80c4801eb863ce0f7

      SHA256

      0beef747b8f1e3aa802b533ff13201544c0cb5500755c23f1621ec3c4ff259e8

      SHA512

      cd17076493a95123f26cb9e737852e8da9c6bb3f5ea81d16ea3129c22937d65331c0563daae91e451658ed7ffd905bb0207274a9dcee87f203452fbc8cd17486

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      429dac8177983e5090b4fafe3611a163

      SHA1

      81336f2b7320ac196fcfce88a7f4a3b0b741bc4c

      SHA256

      fa3e61b6d25b8a5a624439c830f9625decfe68809f9c23dde0468d4f75e84d77

      SHA512

      cc8cfe2a884a86d98b6360e33e549b989d8eb5a983a9a27901521d9c5354c0e957ad5329e10013413afa1db97860b54c046639a71aa86115a6c2391065431628

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4a3072e49bb8bae2ca26c8574275a7c7

      SHA1

      b2e3f28929cbe1a85de4e4e910f430ba7d5c11b5

      SHA256

      831d8b6e25eb3763556e1c721c5202604db74cd5c6424bb12ba4ea34b6473346

      SHA512

      0ec85cbbdda5adead6d22c1d4a37c31ad2b5420c0552d3c1803acce207472096673b057036ffee3cf62c7ae58dd4acfcfe6f18a8cb8f50b14b62ac74e041ae04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8F19.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8F4B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\dfDelmlljy.bat
      Filesize

      205B

      MD5

      9fb903a6496aa5cf77d24e91bdfd9414

      SHA1

      85a600e2f8dc42426ad84077f539b54c5d24e820

      SHA256

      685822aa62a65516b2e89a29e999384966b3821572a9eaa9515bab5da3cc7859

      SHA512

      a06be759f03efc16b9762a9e34a068acca933e1ae5b1fc4a957ec9088267e2ec557d75edcd957bc333cbed6d24997d560c01802540323d72ead303dfb7c95cdb

      Download Submit

    • memory/1340-19-0x0000000002590000-0x0000000002591000-memory.dmp

      Filesize

      4KB

      Download