Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

396b93695a...b2.exe

windows7-x64

7

396b93695a...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    396b93695a362b51e3f069a65fc351b2.exe

  • Size

    284KB

  • MD5

    396b93695a362b51e3f069a65fc351b2

  • SHA1

    800ce16aaa0bb232de55d9ece842f547c34b69da

  • SHA256

    ee588a9db219895e89248d78417ad33ea7c9ff7f81b25f1520bd3c29322c64cf

  • SHA512

    1d248684ae2faabba69989b26d64789249fbbee8ba9cee583e3115737c91abee9435e366bffcbe727bc493c088af9c49e890afa602a881bf67f7a482d0fe148b

  • SSDEEP

    6144:VNDEsVZaPTpz7pGNa1z4LwsZ+QxPdGk1N4WxxUUFZMGOduhD78LF:VND7CPTl4sFywsZ+APdF4WzLF2GOdu5G

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\396b93695a362b51e3f069a65fc351b2.exe
    "C:\Users\Admin\AppData\Local\Temp\396b93695a362b51e3f069a65fc351b2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe
      "C:\Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.sexy-roots.com/member/exe_contact.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1728
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    314fc5adbb41ee9e0c1e7faf0fd9c0a1

    SHA1

    1e503d0e2cd370713d76d15532e22535d449e870

    SHA256

    b38d0c97e94aacca1816f70c046c8572f7bfc7480ade1667ef09457701963fd9

    SHA512

    ac1bb04a1ecb090b2272931867abd20e6e654d37783314fb2b7fcaae111a2065e4235e264bc074bb3e673abcd5954b2cf217d846c13d184dffcac268e9018a6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01a920936e787bbe70292b3d3fea2317

    SHA1

    f13fdc2345e476bb55bcbda0f7e78eeb0babb851

    SHA256

    6143fc87e576d1075a6f29dd24b44d6f7832245ad788f23654071d9b88a41d1b

    SHA512

    8de1b08b1ece9dacb7976a1e0506bbf27012510ea3a5985399404574a630ed2ad2dbe8e447526853ae2eb6ff3cec67cf765a3c0af990113494cfca7c3dc358ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0cea99c124a2f9f5db865d6110001a5

    SHA1

    6fe2193594d088bff0c8c5807aa2599d04fc0f02

    SHA256

    e5cc7a7e9bbacad653f16169acd7058305cde0811b31f9694c45588524ede550

    SHA512

    6343b160aebb8c37bbaedd5c9b8378340990d0bcf1b67fa805b107e20edb4344cff1128853eedf48d8692c31e9a180980fc64ddf05edcf82b420552efdc80fc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ec991cd0862dd7a277df00be8e4c908

    SHA1

    62ff337a38dc3d6a240603601240c2a6400acacd

    SHA256

    aed1181368d2d0dda53d4dfe50750d675a089448543319f9422c36f41f5d2e9e

    SHA512

    aa5d68258c49fa4d1ac656db331a4b267e775c3b44f498a9e8104e37a211b4cdc1a00ea70bf47b6dd6758bb79db27a17cf628a90b7ad041d8128775ca4f28cdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f145d537379f94ee26cb8394b12e0d8

    SHA1

    4e49aaeeadb0655d5f652342ce70d7c66f646832

    SHA256

    03d0f7a40c8dd0ec3bd47b71dd0f1b870488d23f7bc1626edd42000c48718a2e

    SHA512

    cb068600c66789742bb64d2f9b2afb8f2dbc09371e0175d57307b511727e16b6a820cf520abb4639cef451394d8d34a3c1064389753e01152bb176edb9a2fc3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a71caf3256e4b1131231d42ea5ea9f9

    SHA1

    eabefc189fa556bd3e154957b11537c0f0d90506

    SHA256

    d6305eb40c897eb99ffbf95f5fc029fa9ed3434e05b8a2ab67cb8b55931f14ed

    SHA512

    75bd07a45824db84937fe2c5a724edc79fbda76ea244e4dcca175d6205728f4fe453c8d3dde724a9071aaacb11ea718a6883e6d52f74adf8e1cec4a05fb71e29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5814574d4358ffa47bda0fb1acce17c8

    SHA1

    1bd766f4d72f35d09170d1b271b68107525de0e6

    SHA256

    429069b78c11b0a5ab03ed5359add992623ebc0574cf684cc3ea6cd0ebce2afe

    SHA512

    1b6c99b24b6bc12c4f37173f8d5c02545ea321f2fc8a2d6959f5101140b98c9e916329b1c7fcb168c49c6e696356dcdc884a0dea4a1e5aacf0b4283065a483bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    4f09c8c8e0bc9359e8973455cb83b704

    SHA1

    5f449cfe4ac2e00ec0300523774dc09f71bf932d

    SHA256

    9b4cb3903094ed60f6b84903f16aa597ae418b95f8e5ee6e80382296736c62eb

    SHA512

    f4572c36996f543e32ed7ebb7b4ec620c8b2b12238d4df8f8e1f8e34d1c25ee611ea836eb734e684f39936a66379c10cfd1634d347f9e8f6743da9d52dd9ad70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar43DA.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe
    Filesize

    284KB

    MD5

    396b93695a362b51e3f069a65fc351b2

    SHA1

    800ce16aaa0bb232de55d9ece842f547c34b69da

    SHA256

    ee588a9db219895e89248d78417ad33ea7c9ff7f81b25f1520bd3c29322c64cf

    SHA512

    1d248684ae2faabba69989b26d64789249fbbee8ba9cee583e3115737c91abee9435e366bffcbe727bc493c088af9c49e890afa602a881bf67f7a482d0fe148b

    Download Submit

  • memory/1172-46-0x0000000000400000-0x0000000000786000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/1172-14-0x0000000000400000-0x0000000000786000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2436-17-0x0000000000400000-0x0000000000786000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2436-613-0x0000000002B30000-0x0000000002B40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2436-16-0x0000000003B40000-0x00000000045FA000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/2436-1-0x0000000000400000-0x0000000000786000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2436-18-0x0000000002B30000-0x0000000002B40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2436-12-0x0000000003300000-0x0000000003686000-memory.dmp

    Filesize

    3.5MB

    Download