Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

8

https://cdn.discorda...

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/843623892512931864/1191999377565290516/MindFire.exe?ex=65a77aed&is=659505ed&hm=f42bdbca4ae1c0aa2bf9c4549b6557f58e92f8dad0755bc1d7825c6f07a4d929&

Score
8/10
upx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/843623892512931864/1191999377565290516/MindFire.exe?ex=65a77aed&is=659505ed&hm=f42bdbca4ae1c0aa2bf9c4549b6557f58e92f8dad0755bc1d7825c6f07a4d929&
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2672
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\MindFire.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\MindFire.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d825243c95506885e8d7014facff202e

    SHA1

    84afaf4af5f6938617c34e11bac27c64dc0aadf6

    SHA256

    7945c1bfb1b41b61c7fab4bcb0e1d90faded038d2d528ae59689128cbfec5bf7

    SHA512

    e5f88e6cf5b55ce18ff4630705d3bc4ad246fca221667988e6c20b56374d3cce0b5fa1f6cc771e02fa50c13ef7f3a6acea30e8658ba3722d06665638a0dface1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    25066c8b32d0c6dd6a5f67eded008333

    SHA1

    fd96f8b4edfd69b95cc9b247c04f0a2692f42ecb

    SHA256

    cd79bec4b5c3a677cf172a65ac76259d63c23a6b9c8e051cf0d64f68abbb9a4e

    SHA512

    bbcad4642d1f2d57501d810c6a09a72d60c9ce4b12c19efee3999e08d843151a908ec5aff3504420c49b16abbae2de661786265b36279cb6f5fd00dc0d10f6f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e62336377ad7ef90019e497090d030cf

    SHA1

    8a8356fb5e92de379a862e836c269a1eb04d8e96

    SHA256

    42bd5d53ed83b588ec9b723d8e7061eb2d0c3c582aec59f735cd3521cf8609a6

    SHA512

    28b42a9343841f43ab5c3354493dca908e5f2d32f2dd3b3f9456ea39012d8a328e6d999d3cb9d3cc02464f2ee3ba2762489681236becf8b2fc214c115661920c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0351430d58eb8b70616dad5f9da2a452

    SHA1

    de53297d3f731628f930e1d761e3f0248fbf4482

    SHA256

    b13217857b81306c19135fe98920eb6333316421a45ad726bce532feac58397f

    SHA512

    27fe6e034d3df67d34ad2c58a5a866161222ff053c87e6f8e2ac5c518bd828dee4892b4068791a0932e697bf24100c8588a6713a066cda132b0c54472d4e46e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff71ee031cff6778377b7908a52e66ae

    SHA1

    7a7d7fb4be2ccfe8d300840b3c1997b0cab16f03

    SHA256

    276c945a6ce410cf0da2171bb2a011124b582a49bf98fff24711fffb0f0965ca

    SHA512

    e2eef063c089aa4c7043b1a48757cdd7469765285b9ea1278f72f6b19e3f55b5bce1511cfd2d226ea6b747637b113496587d84a3a9038e57aa459f830a9a9983

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a0c5c7dba178885f8fd9d07661d4764

    SHA1

    f3ddba8a8f0e99a3bdc9141dc8c35815a9337ad5

    SHA256

    de07c3802c8c97b774f7d8f50bd9c7f50247fea468fef7cf5ffd7967d08b859d

    SHA512

    9ffe5c417bb701f2f88340b65cd50331ca52af812937c325264087316c11f7ea67f85b962843355e5b9e4b731fbba5012701eb7c351a1f90befe2a7eebe63e4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1efbb4c2fb63b388edc9677ed3860513

    SHA1

    e94bb6b932e872b189afd2e3485faf78e8930d5b

    SHA256

    c968e6fa9ad50f62899072c7bce3067976d07539a4673eb155ad91d101677dd9

    SHA512

    c413491641010f3342026c15e34c1ddba9aa61e1dc1ded8fa2376d1b41c57184a44dee05b4d5d6c8e456cb256df4881b7a9d53a7a9cfd6caa189a35523b9fa3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\MindFire.exe
    Filesize

    5.3MB

    MD5

    2f41b62b8c7f9e0e080e64d3d25d4b39

    SHA1

    1797ceaaa9d76d6af5807ec976a8c6274ee7fcbc

    SHA256

    1f5deaafb5386de09c5170170e7cde2447ba7f1f9263c9e069b769fc5fd77422

    SHA512

    e1a41b539477adfa557f2fd609ca44216eef67c95ad5c35dc5e43976a18d541f9806a8d7124ae404954fb53ff2bc3864ef557c13e34ac294845b01f1448e7653

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\MindFire.exe.lx5z3tz.partial
    Filesize

    33.1MB

    MD5

    e861c67fddbc3ca87fc910a324ed5c7c

    SHA1

    d773d38560d0df22b43e86cb309b1b6278a0a66f

    SHA256

    a3b8c09e156bd6388878d57ca1ffbcd84c8de1f4b5ba6cb9e9e96364674de61a

    SHA512

    891ad8c7e2d202ca7334250c3049f591ccba38b4677cf183435555b540dcb3cde818000c847445bd3259725e959d221ea7e59a5da52360c4e7cbfa17b967c51a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab519A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5AD2.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\MindFire.exe
    Filesize

    4.1MB

    MD5

    a5757d4a6843e85674d931f0cb8dcee8

    SHA1

    aea69109df31d2edd3e423a2876af72c6b958e02

    SHA256

    bfd56486a3b13de7f4379c0dba6586a0979a007e92fb1c2402e22b44686d9912

    SHA512

    c13b2575eeb6c08babe905eb23ac9d330bbb1a7c56c706fdb9a721e5f56a1bd46ef33e7792f1c8fe8e48298eb642153bdbf87ed7eef7e0f78237b499020c125d

    Download Submit

  • memory/1492-101-0x0000000077C20000-0x0000000077C22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-106-0x0000000077A70000-0x0000000077C19000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1492-105-0x0000000077C30000-0x0000000077C32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-108-0x0000000077C30000-0x0000000077C32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-111-0x0000000140000000-0x0000000141914000-memory.dmp

    Filesize

    25.1MB

    Download

  • memory/1492-102-0x0000000140000000-0x0000000141914000-memory.dmp

    Filesize

    25.1MB

    Download

  • memory/1492-120-0x0000000077A70000-0x0000000077C19000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1492-103-0x0000000077C30000-0x0000000077C32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-99-0x0000000077C20000-0x0000000077C22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-96-0x0000000140000000-0x0000000141914000-memory.dmp

    Filesize

    25.1MB

    Download

  • memory/1492-97-0x0000000077C20000-0x0000000077C22000-memory.dmp

    Filesize

    8KB

    Download