Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4195cd13ae...49.exe

windows7-x64

7

4195cd13ae...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    17s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4195cd13ae240dd144bf627b81ee8e49.exe

  • Size

    151KB

  • MD5

    4195cd13ae240dd144bf627b81ee8e49

  • SHA1

    a38f52c59da5821c0c1e5f1c92f660abde5b444e

  • SHA256

    e00ac013c19120cbbfb1c81667cf99b131641c7ce87ea085bddc618a11bf11ae

  • SHA512

    d7873f4bd4697e964773006e011e1e0818a13ad3f12f696a4426bead2e764a539efd005cf5fd4a63dbb9932bcfd92958078c1745081ac424ed1ec3d2de5d89e0

  • SSDEEP

    3072:IqC0ClDtQ9dWAZncM5u94tMOY3Dl4yST8io6fwc1fTwyP:IqCJDtQ9dWAmM5uMMOY3D5ST8iHjfT

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 23 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4195cd13ae240dd144bf627b81ee8e49.exe
    "C:\Users\Admin\AppData\Local\Temp\4195cd13ae240dd144bf627b81ee8e49.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 160
      2⤵
      • Program crash
      PID:2556
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\kmD638.bat"
      2⤵
        PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      c0ab978ae1652b2066e8079efa26ce63

      SHA1

      c781c1ae289576f905ddda98c85bf232f4ff9b6a

      SHA256

      113953604f371e00e66ab1a01b2f641a0ac8b41cef0becf293620c21579b7098

      SHA512

      ed7b31f5ddd30207ba7f664ccc249d526d12e267655b4165aeab0e1bc88aa505f4c168993f94d091d4bedde1c2b4a43aa9997d3d04b9c133ab5509f82eca97be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      446de046dd055ff840c1dc3032682fa4

      SHA1

      15b69e886bca7751e887dc17ee614bed4425b4c3

      SHA256

      2156bcc672fd3db1abbad0796d1f366efb9fede195430db93614445ea083fabe

      SHA512

      a2b7208a10e4af4f3fea82ff2077d2c676452545e58366beab91800d83ffe420b9d1ffd48c30fbd8fa29a7dabd440fd59cac1fbe78a4b1ceb652d69a5b814ca3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93ea8e9cfda806c3c0e06998c6886f98

      SHA1

      e4b26798c6fa9b67032e36c917efbb1b2e7bb106

      SHA256

      dd0bae7d21d8c5a4f250f25836f70d35c59099bde2d2bbc340f5c5cd08982f9d

      SHA512

      2a2805334542ee2e4c04d0b13bf4b605cabe08171c8df98bb74b8b026acb60c9222438829e96b8ebdd2e08b07f9f69d780b6e50abcf156dad25f7d2d4379d7c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      16e70cba55d863a7701936d120d2e3fd

      SHA1

      6ee9dfc5cf47a091ff40528b84bc69e0ecf4a28c

      SHA256

      4933a524da9d67f0ac709a5b81520a451de05ef838c68cc71550d49e23889f8f

      SHA512

      f32d4c25b8cbd162802e4918cf2c29a6f3bc1e5105e8a3ce05b4dce85affbeb8ee760232c764afdaec84cdc140aef3147ccce6a677e5fec015825a8f485d1b02

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a4b9f27cfcec01b335fd311d488f61b4

      SHA1

      3ff98fa7f7fd1011709749a6d9f6cd06055350e2

      SHA256

      9f85dc0b6bb4ebc9994168e87b7934e420df3bf5c3ab5b4443070c9cd859bda8

      SHA512

      097935079172cdaecda8495c7d11c5b1987d0a19ee196b4fe676919edc64d0f3f3f7cef99b9ec4f4eaa53f68b95a11905d4443adfcb6f9ebf7f96aab966e6646

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6152c1d09696633f49f822c3cceba33f

      SHA1

      c265d508831e2407454bb245a35d242afdae51e7

      SHA256

      7d8531b01e74e62649e44d2ad9269f57ce58f112b9d365cead4c719a75fd9c85

      SHA512

      95ac0af290f159f0f4f779b3721cdb35557f89ff07514016456ef06e066b263185422d6b81153f7118c320f465fe8b5582149449b3faa2ff1c513ddfb8512ca0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b6fdb6ed7bac0aa35580df6aa52521e

      SHA1

      1316349aba1a041c57bd9fd0107d8369dadaa201

      SHA256

      50f706b76c95d384144c6f277b2e6cec663ce1e88804430740d91988cb44df8f

      SHA512

      937a05645cacf89123b1e050bb81459c8adbcc96ec6716642b1d872da8f42c5ba7ce7f474c32a0acf40a6203bde739b3dda58bc92bb64dfbbc5dac6ad2e5fc1c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a89068cc7add25266c5ec042a4536e56

      SHA1

      50829fc7740744593513543341774f09e7048427

      SHA256

      09fa1410c1b5584c9a32e03eab5e78e377d911d03c8eea72b199ffe06ec434ad

      SHA512

      5d663d3bf6a9953da8c146f5f95b05e8eb0b63b1eb941f2299f9024c0a26cf04e0ded42de15dfe0b10b7cb8e597457b6705435bd7f81faed2216383e3fc3aa4c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a91e580eacf29e10a2b95e2d4992ce5c

      SHA1

      90833d2133334f798ee83539c40cf52340c65d7d

      SHA256

      3366efff8226c8c25832dd51505d939134a808f0478137dd787dc80b8e5bbbd2

      SHA512

      1ca30482b4886e2b5f6a1b00fe34ece38cb0e22cfd40a962f6c795e793b35827b75ae5a55374471a4c469be2eddad4eedbcf444ee0ce684fbb74a82b5c79276a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      08755c5a120df9fb03d1a20ff72a4e17

      SHA1

      e063fa7242a5bf141212703d4f08c224a9b28016

      SHA256

      9303e574805389bbffce4ec39b8b5fc802607655814ecd12a898c340e7b46486

      SHA512

      9b03b9606af384d668858787e62ac2135ce19a2c5c9751119e6e75d39634078c2e5e6814c3cb7119cf58b0950d80d0f84a8ca36d65a282471ecd0b1ebdc12ede

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8FB.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\kmD638.bat
      Filesize

      185B

      MD5

      e36044dadcd7c2f1384d049a90a48d03

      SHA1

      b3ddd86c51ea2a327df0ebae3873f255eee959bf

      SHA256

      58a326cfde83cc3a7a0915c4b15d860a6dc2d64640906414e169a78b91ab2a0d

      SHA512

      6fff08f0094eb9a6eab80ee71c11cccc369751cddfb30a5c0f18b79e39bc42e6b6769b5aa93be500fcc804e06e9e7976e2968a9e8f59655cebf356b2082f4041

      Download Submit

    • C:\Windows\SysWOW64\winorf32.rom
      Filesize

      80KB

      MD5

      c702ee2a71bf754298e27f472619febe

      SHA1

      7ebcd72777574248276150f6f626da8c5787104d

      SHA256

      e704d398d8877859c21bad0b743c8070f368a0942c4481814b4e59f286815b1e

      SHA512

      cda88cf82008d7f297023f1447b95e89ae144d4474fef4ad8287f2cb7fea35f563ac010aa0757758436554fd14a2cf6cd7189ef3445ba19790423964c1a197f8

      Download Submit