Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

easypanel-...64.exe

windows7-x64

7

easypanel-...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easypanel-iis7-1.2.2-x64.exe

  • Size

    326KB

  • MD5

    17ce44a8181ac75fe9405baac9082609

  • SHA1

    fb4776761783c63779d5e3f32f32f5fed845c692

  • SHA256

    6d30614f604753572d48cc9e9f50726c1d9f715632e8437247d2b4a409cedad7

  • SHA512

    1cdef1844fb244a8b9f4d18ba7d58e2844343c817812fa6ad355fa67a908f4001e0140db773aa753b9ae4333376ca0c22109d09f75444a1ca46ba77439d00b33

  • SSDEEP

    6144:9/QF8Dz073tGyuWEqSCumIUCLLwlAtiasLnnrMsoQ:1QFaz073tGH2umIUCLLw6ti3LniQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\easypanel-iis7-1.2.2-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\easypanel-iis7-1.2.2-x64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\is-N3LB4.tmp\easypanel-iis7-1.2.2-x64.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-N3LB4.tmp\easypanel-iis7-1.2.2-x64.tmp" /SL5="$4010E,89524,54272,C:\Users\Admin\AppData\Local\Temp\easypanel-iis7-1.2.2-x64.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kanglesoft.com/forum-2-1.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2852
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e840a9112e13ad20fbd61bae68600231

    SHA1

    48647469b1d571090b5aa6e16b9eb3814401a4c8

    SHA256

    e0d819e5f047d3daa3e10ecac261419cdd1b5802629fb276b463d189026e8591

    SHA512

    b206cf16dc72654df13e7f46c0af812da7ab5f6d0ac5084e4cf3257119386a1cce4b897282b6762d9234c1481e326cc17de78fa76ebf07736891ece84d22cea7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    acac558b76157268d140a107ae4d44c6

    SHA1

    5c12c3f46a8ce504ee3a530897a9f0687ed4b503

    SHA256

    b72cb381d4553137fbd53c764b62fe5e8925549a2f4dfd31b83514fef827ea9a

    SHA512

    19a523bca1fa3eb2ed35907e03520a249299176d0564ce2ff46be10e3f8b38170daf3e73dcd296dcfc6504f419918612b070ed7f74789673913658f5109d24f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59fd999f6ab36b80daa9ab2f37d034c1

    SHA1

    4ff3ade9295374ac43e6a9ad3c84fa5031d58398

    SHA256

    2454d630a54e21d04f8b6c1689c631bbd8379723ebb68d94d5dccbe6061fa781

    SHA512

    27e954a452f3cf0368e0dc9c746493e19255b321d049fbf241b95bee45ec2def10bb664d130be69bfe39c1521f39d3a78cd455fe68407869c492d5c933769cdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab9e3109f3dc1d80f15f5991a155ed68

    SHA1

    aca356aa7d4d6127940554d03815e3061487e3af

    SHA256

    1944e27b34275b6ef6a1692fd32a20efbe671cd9a0ea380f3f880f4f31481c7f

    SHA512

    0dc51d0e32b142ba5fa0aa72326f3e243c1e55a1e3ad74f0c510efc6d94705e546fc460a00d10271ed06df74a0b343211b1b244f3becc9be4ae35c5d4cfbd831

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47cb44dbab3673205157340666c23692

    SHA1

    ea039871a076814aa76dfb254c82d0c0d42b74c2

    SHA256

    b07ba05c3c9e6c480fa5a033ffdc54a89a08a3773b0e029d24661b62715c500e

    SHA512

    8123fe83d27a31d5319ff0324ff6bc29ddd1b645b201f4e7873258e67219894d3b37ef3ca2ad951dad1ea4bbd19b0751edcd8de24e4194c682eb9cb1474c3f04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eba1fdb9cf5301dcc5a0f2aa5468b92a

    SHA1

    03be19bacfa632462dab41d3a9728d5c6fd68675

    SHA256

    a8a2a395b3517a5f61dd7839c9d067ce6e924477389019123e80810f0a4e96ec

    SHA512

    22126a3da21f9ca4f06cea1d5ab203251492b64eb8a5636e4ae9b77f4e3d45b49c4ec17066d7084adac7a076cc551a7a166a39904b80be31e4c45e01793a2c43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b38962e8d819b871f990d792fd6c04d

    SHA1

    224d910270ff0a997135a170be082982b6e1d79b

    SHA256

    6246b89068a7854848586311b805f88b8df0f13aba87da436f9a8f3f7a6ba51d

    SHA512

    0e119dc6b9386e1f5015a3d2a8f60e569f58b4be5505817a6391a94063cfaee08605daedb288f59d2571cb1b2c2b9f14b7ff8b9e8b2d7d072ab2707954de012a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    693d2a2e55cce696140f9ddec2f75b2f

    SHA1

    1c2e33ecdc7ec14f301496b6eb381bf6bc2f1e4c

    SHA256

    69e97cf3d88f751ad47f6246b59abfa4ed190e67f3cfa78cfc62979ccc62be41

    SHA512

    eff778a25263b3fdb2526b2afceff3edc90b8dbd705ffe9ec89ae65bafb91e8bf96cd7092dd0f11870d2f85841ebb11c734d472998545b18af03d3a052b35eb7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA4BB.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA931.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-32TU5.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-N3LB4.tmp\easypanel-iis7-1.2.2-x64.tmp
    Filesize

    689KB

    MD5

    15430669556c2062ceadd5b125e8cea7

    SHA1

    276c5f36876a783a01ef10b9df39fa0efe3e296a

    SHA256

    64db719c67988b106bf2d1a5b842445e8ff9b6436be28bcaa0b8876d330f8168

    SHA512

    2c2a87d34922d747827a2c77813ebfe9923bdd80cd4be909f8da3c8a4dc3a079c049db74c8bc36edd38663ee4635cdd0fda4f9cd2adc3b40d426066611206f39

    Download Submit

  • memory/2672-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2672-26-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2672-20-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2780-24-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2780-21-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2780-8-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download