Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4711b828b0...ae.exe

windows7-x64

4711b828b0...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4711b828b0bb466d3694fc0f2916edae.exe

  • Size

    705KB

  • MD5

    4711b828b0bb466d3694fc0f2916edae

  • SHA1

    a55117a0a64a4ec54418124ca8190479b92a6751

  • SHA256

    ae121792a33bf3f52ac94e2d21c727c67abe9c2260170235f9c766c6d1eb376c

  • SHA512

    c4bae1b76a9fd1147e9cd5086053936e0d763934fde04f0a0663ae94d01585d700f70960b61f374019db01b1aa5e4aaf2953c36a621616d271bc55c14aaba06f

  • SSDEEP

    12288:wDJnJM4OpSpnO8kTZlTV8fPnsklusrrbQDhzIs:UJnJM4OqTW3x8BfWhks

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 46 IoCs
  • Drops file in Program Files directory 19 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4711b828b0bb466d3694fc0f2916edae.exe
    "C:\Users\Admin\AppData\Local\Temp\4711b828b0bb466d3694fc0f2916edae.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4964
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:4900
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3944
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3528
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:1960
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1640
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1216
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2900
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:1736
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4364

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\iafblplp\hcadmaan.tmp
      Filesize

      678KB

      MD5

      1fc5c09a24c3a5ea35dceb044a2d7b36

      SHA1

      ea88d238fc79eaf03082f3a03f8ca8008368d433

      SHA256

      26f2203f43ea4edafaea724ae66c5c4bc1b075ec02e030e1a46e1c0355966933

      SHA512

      e6c334479fada188a606579e8b83059fb9b952184a89172e17814c90fd1062a2815706cfb579dfc98c68ab9054b26bbbbf4c28662b8ca19319d08e742206483a

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      487KB

      MD5

      bb125279a16dd050968720a939aac037

      SHA1

      5dab0b4ba6df3a37aea74a123d0a93c603d22a71

      SHA256

      44be793a8efa9e9c64a9d9eebed54e185ccc26a8c1a3df94e2cc3c9a2a140e9a

      SHA512

      f7132a7d424e2b656def69a852f08c13b607a82f1f3a55bd07156995dd8935bd93562c82fb1f73d3766413fa5d78bd6802c2c8feb89851ab88e25cec5fe9d9b3

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      3d01cfb4acd65ced09238681a2fe18f3

      SHA1

      b60d92dc50e9710ed5b38b3b4058605a60abaa39

      SHA256

      b11164e4a9feaf0cd615053010b5a94cb3e7aa728dad7deecd75287d8f06ae76

      SHA512

      26c61a270e82202067f9d117f4c8571b6a7824991c311e18335a361b6f918c5b3f6c0a88472f1f45b01bcebe7103b8197207887ae79ffd2d174ccd6fcd9900eb

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      489KB

      MD5

      c0a3d888f28efd234cdee1f25e69ab82

      SHA1

      ab4f3383fe90c73710ec0c7af4d60631b1232055

      SHA256

      f8864a0a1ab1e96071f920f2e1ea3eb5ad7d3692eb532cdeb5b95ec72f4bfd95

      SHA512

      7d307928d523599ef5f015e4e7a1ac39a87b7039cbcc7b996756b6540111da847afec5ebbdc5c208907e71ff2a0bd118813045ccf2ffe66e9faab436f69efccd

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      540KB

      MD5

      e2d4befd4ce7d3174358f8d5c8a4cb4d

      SHA1

      41c0e2a6e590754e4089ebd7ff9d746ad3418cbd

      SHA256

      0241635cc0e7b1bc13b355016f748e5509ebf7b408523bc5a298b8c1b4268c06

      SHA512

      82d3f5ff4193506d1710d000e829853ef60fe4a552e6fddfead75fdc7106aebc160cfb8185d66c33092520afe18b0efa0201f1fb8484072883fc55326bec0c77

      Download Submit

    • C:\Windows\System32\msiexec.exe
      Filesize

      463KB

      MD5

      94fbe244583678e82f4a45e0f7054eea

      SHA1

      6510b5343b8525fad3c5f040d67428b778ccb1be

      SHA256

      9eeed0ad4ae8232dfc70ceadb26ce7aada78934ce22e996ddc0b629b7b36e223

      SHA512

      a817ed975efca7a12f565367d7d18d990bce94edf7d7738722685749d00b501a0999f288e942ee105e453d8eb117f3b11b7cf75ceed4fde5069f03f3eaf15397

      Download Submit

    • \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1.9MB

      MD5

      67a93faa3f1cddc36d111bdc9d38caa4

      SHA1

      eaa8396a7563fa46b37974ab90046533bf179f47

      SHA256

      c417cf1e634da6301d120ae17bfc77aef59e4b1644799c029ece56ed43aadec9

      SHA512

      3fc5a3b0bc214b977442ae1dd4bfba313af00102c95abfe1faf46123967edea330e735bfad3830a12b444c5035cf82c4921b6421e23ffa6b67510ea458e166f2

      Download Submit

    • \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
      Filesize

      613KB

      MD5

      b05093f2f0a8e4dd3a4e50381eb877bd

      SHA1

      ecdab10d8993eafe10e5494a0a2097431ed93712

      SHA256

      16b3b7a1882fe964451b7f843a3d21f68c3bab83ad1c35ba3fd8701a7d824549

      SHA512

      3e632ce3a38e7946bc5be0a9454babe09763c911a1c86775c8acc5215fd183b1b94083f8c5d890d513ac60ea15d0648487875a2bb14b8c40ddf625457ec17990

      Download Submit

    • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
      Filesize

      637KB

      MD5

      1d06022c348cba0842a4d89f222bc381

      SHA1

      16d191fa4870a5f94ae3f41cab656f51e0918207

      SHA256

      4edf92744f7c985738757d9149ff0178b53dd34dbd3b3f8d524a0f9399d0a09b

      SHA512

      a524017c0dd6ca580793810f4373e84953c98b800b49c90773ca3a1bcc48759c398e4ab75319a6fe90b7a84fa53dacc0e7c6862628c561a5a1e722511e1714c8

      Download Submit

    • \??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.0MB

      MD5

      73771d5499be9d1d7301025b0da41991

      SHA1

      727117e25306e4963bbdd579898a563a4e0c5e8b

      SHA256

      3d98360d4356abe81148a96fbde24834484281d58bb0e0428a3ca875cd47724b

      SHA512

      1463cb7d6ba17bed2d3f1560d87aa328ccf6853f3c55663e2bac1ff3ac64965b0d47af9832b755b058d6c3f6055894864f65d9d2c357d1e96e2751cee8f0d2e4

      Download Submit

    • memory/1216-97-0x00007FF7F95D0000-0x00007FF7F9825000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1216-67-0x00007FF7F95D0000-0x00007FF7F9825000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1640-59-0x00007FF69E920000-0x00007FF69EB81000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1640-83-0x00007FF69E920000-0x00007FF69EB81000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1736-80-0x00007FF68CCA0000-0x00007FF68CD82000-memory.dmp

      Filesize

      904KB

      Download

    • memory/1736-115-0x00007FF68CCA0000-0x00007FF68CD82000-memory.dmp

      Filesize

      904KB

      Download

    • memory/1960-49-0x00007FF77E990000-0x00007FF77EAEF000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1960-51-0x00007FF77E990000-0x00007FF77EAEF000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2900-70-0x00007FF7ECB50000-0x00007FF7ECC44000-memory.dmp

      Filesize

      976KB

      Download

    • memory/2900-72-0x00007FF7ECB50000-0x00007FF7ECC44000-memory.dmp

      Filesize

      976KB

      Download

    • memory/3944-37-0x00007FF661FE0000-0x00007FF6620B2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/3944-73-0x00007FF661FE0000-0x00007FF6620B2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/4364-98-0x00007FF608440000-0x00007FF60850E000-memory.dmp

      Filesize

      824KB

      Download

    • memory/4900-58-0x00007FF707480000-0x00007FF707553000-memory.dmp

      Filesize

      844KB

      Download

    • memory/4900-19-0x00007FF707480000-0x00007FF707553000-memory.dmp

      Filesize

      844KB

      Download

    • memory/4900-18-0x00007FF707480000-0x00007FF707553000-memory.dmp

      Filesize

      844KB

      Download

    • memory/4964-0-0x00007FF68F7E0000-0x00007FF68F8E9000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4964-11-0x00007FF68F7E0000-0x00007FF68F8E9000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4964-2-0x00007FF68F7E0000-0x00007FF68F8E9000-memory.dmp

      Filesize

      1.0MB

      Download