Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4a04435c88...1d.exe

windows7-x64

8

4a04435c88...1d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a04435c8828bd8bc526461ad4ace11d.exe

  • Size

    1.2MB

  • MD5

    4a04435c8828bd8bc526461ad4ace11d

  • SHA1

    798887d48a93bab2665a5b74cebe0fa6119d4651

  • SHA256

    e20a62be009f8bf8d81a05e6fe3542f6e0ba8d941a58c95bb0882c4832681893

  • SHA512

    285cfdd34ebbd557d1e5bf3030b51271082fc507e2c0f95626d5f65d659a0237934feaebbce52884c54dc2efcc22e7f1de1fb3fefc2d1dc65ed510a90e8adf18

  • SSDEEP

    12288:eZD/lIHhTv4Iu0UdP6BKhr//VLTRGWfxlezy9m1gsvW9J85mAvGW77gSw7Ww:ADGBTwITq6grHVLTMaloyMvWb6ob7W

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe
    "C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe
      C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe
        "C:\Users\Admin\AppData\Local\Temp\4a04435c8828bd8bc526461ad4ace11d.exe"
        3⤵
        • Modifies Installed Components in the registry
        • Adds Run key to start application
        • Suspicious use of SetThreadContext
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2704
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1442638f165e995efc1758cd2cb71a57

    SHA1

    3eeb912c77dea64782c9e579357bcc13b1065c3e

    SHA256

    6a446f62de179b8ad9bcf4c734c047fbfd1f58ceba96a044988ee47e8b4e5811

    SHA512

    708fc459fcf2b597ef98142aa14be0b0efe50533f5a31e4c0412c84e4aa98cc9fd303f80ec8c323e6a7eb2b928fc67eb1699fa49f1552408f200802b875ae97d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1247b1a3992b5bd1c952e31a1310b3b

    SHA1

    f25958d3936b2e1538564f6a81f3389532d4dd91

    SHA256

    f44c77a6fa3b1dd18180c90dd609a105df3bc16d090e6538e41f26aff5059b2f

    SHA512

    2f943a4fd99671192b2bc9d442bd97a5424393f13e6f0ebe3f3d2373771c6912822bf3b288821af21e1118dff0eb4a7b357f5a1c5910f1bd2e58eb2596436caf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdd3caec79070503704949472a11b68b

    SHA1

    9cc281a6386cd534206d1758f6be38f09722ffdf

    SHA256

    9095e5034e042fff630a0fe0984e8e92b5d21630a438d33f11046322824f3974

    SHA512

    972b3aa92d4cf9d72e760ce8c3912870e70c23eb1a80269b1956e47d4c39ed635d5fb6940258a6a95812629007596591d59f3483338d50b0eb42275ce4e8552c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfcadfd3713e49dbb6194caa8df6c3d2

    SHA1

    ffb2b92155217f56e982787fbf736b8e0188c527

    SHA256

    3afe91ca2d3e71c368f1185234cbc9d33d56e8b61a8e2d46450ec18c5b963a3b

    SHA512

    d8dabc6017aae90b1b5e097090fe6b50c98ab5bc2e460725f61f0b437739d62c4777b510e1b3968b469ac13993ec3346b1ce348879a5baeb6141f517f78e8122

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    701735b3d7762075004b01cfd8bfd70d

    SHA1

    6c9c2aff8dd8ce85cfeac3765b08b58a6ddbaf5b

    SHA256

    191af64570b7b427f3a76b92c1e0f8dad6dbf75de11f2c86e8391333c8f250a0

    SHA512

    0042cc840508a0d19ad34041c9473900649c1b4571d81f0f3757485345cbd327aad5ec988d4dcb2be380b16d100b2597665faf8fba6f21d1a2bc370a13339c2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7de8fd2f0442c595aee40cb5ee31687

    SHA1

    b19574798b01063aa13ad423e72224f35af5e343

    SHA256

    16079491cbe965f5963210ecccb1bf79356e3b04346a169399b91dc990cc3dee

    SHA512

    0c7d424ed386a63ceea0e138e6075ed31644624516c6a53cdf61b8c2c428f3953980dc83f6b9d7c4034a5c010340f9df168d3b6cae38188cb528d9f05045ef94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e2c90f28a906475d7ebe9f9d0223a22

    SHA1

    84c1f733cd8eb4b03985447bb0d055a220b11485

    SHA256

    f74315d470be5f345c6415e5266bcfc384594c9ac191ccdd756db8e38212a03d

    SHA512

    36729f248e98fa7788f820f2a0f296791b8b7466691cb4d3edb7e2bada78bc4ad8bd3a7729f6625766540f3b0afb894a1acf5b52be4327eb7c484aa5a966e745

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22cbabf3d80ef3d3e70f072106cf683f

    SHA1

    7dc0ebf0bb6452d04cf3a897db75fe1c17c13d51

    SHA256

    deaacf4eca5cb9db8a7bba630da926d7d66ddba5ad5d2a349071f578bc52e147

    SHA512

    7e90d43cdb93600bc9bf9af4d751b892bfb6ff8e8836677c0491b11ef1661e34ab57335df3a2b2b71c51b86ea6c2d552797bd9c66e49e76553f92d73f311ebc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ee62cd4c4118cd5aea758e251e11f1b

    SHA1

    dee59cef9da1ba06a2fae9a9838054c038b95416

    SHA256

    9e73db2ef41cb4913bb58a737b0fbf0f1531cf7d6ef2824ed7f9c11938687227

    SHA512

    6664e4a337b405d311dadafd6d679d1a96de4ac119a17474a98c25fcd418cfdef5bd1be09e4d85e0e2aecab90cda629c9e996935509b5493e81484e65b891745

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93474eb1bf30f04c88f8e323921b4d53

    SHA1

    52dd44cbf4ddc1e2b840863e9cd6e94f4be28fe1

    SHA256

    dd6bd6faa170c832be09cc43f847cc804a83c69a04653c89bd5f74c0b9da168b

    SHA512

    802325d285566e4ae3e6dd31dc4259c6593a3adc468765700c04ffb7f137034e667aa5e18a84b0a24374a6e883c74e68d36fcc142471f38899cb05c5504dfb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab905E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar914D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2512-7-0x0000000000010000-0x0000000000149000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2704-21-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-15-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-22-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-12-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-16-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-17-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2708-18-0x0000000033140000-0x00000000331A4000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2792-8-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-9-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-11-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-1-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-441-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-4-0x0000000053140000-0x00000000532B9000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2792-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download