Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

481d2b0445...8d.exe

windows7-x64

8

481d2b0445...8d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    481d2b0445ef3b32e99231c580108d8d.exe

  • Size

    56KB

  • MD5

    481d2b0445ef3b32e99231c580108d8d

  • SHA1

    cbb06e95cd988f12f09616d083570782bfed78a0

  • SHA256

    0267c2dd7b95083c44789ef947886e25143a203342ba8cc2bcc7bebea2b3b58d

  • SHA512

    0275ffbd99adfb5b5fdeb8ad617eed6ae35d10255355b7d8daed541520bd0d23edf9f1cc588ee8660fc383ebf221ce71a629ee122d412c51db247e8d7c145fc6

  • SSDEEP

    768:q2DiFixA95VlLfDjwDntbGTmOxOQCJCdzu59ebLfqzMZ+27sLuWDv8/:jei0Kbth+wJAQI59gLuWw/

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\481d2b0445ef3b32e99231c580108d8d.exe
    "C:\Users\Admin\AppData\Local\Temp\481d2b0445ef3b32e99231c580108d8d.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2000
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\481d2b0445ef3b32e99231c580108d8d.exe"
      2⤵
      • Deletes itself
      PID:792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lzdf16.ini
    Filesize

    100B

    MD5

    5b64e85c648c3d5ff54b924a98a71c92

    SHA1

    4e48f48ad0957a43449f679eb8ee7a0c701650e1

    SHA256

    ae8b005ae3e6c7b03468166c1a56db580d87a23dcdbe2d20ebc7e684ad08cc29

    SHA512

    9e5245978e5f28b969f92c17de4978e4a0698ffd9ac432bd73a4e8317c1983712933700be322976301979d49b67cac2dbf4a4f19d9ee856f9bc24a8987f9f75d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30f58de817425fa2fdb0a4b396883757

    SHA1

    5297c30a2066ed4da706445875c59f52f917c00e

    SHA256

    530ad2c6e25913940ceae275b7e77e4ddb8152132f03202b68cd7c95350db5e2

    SHA512

    33bb09492741784fdb39e50d722200a1b6e1e808f1022bdf5c1a593045a60bc1b0a4ee2eac5519d4e597dc9903e4c80e08c56464837f82b43d66c7392a11b0a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcaaa09d25df24d174c5a0e8fc4b0abb

    SHA1

    c6ede4ddd7df6530558a6b8940970c1ed3831bca

    SHA256

    05205962a3e32e44367d6087fb0e0c55b2c2aa17a13dc0150c4e6799a5e5f9c3

    SHA512

    5c50036c475f7dc0ad578464c8dfe77d18c5c14cf75fe63e306bdcb4fc6d02101aa88dd7e98ce8c1aa7c61b577e285b5df01541b2222b61388cf5ebe13dec3ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    25a486e5dc4544f4b1dec3ffa6afd25c

    SHA1

    515a08527ad3f241ce977a3fae178cd901f1bfff

    SHA256

    2301aaa60de8914c807b33800495ce643e6077068fdd1c76ff439792ad735a77

    SHA512

    284854843b2bac8a7c1efb8db3a850564c350e9310bfd350d52a316d7e738cdd59259a5e88e8b6da769b27d39fab1fe46e83c4bad174672d310171023bdc7be4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8550ac2e90682626d6b4b7974786bf0a

    SHA1

    5f6c7362a7f82aa51076dcfcba185bf6831e3eac

    SHA256

    c17505c353d1f775532b305029530efb7e52f1d07681adbd90d0dd7a96e7825d

    SHA512

    faf73cadac5f7d82b56a3e851a2412894e644aa04031ef8924d21cf620b71c0e44f2faacfe9158e47457350406907a7e2e7732ae44e12af856d1ea4eee33c8f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0973e6b218d615477d71aea2a8f7324

    SHA1

    d2a616cd51edc299f5a552398ef0227bbaa07ae0

    SHA256

    ed150698372e20c6807314fae13bfe042d7e358c87c42c1ff7fe0c5924d8f887

    SHA512

    e2cc8cbd0b6e042812490e4e5cebb929a321ba0ffe0956d0e6f9f03bd40573ab5dc950c6e8f463c74227d677f3999ed5d78f4b45bf51b6fc19d24e25a792de2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52ede494ede19213c9c97c5de956fbc7

    SHA1

    d7c60921aa86cef57d2607ae314ef2b6a377e200

    SHA256

    4b1c603a921a1103b6d2770b3bc66735a25bb48be3cf139f6093efd4b5e71dd9

    SHA512

    890fa002a8f0955efd77fc78644c5ea3cbbfbff68be06b1dd4d5d072e9245d9d01666455d795204e1acc9567b276c663d6ec80f3f25350f9d5eafe2d8665abad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    beb2843c185a73f451c51123cdda8374

    SHA1

    ac36a8f0e4ca3b21dee768192ac6293fe8de7c2d

    SHA256

    6d79259fab3b3b3e7e080d8745eafeb4d73e9e9519bab941cdc8c626cc2a05c9

    SHA512

    0706749191d0506182562570e9885a4e0a73399c6f3fbc4ed8a50a7e765b3fc2b677fa3226b423f90d977fb30f95bff130d132304e87d1af084539ddcb2370c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9FA.tmp
    Filesize

    37KB

    MD5

    ccfa6e58c7ee3b49209d37398c85b412

    SHA1

    788f579102cb93fd6732fb2604e72480f22735db

    SHA256

    412c82301757558027c5cb3ed1245a40d0a9063f583ecd2fdacf50f733c86b0d

    SHA512

    c0137f7d51c9c1ca30f3690d26989db7f2fba64acf05594609518a169f243bfb06e8cbf461db6269e8c8123c8dfadb3d4717777adf1f2490d4b19b334510a813

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6AB.tmp
    Filesize

    124KB

    MD5

    0abdd8a8c31ce398cb71a4239beaac59

    SHA1

    ca74bb068d3c2e37ef6be8926a163fcce90a65d4

    SHA256

    00ece81b8041099e52b91048593843530e1b7d54339122b45fe6de77d84cd328

    SHA512

    ae64760a80b301ba50c2eb5b0a8fc3dc08091201e0b46119fd8e6377d7d9e2378d97786d153765a5f7506af872a3462e20cbfe1c37f9154d1fdafda34c68ed9b

    Download Submit

  • memory/1976-0-0x0000000000100000-0x0000000000140000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1976-12-0x0000000000100000-0x0000000000140000-memory.dmp

    Filesize

    256KB

    Download