Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4d3a626dca...3a.exe

windows7-x64

8

4d3a626dca...3a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d3a626dca7fdbe017997e25b73b013a.exe

  • Size

    39KB

  • MD5

    4d3a626dca7fdbe017997e25b73b013a

  • SHA1

    0429e15dd2290b846667a019577ad9a3ad0daf47

  • SHA256

    c8834d89ebd16eb6b37d06ed80825ffce32dda1b51f6401acbdd6907a1bcb04e

  • SHA512

    ba034f3c0dd28847d3173284ffd5a24f9c78bca92138f7ee7b0be491212e8e0dbe7d3a624f73dd19a31cb2a5cd842983647b107123d2ef60905337a587aaaecf

  • SSDEEP

    768:3E48+muntVSRZPjMIvqC9ZFerykdnlIEVB/NmBq+J6wviLZqMAU:D8at4M8bFerykdlIEp2q4GLcMAU

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d3a626dca7fdbe017997e25b73b013a.exe
    "C:\Users\Admin\AppData\Local\Temp\4d3a626dca7fdbe017997e25b73b013a.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\4d3a626dca7fdbe017997e25b73b013a.exe"
      2⤵
      • Deletes itself
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    399ed4f81108e13f26c7f797ad876ce7

    SHA1

    220ab7747959da4513ae3f9e280f7b1c459edd06

    SHA256

    d361c32d4cc2994898582a4b178847079fc97bc1d8c57a74ad77014d7d719be0

    SHA512

    bd05dfdb26a04278281096f95db6ae445de2f7117d518d26319a74b52193851654d8800f0cc1726dd06e924b52b251d9610a8a9d39ea6ac668b1178c24b5d53c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3e06c18b68e0d129d4ccc6e2c90cacf

    SHA1

    adba858f7b1ea9a7e4e0181caff9a06b2e300de0

    SHA256

    1f2082ae5494fc84a085c607cf8f039479c25a0b23780ed92825f5936c1214e3

    SHA512

    d9d39e677ff35157ab5ee951943a20beb430ddc1af5a46df04924958f6ebd235e8028f091bf48a5f698d648bbfb67e336ba8db401ef95a55b70631057d1c32e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78a0e523114578591d33411c9a2304ef

    SHA1

    286569efbbbfa124e13489f13fffaf35170fa64b

    SHA256

    f3652b03150248543d02e76ec7084f993ad46a0dd0009a982723c465a16e7a99

    SHA512

    142babbdfa3f03097b570ee0600cd2c61afb91d6bfa594bab1c54be673010f48726efe77dca3a66ed7c73eed88c34043a6b32f03140cbba3f2a54d57277b7139

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d81da5b573c0bd9f27bb895a348be09

    SHA1

    52838037104fa3229b41dc9e2d07e0b7f5f8d721

    SHA256

    2169f99b335b4ee570a6576587d8d6b0d2b58fcb0d9f4e004380f4b16d75f124

    SHA512

    d9143294e40b57b765ce780ee696b295caf3d3d5f6eedce1903d855fe6baebaf781225bb43bd33c40e90a2d875ce2c2bf5eb21e45cb0de1f989be9b6a79ce52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9ef3a3c7ae0fcbc28ee732ae69da6a1

    SHA1

    fa12bdaf0b62065f4082ce466ad9cfd38ab06964

    SHA256

    8b3e98513ceda61032cca6f4b49ac07b07a55d0eb8ad6b1fdf192bdc48c11c21

    SHA512

    a6f65953fa17859dcd3fdbb414f2bf0077e3fea14247593167a3e0086559ffbe8f8706500c92f7b34e0bf28e1e6e1a6981d98ffd969283936d3b844c8df4e083

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb02d77ba6c0422f9953dd681d2df46b

    SHA1

    fa149136d7418f1a2e6606b65be9990a786c7994

    SHA256

    3bd343308a7f720bc5d771fabe6280a92f4919bd8979deca2403e6b6172563e8

    SHA512

    d6b9de70f980f4e787a0e198540e85bba0a0f7bc6b8d68d9ade52c943d1db223ed05b212b4df037bbfbfd51f105ba556f1501abf63a0bb69aab6cfca4aad79c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b696e79ad188f847a18172444c005f6a

    SHA1

    d4c2d160d270e59eebc654dbe9154617a41410ba

    SHA256

    688a53b1a860eb296970b3b1603c8b528ca5ce7ae59b166d1fc18312e04dca62

    SHA512

    33db60369390a3fb1cac358ae81dcaa51e0b3a163acf1925c1ef8d119023e022aa861c1369e26937c2865347f042be3ab883db3e44d8930d543a96f260e7ea46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da57ac1c04cfcc9d2cc5ae065feff813

    SHA1

    2a9c03bd83c938285aee8c42db80b893647f1c31

    SHA256

    4cbae267803bbfa7c43793e57ff217b8733ef7ad2367f6ecd21a2b6f1b0f4433

    SHA512

    d3ecd45402b1f8bf44bc87864be6cf936559603479f4f06b9a34006c33d8cd64a6f13bac4a74f771bb8c20028885522c55cf70ff5707f2bf440a9fa99dd9829b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58d83e35a4dad8733e4bb120afb1a70a

    SHA1

    0b9a80562100de7bd1e27c25b259b2f01ac50580

    SHA256

    362c14971c8bf92c4b0105848ff0ceba5181433ff914a87113f23ce7dc09d950

    SHA512

    7b45870fdbc12bf6960ccee8927b175409fa90693c07bd3563f2d31cfbd18ad68b5baf9e186e405f5f24b7ac4428f3b6c56119f0c2c7daa5b437e354466d6769

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc0e7c8dfd3ea664b66c1e018a3adeba

    SHA1

    76f0f860975f1915adf0744738ec14bdcaf0141b

    SHA256

    d1070f566bbc9c50765cd70716b3f9d4d1dc756db310475a5ea57f59eea8004e

    SHA512

    b9dc193cb08aaed562649a83c22360e4f49a202c6bb9fcaf4e725b16a0ae843c27b82b651b2ff9fff20e3f6d486a99db96777b86dfd18c20b021a659e9d91c70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b539f7771ba8c63d9aa263c105d71dd

    SHA1

    8b5c74ad327bba796d7e26ee21056529bbf2ac2b

    SHA256

    6fbff67da198ab3da13c92f5168649b0b40e2cd412dcf6b63be2551e64a88d6c

    SHA512

    c2a9dde52260b332ce8daf185aa042688abdc9bbbc2c5d3435fa64075d808272318a92de7b8d7564209c85211dfdcbbe2e853fc62d0dfb916ec275ca1cd9e38d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dab49f9cb4f5c77dbf0fe37b608111fd

    SHA1

    5bb2478da0018dc25c864e06ca6b24631705b121

    SHA256

    ed3c485afcd3ee58e8762d67f6587dfdac32553b9fa9b31495fe55a3516a8843

    SHA512

    7a0bedd48cf91df3ff5b31c175e76f4f082c330808663207da4fbae8149c1acd94031344e59bdb01edec481c71e3fc7f3aa898d8c06a2220378031355c6b77cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5bd1b0f3f1703f5841909c34b89fa9bf

    SHA1

    cee3987a63cd8078dc5f8e4564ef2da7d51459c1

    SHA256

    f45a34f7233b3f0b0ee8ea9a61704feeef6b3e58850baf8708f257dabb77b685

    SHA512

    438efdbebbb12e60d01bb0f78f3443316faf0db8eb4cb49751e8b04305e3364c0e4fd0486429462048e14efa39b61c8b81d2be09a869d0e1119d7f28a5895b34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a28773b67baa81a6fdb04fae973fe5f

    SHA1

    aabc5d38e8042552e8dec58cc2b4de5225a9a613

    SHA256

    74f3de9d6fabb1d24e4716a68e48551032be9926ab8930022565cafd4cacd26e

    SHA512

    e30d76605ce1ec87ebdc51acc82b70539984a0bed18805e685dff54ee1544f4e0b78eb3cddd241aff5a3761948c370d572dda18170128e592f0b66dd22a9c21b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7BA8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7C67.tmp
    Filesize

    165KB

    MD5

    b2eddd19f97913ce46ea9bc8df3f73bb

    SHA1

    917c1be6da708bb7c2ff51c6b311a4c8e158d4fb

    SHA256

    62cd8d28583c208c59c212b37c1f3577d14fb57647b7d264171e464ecac4a7b7

    SHA512

    117f3a9cb46fd05002cd526e56aa8203c012cbb3bb5c0b178c2ddab6b6e5560c18b6e9ecf001b016257e8d0d6e6dab97ddf38a51fa9301ff3cb0c530a75014fb

    Download Submit

  • memory/1812-0-0x0000000000150000-0x0000000000182000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1812-12-0x0000000000150000-0x0000000000182000-memory.dmp

    Filesize

    200KB

    Download