Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4e002e5c4b...9b.exe

windows7-x64

8

4e002e5c4b...9b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e002e5c4bcb5420a23a5d7753969c9b.exe

  • Size

    36KB

  • MD5

    4e002e5c4bcb5420a23a5d7753969c9b

  • SHA1

    16c89eaf2e3993b927cff79ea39f1f078351e827

  • SHA256

    d3a7a4d713a7adac4d6faba16333dc2aaf7031b108589e43aebe2ed0d1a5adbf

  • SHA512

    6278b8ee9abca0e513f49435ec75507b2820f5e2cd2f80d520e89e837eb761a62467b642bb2737e62ac95491d405b9229ffa83b7ea1db91a5726b7ef91d36c31

  • SSDEEP

    768:cMAQVOtQC9xJ3kgbZySRlIIND9dsjaGGLRvMphbCu0aaY:cmV+QC9L3vNySXPD9iTAREvt0ar

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e002e5c4bcb5420a23a5d7753969c9b.exe
    "C:\Users\Admin\AppData\Local\Temp\4e002e5c4bcb5420a23a5d7753969c9b.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2776
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\dfDelmlljy.bat" "
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    192342bc73de6a4a4e45c71fd369483b

    SHA1

    3f9d8971c5078ece0685adab4076c584913cb120

    SHA256

    a1029363988e9e18a9f83191c5b83677f49dd639d0374d57c8c86c5b59fd1e37

    SHA512

    a8cc8b09aaa2e54e3b26cb537c6e95180764a11b85cfe010cb95247a0663af8ffe493dd1ffc0101fd40e2e7bd796cd29c3b1bedbdddaa00f0ea5e9d73df9a910

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    957f001513711c1ae4d4711908f41bbf

    SHA1

    46e843c0fbb4ba2b21fa5fd745b1c6e7639f6e15

    SHA256

    5d13d6e17b777ce9433c739b78a96fa0f629fa481fd0589557dcbf74494ab389

    SHA512

    da1a798958c70602b5dae12550dc1471176e92e7a04d9ffedd27cd06da9711ee11b0b70bcaa653ac54a9d506f1dcbc4a801679e87a5158b97489d6fdd7c1bca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    932bb878b5c108275d4b1a1feee238c6

    SHA1

    f73b4afc81bde0741332c6d65d48351f4ba60f28

    SHA256

    b87adae534e2dfc02baf26b15f7bed6dd61179948ccc107ba5f572e62d0854fc

    SHA512

    eb91850d1db04ec2f98b0b23b581eaf8694f51d37dfb128e351fbcda37818924e07dff31e9ef59e8d8cf0dc312bbd952609cafcdb0533614bd89a4be5aa2f97a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50437466cb5e9eadb39d97be2d3e5ff2

    SHA1

    f875ea8c6197a7458c39150d99521ca2e95f7427

    SHA256

    1bb423d7f6fa9746662f2ab51addf019e554f09a47937920a35cd6229ba32cfb

    SHA512

    a4d26a1d71106f2968e9acbeaa307fb7975cb90635cf54ce9942fc23256e92927e6571802ba0992ef221d16a3727d2eea6f51a1f83115dd18a70fa0f33e7395b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5566a498e914f094752ff063786b0ada

    SHA1

    a9f38c98a112d2db5b7f2f155e2e1a66ed6e39e6

    SHA256

    4c06e1222cfe3cd17c2c43df21f35012c2ec522a268bf4f4051c80f8a411e153

    SHA512

    e0227000bcf59df5cdcbb4dd1c0d34baf5a0249ebbbaf343f8627e78e300224857bad4e47c35e4e246c0e53953a15376726471e0d09fa14c3d276322fcba8686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7f34d1b35fa41dc44627f5dba294fac

    SHA1

    1c25b83b48b99528fdd62b6728d8dd97524e0b7d

    SHA256

    f15c9ff37f7227b1f70b10c5804ec3a51a50215f24e029674a0dbb4e38928b11

    SHA512

    ab72e9f5912bb82753ea0a43374e52d922db0158edbe1b44d0c39abdb1fe207c25dd1db1d086cc5ffd617a5cb452f5c44e614dccdd02192102c38ae7271c2d00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7829a27d132cb338ab2080bee496beb1

    SHA1

    1c330d57d452989451ee74d7fb12c7e378507a14

    SHA256

    15873775b52b6098d255e68c7b01d3fce0c69491c00285f73d7e594e63727766

    SHA512

    0d49a0db2a85b7146afaff629078778e7762ea90c130b482cd46b7cf67a6eed533c466ee58c5ada5817da80f6c95b4ae0b0063027deb392bd2e40d2925d364a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5abdf64bac11644dbbe0ec9fe737c076

    SHA1

    7c3e9e07f81e3abed19e2bc6c3fadcfc5b5ff922

    SHA256

    1e75046b04c885d479be6489da5427da29964d59feb69fddd437d5cb8415b2bc

    SHA512

    527946c71f47839e4c71e4dc61dddac378a3785a56a94753f03122ba24109ec9ed42d197b84be9975efd3100dc095ebacdd6da5a51d53b1e90f9067babf92b94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1dace537542b28704a4c48e73898fe0d

    SHA1

    0a0f57118b986feb52f3430040c667c3079eb3f7

    SHA256

    d3ee80e70ae358902b7a62430d0fd5e1416f61af794d3b3d8aedd4671272f8a3

    SHA512

    f2c75af3576c3524984f779571bc35794d8368961145ae9f1e8266ed35b46d7a0c7a388802101d191cf36975149c87c4b431584c8cfe534df39e07349083e13f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f3ac8735c1abab3a359c6bcc34f9193

    SHA1

    632ef1e8aae5b3bfb959679d37881940ba627845

    SHA256

    a952eb88b0ba87c5558bec9e3ffd63a6ee1f9ffa69a3e4775e332722689715c1

    SHA512

    50687572d210ac62ba9db192921534f6930605be50dd715131a2d60983d59f162a6664a5cd9cb9c0898a2fb43ba8510717c15f6b2ff96fac8a8ccb3f1a9199d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab677D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar680C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\dfDelmlljy.bat
    Filesize

    205B

    MD5

    d3197bfdc4aecf21ff187560797e37d5

    SHA1

    5f9e4388b21ab3b38f5c5be75fee043d49be790d

    SHA256

    19f58630215e0b42c6f1f00f4e3bec820e0c79f9ea96d8722ade683fce3eeac1

    SHA512

    2a5f64441e710b296b186180119229dd3d50ff0e0147426533347a97371e3de0c4630e50e5f61972f8ff50e522b77cdbc8360651e0917d4a39bed0140bca0c4b

    Download Submit