Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

59b9e44a7d...f5.exe

windows7-x64

8

59b9e44a7d...f5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2024, 23:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59b9e44a7d7885a723c71a78a362edf5.exe

  • Size

    35KB

  • MD5

    59b9e44a7d7885a723c71a78a362edf5

  • SHA1

    19b4706f57bf8bf20d26b11682aef58aad522aa3

  • SHA256

    39f2de7559be9bbe9d658d31bd59ff24f0d2b339392cbeef0bd3b7c7da24100e

  • SHA512

    36b140ce8f2a5b75768bf0f3acbb837fa4a17958ca86f7ab5000da717df2cc46f30dfa973251b9ba3aeff9001506b06f09401b0394ce8c149643227c4eadffec

  • SSDEEP

    768:CXNlj0yT2iXWza/fjqUjIg94qQtkVMCnO8yE+k/YLwazqbWY:Y10IjvIg9fQtkCCnO1k/YLET

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\59b9e44a7d7885a723c71a78a362edf5.exe
        "C:\Users\Admin\AppData\Local\Temp\59b9e44a7d7885a723c71a78a362edf5.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2108
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2400
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2720
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dfDelmlljy.bat" "
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:2640

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\zyndf16.ini
      Filesize

      147B

      MD5

      0f893af6229967f7169345d4140e8c97

      SHA1

      22bac31d5b70d9d85d68e381a72229056c659faf

      SHA256

      c9abef6abe1235d9e768ffc8ea882c0041648740570934512fa4c75ed690fa42

      SHA512

      419892ebe32b2c85d275019547fe8dfd77795265d5c77f6268849383330672760456d29bfe52e5883d9c4744cb8287361bb207cbbbae7f5f7e1ac31bc072a498

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1ca5b75b18a3ebf3ffb1be972787ec47

      SHA1

      9cf13107317296f2ce56a3f131a77fa0d6f9f14f

      SHA256

      9cb9db7b9f22a9c686319130b62564773b22aa762e04b7ae6fc450d239f9ba1d

      SHA512

      9a1e255b60105d92bd99ea141f87a15e6df44dd5947056a417562ef4bdeec2d3881d1235cb9a65774c12250cf426d0d246e46c18e1bc0a70ac017940b9ae14b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cb6f87667ed873e35e133895e1b6a367

      SHA1

      874dca9a861ebf57713426d25be58664df595fc4

      SHA256

      4e0cac73c14fd0fd9cced227d3906a02c990c200e00ed60f45181cfb7289f78d

      SHA512

      2d207226002ac5437a6531c5e71900409aff855c8b5663420a10d974dcbcfe0d6c2eb7d75253d4e362c9cd52ab4c5056de9150f7ede5c58f761624686c1c5ce9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d34a629855e54edf1cf20ea74cfa5716

      SHA1

      32cf9dee713e84465fcd04b243503133f48c8da8

      SHA256

      07c44423170e3a04cf2b9975481d910c05494c8ac274aa7481e2910bd4e128d5

      SHA512

      fe42518183693b55db15afddda8f3428d8779b88da375e0b4695d8942b40f67c2a20454ee96b665fe3543cf87747782d4f79074bbf58064448c4471b01adfde1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      936c7b0f5cdd6b8d70ae4e035f09a395

      SHA1

      a01532f1adcd33afc1c643a43c4c37098e25b6d9

      SHA256

      58ea6a24e96658bac1396ef1b4edfd835f93bcce48083f7d73884f6d7a679d66

      SHA512

      3d53775bfa5cff73023e8492c8d33e58592a60bf4c572e73f6a9f2c32f312c21a09f27b123952ebe74fc9166c3eaa0dd1f41b1eff92256d40f1954abf5528380

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      576f92a60f4c3820b78a2f889f0cf7e0

      SHA1

      bb53232f55068a4c920668fc42873dd117a59815

      SHA256

      cceaa59c37fd2757c281ef8d7f05e3fe07cd1f21cc06cd266ab8ad371ff4d1ee

      SHA512

      1f315931a02b46dee6d359d9eae82a331d78a10c88f0769de8acde20aeb6b43e4b8c26294bebf68e37290db42b65fc07e0745c128ff78017b72fd86d0c611dd9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2c2038365bf2b622b8568be493b5ff9

      SHA1

      93108ab9febdb2f87442caee98bd7bd05f84191d

      SHA256

      ac48b14c028c813231403fa0961d3d6f7cfac66940165de2864abb1469978e4c

      SHA512

      3c1550ed8d0d79210e3bddba056c08129e642b72d007e2f221072f4d28fb6cb5ff91fb503c5b9e72ab844f2a43d274eb28025ac2cfcd7b3d4cea621e7ec572d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      15fd0949b623465784b4a88a177d5075

      SHA1

      3ccb399fb4d1005e7ccf1c7dd007bb98d4692788

      SHA256

      a8047e586a04272537bbb0aa908a21e75b3663e6fb68e9fc00fc65a62c6d57c0

      SHA512

      278347985755370f37a53c605e8e99cf676678905b81ea72028fc6cdf17096ba0605b283545e63c6c35398f42a1399b73c6911c36eecdf282cd4a3143e03cb09

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f841584d23da7a2b950f368369f6dd5a

      SHA1

      1424fb2d4e5ad1c187d99d3ae4a34ccbded3495e

      SHA256

      f015601391aa3106a613ea3e48a31d2e7157a43a5391b6a6d3a2553ab3f2ea71

      SHA512

      6076235da963d6795d1c8045a8a68946a0333ae5b05a366ea8755babf01c06ea8437b98142cedb23506fa8d3c40f86a538358916b7cd183e4992abf2dd68fb87

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      60e6d7b4ce7b38fd509cd70a1c50128a

      SHA1

      bb530d7757e6a0c4885c8719df5e8d414e1c12e4

      SHA256

      cbfaf30923406af35ed56aa406d1b23008f726a92b6957ddd7d5407ab0281273

      SHA512

      4068b5f49f84a91644489ba190260ef6cf472c08ed46e50b8ba276601bc15b189d4b01e94bc491e7cf8d313f76c4728f64d81d1ddf2c588479f2f58ae1c8c8f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5302c1b094df367762089530bcdc5aff

      SHA1

      354c452c5fea090fea1fc7a31f4387e6e9f85e7a

      SHA256

      4bbaa04406b3f9c9b1ca2bcee1fb0855ec8084fcda4da5b565f62d27503b0b07

      SHA512

      6b95eb022842a289198721877bab044e20f185a323de2b2e38c7f2c03a99bd326ea04d46aa1879d48b155b6c5e1b31a106bf0b556530f295cbde1b929d2de453

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a2cb64daf6a536d82700b2d194953dd

      SHA1

      4caaffa564688109f3b377385ee3bbcf20c52408

      SHA256

      7f1984b1d2515ec64bb0aa85f934366a7629bc0f6c46663eeb634557bfe66005

      SHA512

      1f0f19788acc3cdca71426fe499b80f68c981f0a874672bd5ec9a2312e8452eb43080e2802eac3b0e588ffdeef4ed86e62d236c7b66182688c34d8e539b6997e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3389aeb599087e7e5904cb054ce85714

      SHA1

      e2c026a51b09e58aa5f73bc0122b51f1c5669ff3

      SHA256

      1d2e577b7facb57b1baf93d96267e23b0e76b54d2ae7d68b18f9ddfa1342d7c6

      SHA512

      fffe8abe3353f63b5ad87f688d844cdcf335a6ac0c57959ecd9d7f64bc23d928577bc6dd502458091412772718248dd1475f666843fff677d4eb3ef6a15f7134

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17f7d12cf4954477b676193bc30de4c3

      SHA1

      508aa5f56051161e27b45ef85117ef729198e199

      SHA256

      73df26f3849447f79cd56cdb2b273b01455d8d441e607ded99f12582898bb913

      SHA512

      6a204ffc0e341a4319261e90b8e28144d38c14b476ef7b2ebc1ff7a8b8f851bb6828742faf17e4b50b68a7b80b0b8767c92572ec138e43349763f9d002e083f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e21092b4e7045e1b6b6e0c723685161b

      SHA1

      8120672a6aa6e01e65d8409da48470232bab1b40

      SHA256

      d50a85bc93621813a2245dd44b2ddf3262e2853bac8a53448e4effd435dd185f

      SHA512

      5e2f32c7b44f7f979553e4caec9f33c5e07853f8fd9f7621b22e8032a26a9cf3ef8ec89a6c990b5eb3361284e603cf22c58ffec6e930ad24ddb663736ced1e42

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAE3B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAF1A.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\dfDelmlljy.bat
      Filesize

      205B

      MD5

      7a0d10ee7eebd0a301cf2628db9b5833

      SHA1

      4d2c997ecfe1ee903d830ce544dfed9e79a4ca80

      SHA256

      4e0b7249591ec2f1d3a1f7149e16ec1762d697ac68e74392fd71ef8d6289d440

      SHA512

      e7fd8dfd86656b26bff260d617cece7479a38f33fb92fba893933f6a1921378fa143a2e6dee5aaa0dc35059f276dca9b63a87e9efa3311468c7dac44002dfafc

      Download Submit

    • memory/1188-20-0x0000000002A50000-0x0000000002A51000-memory.dmp

      Filesize

      4KB

      Download