Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

66ebb78571...c7.exe

windows7-x64

10

66ebb78571...c7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66ebb78571adee745d593d2d5a36f6c7.exe

  • Size

    36KB

  • MD5

    66ebb78571adee745d593d2d5a36f6c7

  • SHA1

    250205326cb67342d80f1e52ca87beb61935c0dd

  • SHA256

    d7b59141f885acd7f3eea30a4314e5910a0d89dae7567c5a88a0b397e4754188

  • SHA512

    8b49f3ff2d699983546a9628c32391c7ed81eb9e60dbc381a829bcf5d6010404bd372414a23e6388bf38dd68cd95c539300a9e545580b5c89c1da8f67d0c9b16

  • SSDEEP

    768:/Hp7EnFkWWWWWWWWWWWWWWWoWWWWWWWWWWWWWWWWWWvinhpuN431RNrYmMaPNhRH:/Hp7En7nhpuN43FrYmMaPNhR++86h

Score
10/10
evasionpersistencespywarestealer

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\66ebb78571adee745d593d2d5a36f6c7.exe
    "C:\Users\Admin\AppData\Local\Temp\66ebb78571adee745d593d2d5a36f6c7.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2644
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\67McAfee.exe
    Filesize

    36KB

    MD5

    66ebb78571adee745d593d2d5a36f6c7

    SHA1

    250205326cb67342d80f1e52ca87beb61935c0dd

    SHA256

    d7b59141f885acd7f3eea30a4314e5910a0d89dae7567c5a88a0b397e4754188

    SHA512

    8b49f3ff2d699983546a9628c32391c7ed81eb9e60dbc381a829bcf5d6010404bd372414a23e6388bf38dd68cd95c539300a9e545580b5c89c1da8f67d0c9b16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f89f82f5ee3a3f202c5f0453e7be9798

    SHA1

    b6e58db7b584ad4b806c00a83dc13e2e36aeacb9

    SHA256

    24d5130dbe1de5bdad35e2d3d1168231a34441750fb0f03a3abfbd64bddc8866

    SHA512

    f6f8ea88c392d42791001a31fa4be463078e0a534ea49d1e3c1962282bbe3e436e7d620998caea8c3cfaf7febe0e19b8ff57d42a6d5255f66d27aa4b806df46e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21909fb504b0eafe1263fcbb77a9c8a3

    SHA1

    5655342e595ca57dfc9a8b69bf54c01e38be2997

    SHA256

    ee68f473eb1b5674a95f182a1811008a7901c399df958adffd068902d3effb22

    SHA512

    4b8eae3f7768f06d3459e329c5bb54a8f2b6ff0fd31243ff9b8e076d10bd87c5deeb4430e59df025d53643bbd397112c89cf5eab48d79e93e81898fc884bb3f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85f5f47e59c28e9f78c2c41132e037d0

    SHA1

    f6bde93b0113baf5de82df5c7f2f3f193fa33592

    SHA256

    efc52d3b47104661617342059af17dc6ea535122d2e77ea6264fbae7270eed3f

    SHA512

    e06c69e54a8b7bdd18313ef51e703d1db077c6a40acb75b5c1de5c3af1549d06dfc34b64b24114931122ce5620186c3a294246ff66057787ad9dd858fdce01af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba6904d099de95af643e0aee9ac78ed9

    SHA1

    3f5208ccafe2cef0db8feee77de99dd4ba66dce2

    SHA256

    b59eb265c0a9f5370ebd1b743e033fe24fb6bff85b5ce204ca657c0dad94c6f0

    SHA512

    735afb8df7b68e7e250860eabe8eeee5a017f7cbf74b17265cf8dfe84f3435de75d8dd5166af50eac7a11bdf133942f445d2e8255f59262e370bfe8e78551348

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a448d6c1d07a10ed0f39a29e12b00a6

    SHA1

    5e878eb8f68a9e2d78c704f4a9fde8c8ee632de8

    SHA256

    2bae055e7727bc1487fd06446045b7b3dae4efbf2ce79964f6316e9efed63047

    SHA512

    1378381caa75ae43ba8a5007a99ffcef9916ab4b6a80f76eaddc12dc4a19b21388c8beb43a82d81286bb317dd2f3c05919dc8af238dbd0661cb470ee0e9950ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76d81ad4b445c770912600a3abc3197b

    SHA1

    bc2ccf3d829fc19162db71aa79aec209661fb63a

    SHA256

    7be3088e66bd731f90337fdb2273e02f6e198fdb2dc52ee6608c6524724d5095

    SHA512

    8f3d472052b8d07d019b306fb7ff6787763ae058b7331a29afeea9550b21e1bbe5f9d8947e481143eed3ec5164d79220291a759525d55208cc156315f2a47294

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    befc6212e50912cceefe32277ebd5a29

    SHA1

    b275b0b24af1edda773aa0bbdb49cf6ecf2237fa

    SHA256

    8028ccfeee7966f5dd09cb320edd648473e560b31e42eaa7d9c59520847f1b2c

    SHA512

    d825d385eab57de88b0003be0e47ead353eeda4e8160bc55f1f44c7fcf25ae067b2ce5f3b3dd62524db069037fe96840e97e15efeb61270cdbccecf575272a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08bc322be7109f5c6cb3cae6891c64f1

    SHA1

    4bfd4aee16a45da8dae76e107a6be369cae85b5c

    SHA256

    d2d4e9937891cf997d9c1321709a8b164d89bcb438e0f871ecab90a9eb7d3f70

    SHA512

    0dbf8a78a20fef0b3edfaee0170c37f0661611825294617bc4fa0bbd47aab2785c5feb5e5c1fa57073745c17a214a9e834511afe9478dba835c8cfdc919e9c59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16edf6395796e54ee20459ab2dd1e912

    SHA1

    7b5a4b9f9ec0ff9c6a3033a8c8e87e6efea54bb4

    SHA256

    e1fc76dc6cec22c8e34ad730e2adcb06bbcb85146b2460881e8d8962e76fd5c8

    SHA512

    f3d9b9f78de20e14aebf6b912c87bc0281dcffd584d3e8c0e937e7f1733d4b452349b3dda037bba3918c144f2b89f054e90d89f0816308b9cdcf1454243ea43d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03de8f2dabdeeb3bb49d9fa18c1ba9d2

    SHA1

    334af4a8800a0ed63e72bc0c01d599e2ecc3e87c

    SHA256

    7c37e0df7e8cd4f893c352de3dc89a6bc0df4e824dbf162e5f554d5db270002b

    SHA512

    ee1d5fb9d5ed519951be400d71f6bb66499a101a7ad1c5227609d392af5a378cf6729adbbaab9d27f547402ff5e955c45c65060653042ab8f8ea2fd4f2ef153c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d2ae07cd9426b4068244a84b06b37c7

    SHA1

    1afa48ed3cc45f57ee9162940d153e7ee0404b2c

    SHA256

    defbc2bef72a587098349207807693e9a826e1dd8c3b71162ea132c0dcd94f36

    SHA512

    9194007c8ebcc46cf373dc6ffc8f9d2d13545772d2c551049e656f2250c687eabd3c80223e76bd491c7695138df90e7fc7ac70b3073e4e4a5c7e1466a8b9b977

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    733de36e70fdc7d727f2707a54259440

    SHA1

    b2b4cc8b6f7928828c22988126932b94477f7215

    SHA256

    df52f4f7e38df0b241852291e538ae767cdb0d6841288a88c57755a27818a29c

    SHA512

    c5fe38c5e0a3c591330b745b153f5acff7e74c6665e14da036866b2acea8efe896891424a69f29e181c12216a1cf5d4c04e6e2d65a4b45645d2cfe13f5954f3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e12e2dc81d04ade13fbe695e0d42682

    SHA1

    8618116e37148018243c0b44414b22f5ebc80b0e

    SHA256

    62fb76da716015222172fa0be2c463c674fbdfbac4f81bc55e27b3bb1e415afb

    SHA512

    387ab97f17000556680c08011c36ec0c5cfccfb5b5d568a74a58d393964d6a19f8a6178a32e72846f6c2dfc484f4531e5cd1255d1cd36a90045c81c0f12bb2c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc1855b943979ba60ab328fcc4144734

    SHA1

    dc7d34c8bf6d68f996617dc7bf929f7486c210ea

    SHA256

    9cf2d640937d3daf42b3818e2df26109f3cbf7b7384d38a4a16bb77a5e5915dd

    SHA512

    9d87f6c22c7b210562d532507b3b706971e2794854d527e475931531546d9d01fad9afe485c54535c12e5a0605db2fabd19658556ea72ff454ef9f0eb34ea88e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0b19b67b3233bc5fca2a2eaa6c400aa

    SHA1

    2b1a5de0bfeee0873328cd53c86b0326fffabe75

    SHA256

    c96665817adc1c5cd51fca6d00a94b5b6a20c721c4740a8c91668e3156f881a2

    SHA512

    e1b994e42e89868fa5ed512e09b4f4b3268c663f3df5ae9495b23eec880a9035aca8a3665e0314c5afdcf388d4b78f0c00f5e4293a3cbf9fec4a29e0b57a0c86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d00a8b41b36d0bf04ce596dbebbec13

    SHA1

    e48d98e17391b2ae9dc34a7ca21f52bcb8fc442f

    SHA256

    14d0e543470da7656985598e1814a07489b6068444022d82ee0d1ca75ada02db

    SHA512

    40fc2bd8f79c15c807d5edba7b21846ff5658b09b4d54f1e662663145ba2654eaf59a51215d4bfde4bd59ab0349d6c2f3f85789ae47d91defe0634ecdc42791a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38057665d212ad5e22889e62e648ab72

    SHA1

    9dcbac31f96dae0fb01bd38759078c823a6fc9ee

    SHA256

    1aacd9b93d3f9b3d0cc23639dd274770cb7eec30ac6786dc9b82270753091860

    SHA512

    7e32c1fccc90a8a588ccd1416385f76315f7640db8119af57d9b2d79b16dc3c1c3d6cbde13552c105c1a42ee3020d890b38b61cd00aacc8f5bc908ba9797a950

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab73DB.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar74A9.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\help.htm
    Filesize

    154B

    MD5

    6a1c9a8a3255028f64939c1e0e9deeac

    SHA1

    8ce0351e83ebcda68269872bc0f831af790130e2

    SHA256

    1fab6fe85dc17a8f92a63f9c32c807ec39c1598ea7883b3123236df6235abc87

    SHA512

    99c3f9c9348d06b6d4af2c2b88128685c06081bb65d5be1275a0d47d96186b91199af3fd2ab2e2d98071ba1ef268cddddd18b63b80ec8d974f6f56224e43e934

    Download Submit