Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3670a491574...42.exe
windows7-x64
7670a491574...42.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDIR/pwgen.dll
windows7-x64
3$PLUGINSDIR/pwgen.dll
windows10-2004-x64
3$_2_/Downl...er.exe
windows7-x64
1$_2_/Downl...er.exe
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/01/2024, 07:31
Static task
static1
Behavioral task
behavioral1
Sample
670a4915743f08d0b1778ac7551f7942.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
670a4915743f08d0b1778ac7551f7942.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/pwgen.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/pwgen.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
$_2_/DownloadManager.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
$_2_/DownloadManager.exe
Resource
win10v2004-20231222-en
General
-
Target
670a4915743f08d0b1778ac7551f7942.exe
-
Size
562KB
-
MD5
670a4915743f08d0b1778ac7551f7942
-
SHA1
11e3a62ada71e5b587df50b67fa65eef9bb5ec2a
-
SHA256
232c5934602eb593f7b3053c8b40b0c89ac74784f9aec9c60be48468c6f826bd
-
SHA512
93dcadbe6627235eacd0c0126db29f1fdb1bb9853c6b3ff7df525c36ddd4fe3c582dd75b4c8c354b68e5073f6409a683ca69997aea864b97f22ea359d5d9e9d6
-
SSDEEP
12288:oPwMDD1dxDx5SCbpK2h6Ieu96aUT7dxIfLbdi8R+3z2f:kt9jF5JU2h6IlLUTUvdRRaz2f
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2808 DownloadManager.exe -
Loads dropped DLL 8 IoCs
pid Process 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe 2504 670a4915743f08d0b1778ac7551f7942.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main DownloadManager.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2808 DownloadManager.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2808 DownloadManager.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2808 DownloadManager.exe 2808 DownloadManager.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2504 wrote to memory of 2808 2504 670a4915743f08d0b1778ac7551f7942.exe 28 PID 2504 wrote to memory of 2808 2504 670a4915743f08d0b1778ac7551f7942.exe 28 PID 2504 wrote to memory of 2808 2504 670a4915743f08d0b1778ac7551f7942.exe 28 PID 2504 wrote to memory of 2808 2504 670a4915743f08d0b1778ac7551f7942.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\670a4915743f08d0b1778ac7551f7942.exe"C:\Users\Admin\AppData\Local\Temp\670a4915743f08d0b1778ac7551f7942.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\DM_4DpZmmpFPk\DownloadManager.exeDownloadManager.exe "C:\Users\Admin\AppData\Local\Temp\670a4915743f08d0b1778ac7551f7942.exe"2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2808
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228B
MD59e3cfcdd4fd754e893f2d79629cc8377
SHA13a93fc958d20ed83c80e6f0801627958f3aac746
SHA25670a4351b30f7c4dbfe017dded1645fc22d3d030713f0edc9401a8d1dd8a0c788
SHA512355428b837405350009c2292067e5246d8c07bd19312284db27ed13b8ee23af8d386389d778680b40f875350825d16e5add49dd157ec196aad40591b1d486965
-
Filesize
11KB
MD5a436db0c473a087eb61ff5c53c34ba27
SHA165ea67e424e75f5065132b539c8b2eda88aa0506
SHA25675ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
Filesize
864KB
MD554fff123842d60d5e57d04c4cf7fbf93
SHA18b7c9ee4dfb31d76d6cdf0a4c1c9b1d974e1ddcb
SHA256e5f6ecac207287ea1c955497315de6c7622a06d4f8c63f44a838615f62acbb44
SHA512b415d13a53d9cbae34d6e1badec0db06be522a3233440947b2351027d671e02c99b64a8f121bf14a0d9539ef988d07d03dae6c4d90644333c54ad5574518f2d1
-
Filesize
4KB
MD5031ec9b12afb1fafc9fc397f3b90f29c
SHA1de26ddfe3ef452f8205bfbd5520a8eff6328619f
SHA2562dc320488b636b9dce9581a95e5a833a07500622c1a64fc05023ba6482d2a6e1
SHA512cbebded4e3a87234899e2b67121f898c9060671d25088b7de29bbcbda90a5410dd3afd110417caa6c46ba656e1a863da39127e15c2122fedaa5054f4d43b90a6
-
Filesize
21KB
MD5d7a3fa6a6c738b4a3c40d5602af20b08
SHA134fc75d97f640609cb6cadb001da2cb2c0b3538a
SHA25667eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
SHA51275cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
-
Filesize
16KB
MD5a555472395178ac8c733d90928e05017
SHA1f44b192d66473f01a6540aaec4b6c9ac4c611d35
SHA25682ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e
SHA512e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a