Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

7f866840b9...c2.exe

windows7-x64

7

7f866840b9...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f866840b9b867d64161b113555cacc2.exe

  • Size

    9KB

  • MD5

    7f866840b9b867d64161b113555cacc2

  • SHA1

    53cbaae3fd26ba1654a950db8d1f58a6f85ffd18

  • SHA256

    35950d4721a5af0d026df06664069f25a5ace918797c445036d7a7c4a2c793d9

  • SHA512

    bba5efabd3c77793b84bb828693420f9d7c43afa961b58b5463b402ad2f7a744cc44a8a5b3d89fa3fe331dce38eeb665d1aff9f468d4ca65d31ac700ddb94970

  • SSDEEP

    192:/TlMi6dUCC1WZTqoXqVLlGTT4UDaZPLJoJuasrVKEkR:/TaIJ1UTqoaVZGXYP+2VKEkR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f866840b9b867d64161b113555cacc2.exe
    "C:\Users\Admin\AppData\Local\Temp\7f866840b9b867d64161b113555cacc2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://www.baidu.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:492
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/Loader_jieku_977.html
      2⤵
        PID:952
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/haozip_tiny.200629.html
        2⤵
        • Modifies Internet Explorer settings
        PID:456
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.html
        2⤵
        • Modifies Internet Explorer settings
        PID:1652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      23c885d47568a0c8ec78d6dcc163d3e6

      SHA1

      5784bd843fecdfcdfdd6c213c092c65613d1f6b4

      SHA256

      c682f97f831992d9fc18392f30e050457a49b6e15de26a1af4459541c2866d80

      SHA512

      329f656e73d533712901b9dd168555670fa8ca2d89aaffbc5e446f734af2eb409c54cbbcfc72b9173a65d413bafc4f74c47d6985ce15767890719c36f6e15fa1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      14ca31e7ded512a2cc4536dda91c400c

      SHA1

      8e452ec35f9afe1234a0e4815621f4ce915beafe

      SHA256

      9c11eebd8624ee928f7b26d7ade4159414598812a94d1cc7292e179c758e25df

      SHA512

      1a19da20511e33457e505d0e8b9b9fbb82a5eb4a2e3963bef2c6c7d6e150c3584f15f20357d28004afdab31fd88ad4e3d4c48eb56df852fa3edcf861c24a2460

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JTZDE235\www.baidu[1].xml
      Filesize

      15KB

      MD5

      6c014a0c11ec5b8a71c203492ded2d69

      SHA1

      510ab15237f66703012e909976072bc7ea08cd79

      SHA256

      11b5c59060780598ffc549fd37adb12fdec61edc7603b619e03c6fef5a680d24

      SHA512

      0e82608de8c0846e073b0e2a10a10cd8cc4784d57d71c2a7f79b84f31696197f34953da3fdec0e7d956be8b3ef575017be839f194b61517f82fd861b87c6b4c9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JTZDE235\www.baidu[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JTZDE235\www.baidu[1].xml
      Filesize

      170B

      MD5

      547bd7cf184d50169e36749350f55663

      SHA1

      169487487e5356c7e9125728a16dbe4321e8fff6

      SHA256

      48add501c3ce29c2c70b968ab4813f311ecec8fec05bf4297dfeb7b1e202e157

      SHA512

      bda8d05a3179ae227ec23e71c02c5ffde1a14b64e299c2a02913e0743b3568f62b44b70405d36030f6d03ea6d191c12188e0f7a54c9ccfdc48f510cfac23348d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verEEF4.tmp
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\iay4xvb\imagestore.dat
      Filesize

      16KB

      MD5

      7b2d8a866a474c4ac6c81b59ab8983f2

      SHA1

      618df6e8f19d7d4490ce903278eebbacf1fa208d

      SHA256

      d319c1d143937d78ba6573b6a73c7313e86e6bcbb471d41702fa587327bb71ba

      SHA512

      28f4599b7fc5b98ad334ec813d4665394b961426e82242b6d5e2d57528fe2bfd6c2ff6ec6be9c5e5895f03a5557de841bf49c68e4e3c2ca3e124bc06fe95905d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\favicon[1].ico
      Filesize

      16KB

      MD5

      717b138033a41361b32b60fc5062ab2a

      SHA1

      af9841b6f0923f890f41feec52c94a0cd68f01d8

      SHA256

      c70088079fe9441a726c66ce0e73ae38315ec80051d3dd542c41b82fa0a1993a

      SHA512

      1985bf59c3ee8289bbe55fbe572371d1f401949e6a0179b35ca89e292173780956161feb257303fe9ff5fd2898ca7fd6105eb1796841ade0e1124eeb89aa70ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • memory/3024-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3024-116-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download