Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

886c430137...b1.exe

windows7-x64

886c430137...b1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2024, 03:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    886c43013729e3680d7d0834dd4a09b1.exe

  • Size

    790KB

  • MD5

    886c43013729e3680d7d0834dd4a09b1

  • SHA1

    9555ea3dda5c549a6e73982477d40995505f15d2

  • SHA256

    e98c80000553b71b121b9ba9b6c8a0f78d0a7c74cbf7bc528398fdb10e11fbc0

  • SHA512

    49f401d52c56a228aa85c501b5f9bdf04a2d7347e8ae6ebd4e50c5384a3e797e3ed7564c05df78545a8be2d638d0e9655d9c5dccf9450adab2355bc2e698190e

  • SSDEEP

    24576:8XS30ApdHWBPhArcTX0Kw8AeaScm2XyhA3xyGKEK:8KytW8AefhA3xKz

Score
8/10
adwareevasionstealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\886c43013729e3680d7d0834dd4a09b1.exe
    "C:\Users\Admin\AppData\Local\Temp\886c43013729e3680d7d0834dd4a09b1.exe"
    1⤵
    • Checks whether UAC is enabled
    • Installs/modifies Browser Helper Object
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDMGetAll_7\IDMGetAll_7.log
    Filesize

    355B

    MD5

    f82c6ac902f33471c5860edc702ee9b3

    SHA1

    25c31dce3c73200413184c7a01f9b2dc578f1d72

    SHA256

    0cad5e961a71350d8453b64ecda6265f4418671eec0535e9a5d406cf77dde972

    SHA512

    38f8b611b7df70c48f779e48136f63d1a33d818ac1462b81fe472560782cc0af405adbe0e7e6bac1d5f55d114b8d2317d48bbe51a64a1936210decfcbf992bfc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDMGrHlp_10\IDMGrHlp_10.log
    Filesize

    354B

    MD5

    b6fa81bc217bfddc9719db75a8c6bc2b

    SHA1

    8587f35250ba5a86e960f6bc9b10459a6fcee381

    SHA256

    289cf43296e5164c3c369cac3593e26d9f23c1106544ad87b1c8358c2dcb75f2

    SHA512

    146db81b780c7555a57b5aa1b0c1637b0f6e543c09be2b568934004ec421ffcd508b1e5b26dcb9478632eb8dc3fe9a8e892a92d370b5771d587181372fd6685d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDMGrHlp_10\IDMGrHlp_10.log
    Filesize

    1KB

    MD5

    90f1147dabf1dd43d1d2e8598ef3b68f

    SHA1

    7f2487838eb2b0f1ebffbdc6d302f439901d6819

    SHA256

    467af6fce0d43f3f6351617b0792bb6aa653e1fdd4829238dc4d31c7630522dc

    SHA512

    153af4fdc36412d78895f05410efc4f530a01ba1ae33d4192ed900dee86b9886c64a7b9039b0e214260d3c84a340e519d91dc6246b67fffc3ef0de36e1cf3346

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDMIECC_5\IDMIECC_5.log
    Filesize

    351B

    MD5

    1502a9636549d70a922e79f1aa6fbde9

    SHA1

    92edbe89c446dd64700dec3a24740a36639c19c1

    SHA256

    ea888a907abe5618d9f23b560792cb9e417ac2fbe16e93fa99194805e5b0c573

    SHA512

    370bab886a20e692d9678649c16c980883f1f808104103e30086ab262d2591ff03e91c92d535e5bb8971ac28dfd2a78c2311c06278cc4afff8f42c09e16ce186

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDMIECC_5\IDMIECC_5.log
    Filesize

    1KB

    MD5

    ebe1115106c7312a1ee60f0ad353173f

    SHA1

    e5d9ab92026e20ba093c900e4058bf50c8b978ff

    SHA256

    b8eb1e89c52b835054407d92b91987c8e2086e6aec3ec61e218f56581fa99f4c

    SHA512

    766afeed40df494d00296f8ff5c26f555e5543a07b1a73b868dc247e0e3cce3e7dc2dee75129afd89deb2891474b179df768a3db51dd2e9cab7f7061bab9bd86

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDManTypeInfo_4\IDManTypeInfo.tlb
    Filesize

    107B

    MD5

    c4d899de5101be56b68a1f08b4849134

    SHA1

    8ccab67a609ada6c75315e64e361a2321563f3a2

    SHA256

    7e40c6ac42047ea44723c684e0772f1cb87e85e291ed531e0a7957403bc088bf

    SHA512

    12016abcccb366645255616ecbcc1b381b3dab2453e5ba0ea9c385241be640d74f572d5cc2eba132b8acc6c1d60c914e491d8da166b8cdba002b9319d04a43e1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDManTypeInfo_4\IDManTypeInfo_4.log
    Filesize

    363B

    MD5

    495117f8630c39507ce1fb65a119572f

    SHA1

    5d490751a8534d1d371f3a4399870b39bd5f1c71

    SHA256

    d2d7db5878bfef3757aa64ba4f67dee1082935325f49732910b3bc14a98f6008

    SHA512

    bc0d3b8a210c8b65a0b8dc27211c423019fc2cf03a8f641d7749e599510f067f1183978fca380cdea6e22be9739fe2087b9b73f011de388cc0e65ad51e4d8e2b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IDManTypeInfo_4\IDManTypeInfo_4.log
    Filesize

    1KB

    MD5

    819de8b5a51e165109e87876fd5ee485

    SHA1

    06e6e240814265a1639bb08ec391aea40fd4cccb

    SHA256

    cfbba549f44b6c8820a9e6b6c87171f595b0037a351b81362fab280069e29917

    SHA512

    047b227ea4ef0d0c1e123c354aed3f4ee72e2721a39fcfbf0b733443375e59c9236d68b9624aaaece6f93293ab5f3bcc8af96eb33cc27fa597d621cd670b999c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IEExt_8\IEExt_8.log
    Filesize

    347B

    MD5

    77107ea3af83ac6f369ab611b891d8e6

    SHA1

    68f9409281ead37ff9688fc16fd0598f9eee4e95

    SHA256

    f61a3500effb5268df4f60c2d7da02f18ac8ce60e6749911d19b2c4d9cc487c5

    SHA512

    a08ad42693920d058d395db4adb9c7f8d32557d8e97c020c2b6efa30dd9468a121824f2c0ccc13dd8f83d4a6836f2683ffa1365e901242e699494a11b2e41e8f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IEGetAll_9\IEGetAll_9.log
    Filesize

    353B

    MD5

    be6e84dc9ef519cdc6ee91905533dfb8

    SHA1

    62665bc403866b69a2ebb8ebd6679a82ea9c6d7e

    SHA256

    447e7ddc42d7194d74fea3ded698525a0f64af373b7ad7f5fab84f9460d5db73

    SHA512

    348ffbe4b461dc746079603882acfd9c425452183c286daee99c62610fdb9ba68e22d4246fd59f7dfafcfe65c1624879f85e011e32f061d27374360caab9d62f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\IEGetAll_9\IEGetAll_9.log
    Filesize

    897B

    MD5

    8ebce56eec7417016e6bc0519c0e9dfa

    SHA1

    3b8409a3e28bcb761230cb5b80552190a41bba7a

    SHA256

    d2cb83320ac7adbf7e90c96ca4ac2034fe1401a88a4260372dde2e3bb448a72e

    SHA512

    22e73197198661c37dab4f70d291855927ab77bd413cf51d1b2e4a54ad45785ead62c30a89ad347fe53285839ffbfc8ca23bb7476e9031b746f497be78bb98e8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\Uninstall_3\Uninstall_3.log
    Filesize

    355B

    MD5

    3671a8e477f6db60dd6b2026a21e6579

    SHA1

    e909b3a42f97d357702dae40b3dbf55174e01613

    SHA256

    0708f1ffed51e71b64820a41070bc2f34bd643b5c75417fb9f2ca82738075018

    SHA512

    cf587bb35c896fda628c9b9aaa9e2a3622adf12093037596c1dba977521bdf189c05fc8e8ffd28fc553652ff4457218b2c7632a68500f5f5251e1785091d1f20

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\Uninstall_3\Uninstall_3.log
    Filesize

    1KB

    MD5

    6e132b4ebc19ae23ecf9ed7d320b2f54

    SHA1

    32ac1ed8a2a70b28d2f4a9c175808e9371c77d80

    SHA256

    2d555296c30302bb1a46792e54251bc698bb81a3020c4747229e3214bffacf73

    SHA512

    759f8e599f696ce0052c39fe117db64e05b97ffcec76792ef0635ce64941caf68921062cd74704ab50e65d14d5ad5282228b8770278fdf7a79bae35ba366219d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmbc_2\idmmbc_2.log
    Filesize

    349B

    MD5

    1cc6973d292f16a2136e7267a9272ed8

    SHA1

    4d1c7d9e5c2dbf31e7fde1ce79baf51e16ff74f2

    SHA256

    1af956be9f97eadef4b3796e9b59ed88b92a01f85ba1efab2ba622bc21802285

    SHA512

    eb29a62606a7b71a2217b78853e215b0859675d02402d1749d8519d469cbdb93cfa6107b9137a417b91ba023b687bf45edd6b0ca400388b5aa221f21794fbba6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmbc_2\idmmbc_2.log
    Filesize

    696B

    MD5

    86a1fec1e3bbfed0c113010dbbde59b6

    SHA1

    e8c0b47caed2efee2fbb44ce54aac2364dbe646f

    SHA256

    d81497f4eef2e85a16c8a6df43c286420a846cbbcc7c6ec6a1d785a22cea440a

    SHA512

    47d880abbfb31ac2df6a4b9e4a580f679ef87b471b534d806c616b7cd2666114a671950806378aa54ad689c240d22b1b02b9f5b061f805b95c37027cdab332ce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmkb_6\idmmkb_6.log
    Filesize

    349B

    MD5

    9e11e4269fc0e7ab2afd6796c2690c98

    SHA1

    d53c89ca6b3215ba00d63d2172c3fc08ac03cff3

    SHA256

    d2be23f7b871803f5693346de70a23d8c78582559bc64a82616642865c20c055

    SHA512

    742b58e94526f9e671cbefe5a8c2bb0ba3658fda2c85827009b8955b8317475d939163744c36418cbd46410ac40725fd9b10a6d12f1fc5ef4d6ed73daa86860d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmzcc_11\idmmzcc_11.log
    Filesize

    352B

    MD5

    73bad7fd8ea466a90f26459dd74f5def

    SHA1

    c7deabe01f335b606f6e9039f5fab8cc4bb4bf52

    SHA256

    1d2c74f2c89530b7db3da268ae2a86b300ad57ea1affe4a9285bc352da6d971e

    SHA512

    28594576ced1d4a19c7ead8c40418ae9f0e7fb8face46b5bf2313975c9ba7384a283f2126ae2a0741175eafc11e7eae1db3d30154d07813c2b62d478b64ffe04

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmzcc_11\idmmzcc_11.log
    Filesize

    883B

    MD5

    0d310ed0e8f8933de9eda17d929c214a

    SHA1

    a27d2e827ca2973e44acd964cd9bed338b93deea

    SHA256

    0d9e67e38d260e2f967a4f1fef07828faea13db6b9e3d0a8746f974bd16bb296

    SHA512

    0804c5ac9c6400422b2489d0bbb514df823dee0ba5253875e54447ce8964cc625ee8fc1a51a8adae151dcbfb81560aeb6af6a72382454c653829824278ce3d88

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\testing_1\testing_1.log
    Filesize

    1KB

    MD5

    9566c294020e364e4719de9b81f16a90

    SHA1

    24c67dd3148d52090a07b1298774147a1607f9e3

    SHA256

    61ee37eb9de0519079fb49c4f9f1000b7f64162bfff941fe3fdafe77a79854f3

    SHA512

    8b2b377f1f984821180224f212716bb043ab324437d0a8a7fcbd7a5fae0ae586f922f85a3a4a325bec013c67f057cddfda8360a859f2e6aa45f0687eda33525d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\testing_1\testing_1.log
    Filesize

    291B

    MD5

    89682f515c88904b0c4e542f22dfb5f9

    SHA1

    bab57bf2100822d2064a60f8bb33f31a31f3f184

    SHA256

    57937a6e2b6bea2d0d9ad76558b509bbfa937e75c23b8521c27c836d5951e84e

    SHA512

    902fa729cfd63f7c885ed058a01e8dd0aca1dddefd5fb5fad90907fcad1a0be694ab4e69a8fb2bd8750ba8cda56398a0a6ba5ebab7c0ab151ffe606ffce10772

    Download Submit

  • memory/4960-563-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-742-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4960-2-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4960-0-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-56-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-741-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-3-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-743-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-745-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-746-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-748-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-751-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4960-754-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download