Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

8a941b3741...38.dll

windows7-x64

6

8a941b3741...38.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a941b3741b3b84f032df3fa8df05f38.dll

  • Size

    473KB

  • MD5

    8a941b3741b3b84f032df3fa8df05f38

  • SHA1

    709f907993134a655d996978a9e800f4168de1c4

  • SHA256

    86478dde55423ea79373c7717db21ed3f16998b88d4c2f14c029b0e4f05e8a2a

  • SHA512

    8fa577f4217816fc86fdbff9a052473a8de43cccaedbb81ccd26b2b187908dcee6416f191a2671b9617b61e40a00f113b3377af5f82366967f4f0c6daf4ec592

  • SSDEEP

    12288:KEyS9OOCHzSCcVflpCLPnLTeeeAlj6o4A:k/HuCcZHCLLTq4f4A

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2368
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    b31a11ef8049adb0f685a8ea733e64aa

    SHA1

    670fa2b5db96ff08f7285d41c400e047a1c2e2d6

    SHA256

    64cd036caae4f726bc7e7daa58df2410d8542ae7b13c5b5f0e58361f7e079572

    SHA512

    93d9b667627f1646b166dca3877c6290f0ceef981bf641f805682253883fc8b02359a4780c60125b618c627446b96be3e11043924e32eb2bbc53d301030a8fb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6545df66b62fc93430fb484c18f21424

    SHA1

    9de515a47c502579c2c4a0ac997ac163ff0b6710

    SHA256

    cd48efe21af63db0c38b02524d0f3c90011bb847a0f8cacce540606bf84c3aa1

    SHA512

    2a6160d901a53952a0fdeddde69cc1e4bf961ef901b925c941febdb762508d87b9e53bcc9087fae84e5cfa0b5919b9b549a6e678f949328e503d2563de43a77a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    142a16829069c0f25b71e050c9c118a3

    SHA1

    c759ca402f2784cdefc7733b9ab21f976c3f9028

    SHA256

    736e5696c91e5581bc47fdbfb6da143510f417faaa12a857f5deccc28391d04b

    SHA512

    71bcf8c0dd88bee3b7ba808da451362f7066c192850db0cba212ce5ffa4cbb55e5eb185f5b087e70af8d6c0a63d05d44047bcf9657b559a68db77472f4bad1bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24006fa8b227a949c03f82c349ca2779

    SHA1

    6a4d87dd9d61d31c02701c1ec80eacd7daacd335

    SHA256

    86dd2556b6942998d70459cc646268847c6dc0f1b0b6d333442d16d8b1803d6f

    SHA512

    3bec263f074f5e16a5611644cd3048b8f8b4901a74616060bef8ca9e10011ac6f4e27afd5ab7d477251bc4c512e9b7c86f8d6b0b19b639eb4fe090eb8055a7b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40bfe72c6d6d815157dce5210cc7ee06

    SHA1

    34dc1d3a64d1baa6725fd2d69ae8d2c3c0058ae7

    SHA256

    da12ce064b0b773f5bb9259c9f4f2ea6e8f721dd3391dc6247175a79a1abbc0f

    SHA512

    37e0b5b9d325306f71a5840501d465803519cb0c47c012cc36ec8e5bb2b11aaa3c5c130ecdbcec5b6afc25e193f307422aa50276a6de47ff49a2f314586548d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    617939998af5190e0c466eff5fb1c53c

    SHA1

    87ba2e1f94fc40dd8bc98872672b27878dfe55ab

    SHA256

    0574486c6f7b0fec1a32a506f0acfd5c0d141a7c1dcaf7d9754b92898d0457bb

    SHA512

    571fabe7cda9fa1af8dfe76165100c4234c6e3f4d03be444e10ac3e6e5eb0cab9ff136e0f58dee2c57761ed611c41944b2c87431096c3263135b2e59dc799934

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    649989e450771bf20457aa73af24743a

    SHA1

    26c0f375519b1793bd231b429d9593689f30a73c

    SHA256

    7320b1ab3e2253d68194096de6118ce49c2bf71af0c7650e300d9a5b76cfd07d

    SHA512

    149eb54cf7ee6930500ab16fb0bc82b6e479b337eabda1ab9544648984d19554f76841f0987ced677bda69e1e46508581b7eb315bd462753e0e945d7c0af35a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    636bda91dac05b003e8a8234fdf42b4a

    SHA1

    2635b80f09bf05eb62f1a792d2918f457726fec8

    SHA256

    585c94a6a4e6b37e5982cc1eb6abec09d0964ca058ee0eb76acde8b189f61ff2

    SHA512

    5526f5a01947f6b8c5e33c6367441616dd027d4d4f0fa2811a185ccd8f61525db856c9f8943b08b1a7fee6e1e9431c7ccc38031076b4c447eddaa63f3949b806

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6715feea6a444555569e843a7893b5ea

    SHA1

    87a4086a7fb8e997f7af5f2f0e60e22be27f4414

    SHA256

    01f89c17d530c4f00f206aee85b79c228879a4f040367ffe62427422cac68715

    SHA512

    500372931a7a53ad5ab2d3c4acbc127e00d8d18d89f74a10561eba8754e53c7795436ff8dde33b132d9a7a820de43ea0fda7dd7a975170720c5f376bb978b462

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7da18cf03a450549862118c772dbfc2

    SHA1

    f0491aa24bbac84ef7d0c9674bbfa4cf9924b421

    SHA256

    328d71cb92a67c0b619d742be93d81d48cea97a6d48c85cf24aa76f3f2f94000

    SHA512

    ec883e2d1af6d35a65d33606a0a95c720735043a007d3d03d6fc0f090f8275c0dee614be1653193fe7ce8373a459ad7edc4ba6cf41ae17b95d70078315d822eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4280170282fdca6446c2d4cc4d5756df

    SHA1

    bd17efeedfc862cf7e8450c083037f01e9c6e92f

    SHA256

    9e8447213cf6d49b87520513b017e7c2b1ca7b719bc79792e5df3b78f6eead8b

    SHA512

    a59d8e283980302edad484dc60b4f4be7bb7bdef016b9e2551929072c48898b254a6875657fcf1e0a36181489eca9e1af62c26e94281340221b0ca269d48ac74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e11d2d4b4350113308769c87e3f157d

    SHA1

    d4d219c77206223a5c833ba0ddd4ef54b48cbe3e

    SHA256

    3f9d4e80daf278e1a6cb3873f5a85e2516f752fdcdd71058c6d547affb329285

    SHA512

    075eccf0a4963ebd3c30171e167c3231ca0c8ae5613baa30cb430cf356aa0bff59dee406a2912bbefad8bdbb0d089fdf0137646d67bf22892fd1e1a832189b13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e46b2d6acd26a04ce1b4f36cb13021a6

    SHA1

    e5604b4f878269dbba781c03a6d282100a44f40f

    SHA256

    648beb92cf6b62f19f5795f04089cdca9c65e762bf43c85167589e0df412b50a

    SHA512

    f84d2b17010684da62496c6a1e2aa8a5ea445bd7705f9324133dd301a3d3613f01a05d1b364318c01a84e6c3168a4024607ea38f524fea1d0ed8986efbcadf75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef135af49939435d48fc729799e65f99

    SHA1

    9e9524e50455c01a4df5af066e5e43ce42bc0d91

    SHA256

    b5dd5a1725790ca9758caaf8ee1856ee2a21b4b27dae0e209f91f7ba27dca88e

    SHA512

    40bd274c591b93a84d8603d7fe826737867ad49cbaf38e2f665637c39cf2b74591d2d0739c28336f5018bd870d3185b0cf2ee1aa1e26c6d538ba8b705402e06e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f702ac31e8f06548c6097f3f19c4767

    SHA1

    e5bebdb91a60546fd28571ec9e525b28caffaf37

    SHA256

    8e715fb87a566777c0723715405f13c9f789d3854acd9e68109e4e4488af235e

    SHA512

    82397f9ceed02f0e2ce9f3b32423b1f937e2fc835a3a85cc8585e7749dc79d9522909be66f6ef8148951ed4463e2ee03781cd2da22ca3e594741320b8cc06a1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    355d9b75ec894f6bc66f1b4dc5e02570

    SHA1

    b09f33e7453fd20edd5f3e6bbd268fb3dc8da330

    SHA256

    3c3ef64f53289cd1773bf4ec79170b0cc5f26e0757eb1e6e68ba4eaecbf2c34d

    SHA512

    ac4820d4ef8baf33a127843addb03e824391a5141106043c0efbb9a9ca29f819dd8f35474a46187d73280afea3cfd3670c70678cce1d81574a18be907787e487

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47a18cdc074e1d92d790586301e23613

    SHA1

    1477e6e2ecd5bfe2b1ebf8731ace37e235aa0b19

    SHA256

    68bd5ee662a009440fa969f5b5a6f4635e1f6705d3459e7bba893fd73e2c47c3

    SHA512

    c26135decf0d7a44a87344cb5c2414526fdd1e5be9133f3db3010df051727bf55c632b6cbc30bfe2103681133575db1141f56abea41dcf56519f0a42928a70d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a3b6b56d08b496e5039b050f954e4fd

    SHA1

    47b9dbfff0ef0637213023de11362be17d3eb56d

    SHA256

    771d212ec59ba2ec06c4136cc591e3fd62a3ea3125fab0574033fed70092057c

    SHA512

    c573c30c69dd9c7f25a10c413e203aafffb0ce17c93271984009243c7f6bac313306b046920b954a0c625ceacbb2b86723624740ff4b0d6e71737392d6d5f22d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd5e6a4726b46690a8892c8af20ea243

    SHA1

    5e6b2dc7ab00ce94ca65f4d8ef2d6a289a40cfff

    SHA256

    6b8d60a40a47518260438d9be814bd7a67c256ad616ca9ac11c9ae3bd0cf1548

    SHA512

    9db546a5d1192daf313bb1db5e328e8f6401f36e5b7081050772316b21206cf953b8e362b78b994ff407e3032e5ef5c16ebb28a558a09c223be592b4c8bd5451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3324698ea754af4daf88a3cb12d3924c

    SHA1

    d80cd04cae8860c1b0983e6ac5fc60c3b3b4f408

    SHA256

    7d4e756b0b7994a77729f6648f74ac8305d5e2d104dfbe09c4b144c07a52ec7a

    SHA512

    d6999a534c06203b8dbb65266136d30e713b4fdf7d93d1fa814ad107bb0f0a0dc1e7d092099b38a68c0d6815734ab2355636e9e17a5930238652d3991f35dd5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    096e42d3320b3f0dd3bd291170b55789

    SHA1

    5d150b60b167289c281aab02a640efcc58b8a81e

    SHA256

    fc196dfdf75a21aa66245b5d6cd00cf1d8e47e5a32cc0959fddd48f47321079d

    SHA512

    c8f5fd07f7d5615a1f7774deb6d832298ff36671470693cc2248aba17a721624147619b4ce310b5ea3fdc672e4c1ffec505c8569713df0e7fc5becb1cde0764e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OJCV7Z4\dnserror[1]
    Filesize

    1KB

    MD5

    73c70b34b5f8f158d38a94b9d7766515

    SHA1

    e9eaa065bd6585a1b176e13615fd7e6ef96230a9

    SHA256

    3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

    SHA512

    927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I11AFI0\NewErrorPageTemplate[1]
    Filesize

    1KB

    MD5

    cdf81e591d9cbfb47a7f97a2bcdb70b9

    SHA1

    8f12010dfaacdecad77b70a3e781c707cf328496

    SHA256

    204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

    SHA512

    977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNOV4PTT\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIDL2KDB\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab37E3.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3901.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2368-0-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download