Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

8f7617b0e5...d0.exe

windows7-x64

7

8f7617b0e5...d0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f7617b0e58d8baf0c07b4f889a88cd0.exe

  • Size

    43KB

  • MD5

    8f7617b0e58d8baf0c07b4f889a88cd0

  • SHA1

    9f548a54af9e49ac0b5b41aeabddd39921253f4a

  • SHA256

    d644b0d6ac1a29293dc2c4e47a56e94e14752272c1caafe850b2bb7a92d7568d

  • SHA512

    48aeb5a6e2b356d0152de80eeb0cf1778617546abf42a9a9dbee4ff4d5277fedb7c844d115ecd9c0c55f36548101029370bb97804ead684351d87f3b7170d5aa

  • SSDEEP

    768:ke9tQ7pPcYq8DpyRGX/lx4juUhDo2x4kfuBaGtymH/yLSCzMUx:j4kYq8cwXfkfh+kfOa3g4rx

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f7617b0e58d8baf0c07b4f889a88cd0.exe
    "C:\Users\Admin\AppData\Local\Temp\8f7617b0e58d8baf0c07b4f889a88cd0.exe"
    1⤵
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" aj32.dll,ID
      2⤵
      • Loads dropped DLL
      PID:2080
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\8F7617~1.EXE >> NUL
      2⤵
      • Deletes itself
      PID:1300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\aj32.dll
    Filesize

    33KB

    MD5

    91ca1f7a687ae01f3db5d18101c1dd57

    SHA1

    7a2adab1f5aeb3577c5d4ee42ea95c42743bfc05

    SHA256

    49ac0599460ced7dda36a580a396ee2b7ec3a2dc97aab491a2cf857db570bbcf

    SHA512

    bef108ca3dfd418c448c5345ff9b68e3b9f1678edb86f6642639fc8e54fbfadab11244c115086aca713cacfd8e7c4450551921db0b1d96dd5505d26ea26dd481

    Download Submit

  • memory/2080-7-0x0000000020000000-0x000000002001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2080-9-0x0000000020000000-0x000000002001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2080-10-0x0000000020000000-0x000000002001E000-memory.dmp

    Filesize

    120KB

    Download