Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

cmd_fw_ins...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cmd_fw_installer_138430009_eb.exe

  • Size

    5.4MB

  • MD5

    b48216dca6f745a40645248384659fdd

  • SHA1

    3bc265e7282bfb5c63be6cc73a2b7aad9a060904

  • SHA256

    9b6394b0d1da147c5c718ebf3aba211ce2d4aefc63eb0dc80ed5cfc0db269bcd

  • SHA512

    488fbd2b606c4f829b0ec05217b7d9be687cb885b988bc7cdcf7e1d61da2ef06fc422646696e24c2a1c1a63d793bda2293204037bd5a0178a673c00e91b226ec

  • SSDEEP

    98304:n3oeoi7dSeyJ6A89FbeCD25kvriejkx9sZjMK6vx6IF/M8aWzBWcPNkNzt9e:n3oeoYSeyJ6vnKCD25kvmeh6vFF//aFU

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks for any installed AV software in registry 1 TTPs 39 IoCs
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies system certificate store 2 TTPs 16 IoCs
    evasionspywaretrojan
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe
    "C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
      "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cmd_fw_installer_138430009_eb.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cfwfree
      2⤵
      • Checks for any installed AV software in registry
      • Enumerates connected drives
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall_138430009_eb.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall_138430009_eb.exe" -log -theme "lycia" -setupname "cmd_fw_installer_138430009_eb.exe" -type "web" -mode "cfwfree" -sfx "C:\Users\Admin\AppData\Local\Temp" -logfile "C:\Users\Admin\AppData\Local\Temp\\cmdinstall.exe_24-02-22_23.05.39.log" -parent 2240 "Admin" 1488
        3⤵
        • Checks for any installed AV software in registry
        • Enumerates connected drives
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies system certificate store
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3868
  • C:\Windows\system32\msinfo32.exe
    "C:\Windows\system32\msinfo32.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Enumerates system info in registry
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
    Filesize

    34KB

    MD5

    f42c56a1f750bdf43155a2aee0f1407c

    SHA1

    0929dd9594fccffe5e7e43ea33a5eb6467afab0b

    SHA256

    86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c

    SHA512

    31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

    Download Submit

  • C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\eula\eula_cfwfree.html.tmp
    Filesize

    171KB

    MD5

    b655d81127550b07fbe2ac849e6e1e42

    SHA1

    61fa51e4c9f01d5c7302a8a9ac6c43bbc665c45d

    SHA256

    32ac5b1265a7cae273baab2be295ee71a9033ff4233bf92630872523770cc241

    SHA512

    4a8d05f7488e6bc91aa545618e1d6dedb7508bcf7d635777e2f67c82fcc40e29116924598ed563c7778c32e6a837a5f6467d8d4c01ae282a84b89783fbde9571

    Download Submit

  • C:\ProgramData\Comodo Downloader\cis\download\installs\installer_data\installer_init.xml
    Filesize

    20KB

    MD5

    06c0057d77fc4789b1428dd6710cd5ab

    SHA1

    660445d67f92e84ee9aa96a7aa6cd50ba43148ca

    SHA256

    e3a998c06b37cec5570409e0714af72a1a936759b4420adf1b0dfaf43bb7218e

    SHA512

    497a86bd35149465ef3ce3d7b483a3d4950475963a9cc20075f4f92a54b05fbffa97b537b256c9bcc31a3a20f4229d33ceed45f6bd30fc9057cf879bbb368a91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007
    Filesize

    766B

    MD5

    2e5fa4187fb6415eecc96ad803ef7a1f

    SHA1

    68b78c4f61f4d520b33f57cafea093af55d908b7

    SHA256

    b062016459e7153d726d2c02b9cce214725a628a07750b54478e9ff30fe0e6c3

    SHA512

    bc01349a89f2ef26f38e9eb075eaf6a11c34a0fe52a493d3b24d1d79ce81e797e5588e5e67dc32efc73a6f3a173c7f6e05de25f39e28217744d0702ae0d91b13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
    Filesize

    509B

    MD5

    fea8620759cc1b00f3bb49e396daf6ce

    SHA1

    1858314388b1a18502a21d96acf2461057512e0a

    SHA256

    d55895833630c4627a1a796bb8c276ec08ef9c385ccea58b5b6c77186602efa2

    SHA512

    33d7131b3a8f71c7c2f8defe2ac9f83f1b3e8cf64aa68109c3c991d4daa0941d5f1a15b929dcbf899d2f21448a6b5e4981f06eb7c149af1af8dc759f8c4d7532

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007
    Filesize

    484B

    MD5

    b50d8ddd92c8664c96609cf4fe188229

    SHA1

    0c67edfd0073660e7005a78bf2491fd764ed8d61

    SHA256

    e9c8464e6ac72d4a2097de0a53b8c290d24ab447504a38ab1b6ad1951d007390

    SHA512

    1f3d0391a47a33d2dc3ec729e73f60e27b7017e98d0ad4ae8b28dce29fc8b96e2a4463a320ffee8b4a41d92fea7bc2c5b3b97e4e296ff31172b000bf308405e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
    Filesize

    490B

    MD5

    3f03232a1f446420e53693e0be0ad1ef

    SHA1

    2057df954de17af7c2523fc77e6d336503bb3c00

    SHA256

    d5bd71d70a456ca962b72b4af9e342d3ba0e8dddb7420b9eb8b0ea3d8ee08623

    SHA512

    9f0cf5d7009109f49659e08e320897f4620c1e0e2bc75fe2b92dd1e5d5a9bc5a1ad37340b2b9c838eb41259448b1d89ed205e52a309da32dd50be898b16e92b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
    Filesize

    277KB

    MD5

    7baac18fb157c76574ca3d7a2f5eb193

    SHA1

    6460577ce621fa28133096073376f6a88f8acd61

    SHA256

    347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2

    SHA512

    513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
    Filesize

    3.7MB

    MD5

    cc5e8c8bad38bc52755054d580dbabf4

    SHA1

    470dc89ddaa8fd4cba354251d4cb8fff55f70a43

    SHA256

    d8bad9dfd0226c73bd580cd6be855e3168920c90fb5d0ef9d871ad62ebf3beed

    SHA512

    0ca259cb09e8bcea94e49af985d3fe8ce00f1b74c5f709bf6c8c6d242b92f32167ae85916569c856d444ed94f6feee11b9a8e077037311dcba15259014770bac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
    Filesize

    4.2MB

    MD5

    6d9aa26bb18af69dc74ae8e822eb53dd

    SHA1

    6ef20da9b9e70afa742f047f1c6f9d3e58290450

    SHA256

    cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3

    SHA512

    3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
    Filesize

    3.2MB

    MD5

    17a0b552d0503e59a3da6493b9f41f20

    SHA1

    3d05602428001db5db65b478be113a4faee75e5a

    SHA256

    ddbb89461294cfbe4fc949518a156a137c7f1ddbc95ee3881230b9ce0174e3c8

    SHA512

    507466597768ab36a3b93d095d254b3843a7e0160208a6b9416a39edbce12024f1a1b36f50b1092b0668a993d4f5cace5e8d3018eb92342e1f0e235bcd062002

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
    Filesize

    5.0MB

    MD5

    37b74307486f5b5484cb6493af16dd44

    SHA1

    825caf772042ced78a3d5cb0be135e8253076c9b

    SHA256

    70985cd6850d963f7edeaea03b7f4979b9e5342a44ae7104f1fdff61529048f9

    SHA512

    98929a5045e4f025349d44fb2bfc5697173cadcc961d65927d7d4137990d77f5265fdca3a513e228d554e099ac4fb91012ccc5937dadd23b6954b648b2f0b139

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
    Filesize

    1.2MB

    MD5

    e9e26619cadb616dbeefca09a8afecaa

    SHA1

    3fe98b4c12138c05c0cbd2fa0beba474d37a67c2

    SHA256

    9220be6e8fb434db8136da0c56c4e2ca40b9e273943967fa7c079c341be3bd0a

    SHA512

    9f5157a4353b2987352f12d47bd03753a5116f5ead586175d44516dbe77fd0529ca1b4011c74046ed96a80050634b32c5b801d63fd7262be6f3212fd062f1847

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall_138430009_eb.exe
    Filesize

    279KB

    MD5

    1b76d9f3b10a5516ad7859d21384bc93

    SHA1

    5f21c08e8dc2ca8b32a4d0e83e892def6082474d

    SHA256

    1471af0058b717a07c7d32d20b04e55dac5b884235ce4c2f25d568b26dd03bfe

    SHA512

    e652fdb51410f88253b6d1a3f10c5df366e3013595f892b4620c508d23aa53cec690265980f75889c4f2001e54499cb756771e7258ccbcf68dca3ebc35715294

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
    Filesize

    367KB

    MD5

    a4b3e07a9d407bca7a0ed76ea7c4945f

    SHA1

    af16d87110e2f9e64d5c35a6d522151b69377bbc

    SHA256

    b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555

    SHA512

    77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
    Filesize

    5KB

    MD5

    b80eda6258e28b537651f8e5ebd997ff

    SHA1

    826741e138e8342f4bc3303838e347a44bb93546

    SHA256

    6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709

    SHA512

    9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
    Filesize

    764KB

    MD5

    7b85f91536c8342ac64d3edece2af7fe

    SHA1

    1e28c62364f606f03078e985222a2e3400a483c6

    SHA256

    918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae

    SHA512

    42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cmdinstall.exe_24-02-22_23.05.39.log
    Filesize

    6KB

    MD5

    ac02b922c3aeee66213c0ebd4107f905

    SHA1

    277118665f4e840771e30a8b295035e829b44ea4

    SHA256

    5be8f1fc543558cb393e1807514508d19764c02f7f22f28cf6d5915f37c3b69b

    SHA512

    6f744deddf6ec611369f5647893d3312fab20f07fa07a4aad8784abe278fc8e5572a5597806ff4559f09e1a6b6182d283ab75e97047b2a6294bcde9346faedb6

    Download Submit