Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a08bc8efa9...48.exe

windows7-x64

7

a08bc8efa9...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a08bc8efa9fa2e9d5d2074ef6cac5d48.exe

  • Size

    173KB

  • MD5

    a08bc8efa9fa2e9d5d2074ef6cac5d48

  • SHA1

    0ce76d19a602e58a8bb81d8baa5a609bc07647cd

  • SHA256

    23b1660bc99b00ca748548de68ae4b9a3c42fecf01d572ba5075dde2c196fe0c

  • SHA512

    e3ffdb3cb5caf743159e94e29d47848d7a6a97393703762a1568aa688d14695f7f5eda91ce07d2a1ad0af8741b80f826f8c3f61eff1b9814720c484b57ad5fda

  • SSDEEP

    3072:C1rvjnrdU4KN1/iKlyLo8NJtikmH4SLN3HMIuobD4Ryi/OBVZl03pYe46KX:CVL64g1MLocmH7B3sI1rioc3pYeF

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a08bc8efa9fa2e9d5d2074ef6cac5d48.exe
    "C:\Users\Admin\AppData\Local\Temp\a08bc8efa9fa2e9d5d2074ef6cac5d48.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\vcroxm.dll",GetSystemParameter
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1756
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:406533 /prefetch:2
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c931327286780b97cf5aa1dbb1207022

    SHA1

    d2262c067d9da09bff8c285fdabacfda7a21a3f6

    SHA256

    412ff2a9e99aff6b6ad281b7681177446712a8ef43dcc25728f530296295de23

    SHA512

    2539efab4ff5360e16c9773d8e9c536779889400e2e2937442208632cea58ef1104568c2d363cde9351e2a90c757aaf45ec3d572f1a54813efa61183244e3c76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96edc10ef133a165ae1cb0ed80a3ac7e

    SHA1

    1d9dc61ab12030c9c693a803bb9e4c1ae0cdd01a

    SHA256

    c0a4c58ff8bc9f79c2fd33d637bc50e19a867cf8a7cb8cbce81f24a1fcb2c2ce

    SHA512

    396afbb115796ea522737061346bde0546fe4b90f0d5e879c46bfb678ef32e5bd7b2c898d939f78a5e86ae433e0bd5a3498b88a71860a8000aebbd22a52915e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e459fc4845ab7f46b7fc4d615432c80b

    SHA1

    84b56923b7b92af2b80a6085229f2278798b317b

    SHA256

    e9f0630345ba58ab3d62735d7b2c25da9a59b6a7691f3198ba7783cf9e2908bb

    SHA512

    64d2683332942f0bae24abcfb189b871360553b08142a97a0f452281d68f90910b75092410f4edaf648cb8b7dbd47f5d80e1defd33bbf3889f891d30ba0b0fc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4be281aef0cba4178a0fada7f1a4bbee

    SHA1

    3f30be3d2ee7f0deab9976ab6fce04559973b94b

    SHA256

    15bb7fa3007df50fd8ce121c17c10c3340cd4ab8e69e28c6a1110fe369ead001

    SHA512

    b4c259981cb32875dc889cc92b878ca4ca18a39f27dbc1c71090169c2c67b506d5c7d8503e69152670506ccc7882ec769670bb1d36275095b59a497158913a16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0c1e6aa069dd92a8612bc4b91f45eb6

    SHA1

    89a1759bfe02da652cafc7af8c7009b7dd49d21b

    SHA256

    87c1a30cb0ad8fda00fa87c2afab7b7366a3fe91680039f365ac4b3828c239cd

    SHA512

    c264efc22e325bf5db81a2b714e16d1a9195f9ea9a188dacdeef28a1678e393ccb569c402bb484c90fc6353a8e42b8d42ecbc4be56e127915e9b240c83bc2fe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1842ec3e4bcd8ddf942763e6bab38b8f

    SHA1

    c29afda07eca3381e4d9c43a2c3242d0698950f8

    SHA256

    9b3b135cf93a957aa6dcc3a8c9661ae25cb396325911871c8a053b90d016a830

    SHA512

    df70fa9cf0219f7aead70f6108c87873a58bd2bce59da24f9ec8dd29b7bb1d4047e5ba375e321f3c7288b8d378cb01a06ae6d2be8b8c91bb24e0c7c103ed505c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5bbd41e853ce901a86e9f412e7b849f4

    SHA1

    d0159ea50e83761035c939568974e70aaff16f4c

    SHA256

    51ef3445fa7f3918ef90e0150e596834275c3e0cf2a907fa54414ae07275771a

    SHA512

    adb1cc325a9091db6ad87e1ede40790c077db84bcd88dae718ea94549f91eaf661256a450103d917e316dd7bc1e75bcb08913ea7cabf09a62131dc80264f32b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d243fc23896101c8b4bb13735d0605d

    SHA1

    b83288081bb6ba389022cf482ac39023c0a56534

    SHA256

    49a35852dc337af2c9d60713872d459b882fbf59073f8b36003589e12486bbd4

    SHA512

    8e0f0fe9f5b331aca4421a8b0e2c88c760b5c2d3704c9416f5e2e01b36db01418836c530b5cce4a19403a360150bc11a3ec6c6eadb90b5b2255568af82825f7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f79c6b99b70da717abed948331cbbea

    SHA1

    db266cc1f49c7eb5d8abe379aaf2c82d51e9d913

    SHA256

    29f20c8eb6388762cc069d25d8150e576e70d283d9063c0bd7c552a27be8944e

    SHA512

    d70457c37e7a7ca66f29eae2eebd59279c2e724c1006161dea995d7d3c9c560a06674d85db0d1f3b2a9603f0a79031aee9b038e19d1a81976779df3b62f9b5ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC735.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC805.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vcroxm.dll
    Filesize

    173KB

    MD5

    4ca5b13266d90c3dcab042ea8cffc3b2

    SHA1

    4ac4fa43aefd45a551ef1bc6e5357ef88811e280

    SHA256

    631b3e4721892a466d693bdb6e3fd992ca630c0ee9c2ae2aa97a37e2c5f1e1b1

    SHA512

    6d07ab44e8bb86659de497a15a2fa4b491a2cfab5ad5a4d84815fe3b37fe12915947d1cb390406145b4f0d188a89711f36767443b7437b092c1418abb45c9edb

    Download Submit

  • memory/1756-16-0x0000000000140000-0x000000000016E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1756-23-0x00000000000C0000-0x00000000000D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1756-22-0x0000000000180000-0x0000000000182000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1756-20-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1756-15-0x00000000000C0000-0x00000000000D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2696-21-0x0000000000230000-0x0000000000244000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2696-0-0x0000000000230000-0x0000000000244000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2696-6-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2696-1-0x0000000000230000-0x0000000000244000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2696-2-0x0000000000300000-0x000000000032E000-memory.dmp

    Filesize

    184KB

    Download