Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a15d9a1f63...c6.exe

windows7-x64

7

a15d9a1f63...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a15d9a1f634a6597db71badaf2c867c6.exe

  • Size

    1.4MB

  • MD5

    a15d9a1f634a6597db71badaf2c867c6

  • SHA1

    548afc66e8dbdbb964e01ff4ac2c981677d050db

  • SHA256

    8b096307d6791375016e1b2abd1a9646afa1d9007646d3015ffca7db695c6eb4

  • SHA512

    1eddc79b4e42f88e15b68f414ee73db492c743fce3ee9d21d57fcba2abee8d0b15592375a504d6da18762223114311a7122eaf904abd03af8673f97aab9be434

  • SSDEEP

    24576:bNr/4p6qO4pDlPJsZtZQk5p8hulbEwfDpBzjRvdsxlTShiVNB:Z/4Qf4pxPctqG8IllnxvdsxZ4Uj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 43 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a15d9a1f634a6597db71badaf2c867c6.exe
    "C:\Users\Admin\AppData\Local\Temp\a15d9a1f634a6597db71badaf2c867c6.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1144
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1144 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2452
    • C:\Windows\SysWOW64\Wscript.exe
      "C:\Windows\system32\Wscript" "C:\Program Files (x86)\soft202504\b_2004.vbs"
      2⤵
        PID:2428

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\soft202504\b_2004.vbs
      Filesize

      293B

      MD5

      8fc4c6f63f156aa1810779edf18a9ee0

      SHA1

      8976551f8ff1b80af8d95f15bb0e62892f71a8ba

      SHA256

      0a2139d577089d2c4d5945801c8d65bfe0840c6355e06f60c260b7e50926e296

      SHA512

      43b283a5e4e11a412dd85c31ecfdc081b88cd7653d1a542952f06b5ab8fa8e578229cbd113e04160ed4b375e85fadb340c3df106a47ac23ab1ca07d00c43cdfc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67eaa00e619f39df61fc70843d7bcd1d

      SHA1

      fd37db568066786f608aa2f4e9c8cbbe9ebcbf16

      SHA256

      04e68c3fdfbb2d7d65c80e7acbe03fb1281eb1c5130028542574ebf924b994ff

      SHA512

      33b8d3caa970b23aa81714c4a6149829ec881cce4f64277ba111e3eb39eaae074eefccd97b36dcf42c6fcac0717d0aa8be91d4b05e38d23058cb1f50042a5e07

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1649b5f69117d70cd31d03bc7a8bc641

      SHA1

      c2202b38b592e3e052f70e90374e33c932b00a8c

      SHA256

      ca864d5b8867ccb0a19d112b65a4fa4c2fb7250250d1e58c40b84ea338d22c07

      SHA512

      54873030bbda9be7ca0520e099a809c2b582090b91ff2ee2fbf3f36692a249e477aef4daa70c62231a7f342d546f4ae33f8a2c9445b62bbca221cc2d22471b2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ea6a78dab6c3ae9c114c9f98b53daf55

      SHA1

      b2938193260e32d41040dec590ae976b0b061d88

      SHA256

      ade9ae79b2867c2443dd9b3163034b8071fa75c7c4b293f4cbc52de1467275a1

      SHA512

      dc95c715d2a7d7c5152cef60185de3a8b9138e53a19d68c882bd6ec29e8a493d4b800803a17a4bf7aa6f8a2154c99e5921324d5aff1a2e08240e79cd781a95ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7df2767575b1fdbafe8abc9a1c4481e4

      SHA1

      1fcb751ea0f80486bc85dd4f9119d9b8a8167b16

      SHA256

      e84cc5ea34b02b6ca818e74e62dd177316e8aca2945991e4ed627137bd9bd09c

      SHA512

      cb32edfae1806d2357c95fa6b958c8163374ee3e520f65f26e700f20e9f625572311fba6f259646ff3ccc3f343660c6f4c583d495cd4ab91e6d342402fbda104

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      97710a048ce7010b95f5bab800bcd2b6

      SHA1

      e437dfc3ac7a8c7e9c3e472643462332a82abc79

      SHA256

      bc75856dfddefc896bc454cf479e1b217f53b1ce226c113bf76ddbc561dccef1

      SHA512

      76af24345212ac8a45f2a01e30774731950bfb140187a85c1dcf53770ce117e23f04415db2dc7a612e3bb90b750185f5ea8963c33be2465ca3f3f2a15f10cbaf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8d5ad063f139bb20ae4aa43e3e196db0

      SHA1

      3f26ca21729b476596e432499dd8cee160c83a8a

      SHA256

      390a164679c58657985a91e5901c3d5f4ff94c3086ac185bd40f3d0d401983d4

      SHA512

      b64cadca60e1ebf37e94b1af54d986f0482daad7befb89989edf1cd93892a0181919d476716f5e84cec8936bf9358345ec4641cfc4d549eec36fc304fd6daa3e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d87342e8a012f683240b9fc4e033feb6

      SHA1

      efe67a170a7d4b614b4a7b923d000f7c876f30c0

      SHA256

      4aedbd64e4db82fd2e2f4e3acd3d35a3e25e6a1c37a924177dcfd23687493bd0

      SHA512

      e5bd483b94b888b745704d682be5cf6ac1cd08adcc8dc9cfbfc66c4a51923b0d97bbb54eb0109c146fb9009cdcd198bf3cdc0ddffc2b0d395819e966162f82a7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      177f76954a0a218c4c1771bd894080d6

      SHA1

      910c940ab4b97ec21fad7f4e8e73e04c70cb830f

      SHA256

      e566be29eb14bc249796eb5fc53cbd11e003585764fe0624ee0c074588f51d5f

      SHA512

      957cf97165245a8399a2ae3bb6b6ff7df7b109cb4c964d8f4b6f1f566050ae4665245cbf85bbfad71380e3ba30f787c558ea50f44e3585c37c96db7b6117eab7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ceb9bdbcd68357098910517e7efc5d03

      SHA1

      9d90bfd1c6485059e7ed9780c67d97fbd24a034c

      SHA256

      74f0c3354097c589ce1a345f07cb33a8cad889b483fab76969fa3170f2de5c5d

      SHA512

      90d48b876858f390953bfab31eca0af6458b1fc932f008ba99b0693f0d9246e1592c309c1386b9fa4d7af90e3e22fc56249141bde7f51d17f62cc48abb21a046

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2394659056428f37ac9155787ce1af25

      SHA1

      9e077dbfe9949337f93e60981b79faea6dfa2442

      SHA256

      aaf480a2278017859bc1536084b8ea02b8980c9e9ced4b2d11917b842c91a2cf

      SHA512

      4dc8a5cb3d134d1f0a3e729ff13b6f168b3cc09a1f991abda9a631c01a7672122e268be810b43c4481dcd0d1613c232e747335862ea7dd5ba370073128962310

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1128fa2a245402b3b800f2fbd5c5ef5

      SHA1

      2a75aa7f5799dd9636bc2c1d0e55d69711f0e795

      SHA256

      541527e0d612846dba1da07bdd8f3ef75eca79e7db1c7fca48b307956869a392

      SHA512

      ac6abecaddd520ad060e61f7dfe4e730321721093123df1278a9e246e59f4e35ec8c5051e4eab3fb961eaefae94fba19b280afe6ce2e848fabb53dbfd5157ee0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41602f2f8d1e57127709086b1c097cb9

      SHA1

      cd8e8dd071e9bfe6cffa446c873aa3f2d068a3ae

      SHA256

      a796de8bfbe9d0b208fc2f20b273f2a7a74efc6feea83045ac8dc65ea3e2363e

      SHA512

      ecfa3bfd02a4073cdb4965ca435a914e2bf92de84cfb54f33cb1f14f4da70858c9ddea41b61707464aaf4bc345749a1187e0a210ed3d3f7f52499ef0512b5996

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41c67717bd8175513ffd0e9bb247ea31

      SHA1

      58735925967ce76530bf422c4d8ed2e35e80ad60

      SHA256

      8895b5cb35d6e26189c4326e3663f8fdad771475713a7f3f78dbe370702ee1db

      SHA512

      aee38a97267a2eea931f0daa36fbd8474c8d475e3e3bd38d03d1d4db4d172d81b180fcd97d7c0a580f7ecab6841a712ff9575a0d18b6b0ddf2b87aa2f15b1ab4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      da8046e31d7a5416602d21e3b55b6c68

      SHA1

      db32e82f1090a6d3d0e426ab22315467925eca17

      SHA256

      2daa4414027670db4fc72757193fb5d8fc81a6fe0648153181482c1c6069bd3b

      SHA512

      4ba77a1a0d85695cb3a2c82badfac52691861da3c21b1340d54321394e99b7fa6158599dca0bec596fdbff8d8b23b77a6460e6c4aba6832bc35490d5d7b09143

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e69304f171f2f05e84cd024a9673dc61

      SHA1

      50f34061ddb4feb05e7cdb37c85a36eaee74113f

      SHA256

      c93231a76295f2d69d7b74f7945e8898343fc91fa47abcc1fa8ccb6d0edadccf

      SHA512

      368a91203b2f6950f5baafebd09b83932fae3c51a06f8f0f38debc4813337b0074ad9f4d73eecace290a749fbcf5459079452a26339e757461a664278e6f1621

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b2cf049a9f22a723a0f3ca6a1395cc4e

      SHA1

      431cbb782da4fcc37c6a8ed727fba00c05bfe630

      SHA256

      c8a4ccefc0f7d22800f68a55ddd45ac62008296a94b87f3a700cf68973316b1e

      SHA512

      f065a4b01c7b283df1a50b7e8a5241070e8802737aca20cce48553de673933d884c24708cc58fc8466162df6b033847965e4ac503cf3ddc5ab4c519c168125fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7943c525d7bef8b180a400f78d83d752

      SHA1

      207bbbfcee5a09ad1697821bfa137d83e7799052

      SHA256

      9a9fcabd28848ad99411e26dd44a4135ddfd9c94c8ef3cafffc9d6fd8bccbe81

      SHA512

      78faf7dae6e1ffb85f59ffba5005b98d4bfc77a0b14beef9a2a9b23955eee0e26fadd2cc83a882af0611fa217dcce581ffc50d727647cf09372163536eb71e75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f88b4fc730fa81a01d82b40a62a755b7

      SHA1

      c8753c5619ca8d2826186e8327abe588c85a03b0

      SHA256

      1ae585ed44dc3ac7951f8e6feac249b6b674dad3dc9d22e76bbedecccda38634

      SHA512

      018456ec0b569473c57bfde2aa9b533612bac9165200a4ffa4a95766f962e3b73fa2c608b6a8778d134a09df13e43a91d5a31af8db66347e6401fd48b3f86e1b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83BD3211-D2EB-11EE-9921-5267BFD3BAD1}.dat
      Filesize

      5KB

      MD5

      d626a68cc06c9544e9c859189f93abe1

      SHA1

      8fa549becffe940c60f33430e5e8f31c849bac5b

      SHA256

      a5cccdc3b703b3b643a4e7d86f4f9d67b1028c77145667c4f5f4211a72be2465

      SHA512

      b610d7d64cdc88da0663c0f8df05c5c1adc93eddda2cc9f6e667bca4a7c6e4bd8388a5cebc8b879f7cd9e170068748ca394a348852806b1143cf2260cf4cc048

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83C1F4D1-D2EB-11EE-9921-5267BFD3BAD1}.dat
      Filesize

      3KB

      MD5

      527000dbd69618c1e8686ea3a48b4447

      SHA1

      e67c24f6b9b0169f275a297fd44c7f6fdec4f680

      SHA256

      dcca44d36cf01fe0522048cc498f1d299877dc64970fa161174438c1d6f30981

      SHA512

      fe3fe8ffae18dbb65026bd0de9fd0d851a7e17c879df6809ae1d2f288248208d0d06fac2b91fb8583ad3e3156cb2ec36ef27fedc54c44e702cf9369744498ce3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab18A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1FA.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy4329.tmp\FindProcDLL.dll
      Filesize

      31KB

      MD5

      83cd62eab980e3d64c131799608c8371

      SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

      SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

      SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy4329.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit