Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

b4ba98739b...b4.exe

windows7-x64

6

b4ba98739b...b4.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4ba98739bd67dcf0691951fa93adab4.exe

  • Size

    41KB

  • MD5

    b4ba98739bd67dcf0691951fa93adab4

  • SHA1

    e30d49e8db7b484aacbf9babe712d127753f2703

  • SHA256

    6696b416b5b1ac87253efc5bcf5f953123e6a8bf480c1b6bd065b8add870c445

  • SHA512

    dbb89c932ac444ed9a51d9e467976b8dda679a94e708897f55f32d68a1387f7df7b7ec716c405cfeb104983090cbb518b25ccc0c769a17e491797b18bc3952ca

  • SSDEEP

    768:cfaEMwMptrp2mubZ7bZEMqs7rROajvICREZ4MmNq3mfZ2cbL+d4NMg:cfanfTrgbZ7bZEMf7rVjvIZ28cbGg

Score
6/10
collectiondiscovery

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4ba98739bd67dcf0691951fa93adab4.exe
    "C:\Users\Admin\AppData\Local\Temp\b4ba98739bd67dcf0691951fa93adab4.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_win_path
    PID:2196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2600
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:952
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1772
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d79fe786b34d61abcddec8643a664f07

    SHA1

    0ed2ae81c81f4afdd6a1344720191c155620118a

    SHA256

    0cacf4479bfd97f1fb87a4e677623e9b42b8e37dadecf3e72dcebfdd7ae81ebe

    SHA512

    8cd643ecd4b97e2f73b0db01a4554c4f4a9e39eeadda6d93dfa6eed277158642e15372f310290e093bd6cb7e391ad9ce7c09d9ff0db4bf850a7c43bc5464ac70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a57932ffabf3ec3bf3c88a66dbc01cf4

    SHA1

    fdec807fdd2e679f6f6931eb732748f6bad6cdc3

    SHA256

    f45c97894fa79dbd61236a1228d7231e575ffebe7212419d9923128427074da7

    SHA512

    e11ad2216a69fd8eebfa2b7335ed7d5d98e197513c6a8ac13d5495e8bedfade384ad15c1aa7ad88d694e7dacd8c289057f19a46cb1b3d0e8edf7312ba8c729c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a433bf2583bcb99ddf0cd5d3c1f9856

    SHA1

    137b4b4a0a500cb8fb4b6010c57c0906fcdc9606

    SHA256

    ee27d9f87d16f614e122174436a62229d3883f96feb164fb7bd89cf17f0e3d69

    SHA512

    1e46c8c909c2e4d6da8c3fed5d0ca9ce7bd6e21facb2700d829fd11563228522cdb56ced5097416eb57edaa6af0ea634002a1b04bca5a656878297193191f0dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3743df50bbe8836a266638112705d993

    SHA1

    842f3918ea457754f709faf0efe8374a39e29502

    SHA256

    f524060f2995fec0269cc3fe4c4d40fc85c43f1a367d4951574feb506fd2c663

    SHA512

    629db504b328d90372707b6d2f6f411fecbcf8778ccaa1725d5f7434221d5370c5961643927d4b9e6443077f97500eabf184c01d9ac67c2d51129460133e6adb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    146276bb271bd7c0510a5ffd0842139e

    SHA1

    e157704ae1d8384912e3d7650abfb4eaa3863912

    SHA256

    cf0126761212044e46ab528e002e757b79fdb6c78b65b59c3fc4eea3ec17bf92

    SHA512

    2ecdcfcd42d8d861181729af11167fc34716c0e997432c7bf754b807975c8d1d8c843725e0c3015358424eb2498d7d1789979a061397b62440c37468e95ebafa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0b5d5099e7bae136333d03242551c90

    SHA1

    43238f9c482669df746a0d95ccb118becffa43f1

    SHA256

    8c15050e120c698a8b92d0e5d5895cb93ea9215e40f8fdb19e986aa8f79e180b

    SHA512

    e1bd5e6e9c5b836fb0eaabc9e8f167bb0019019ae984cbd33d8b27a14e5c0295e2e0dddbd61a54fcf970dc82268a8ccc67366799d7a0e5823fea935ace19f0db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5303.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5423.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF2D67A114F1ED3C15.TMP
    Filesize

    16KB

    MD5

    19be05c638d20587613f8c7333300503

    SHA1

    f9a1bcd16a52f8528bdba7900605200c04a8c9a3

    SHA256

    24137bdde2a6d0f16732f33f19c5adff9a8a82f2b47f9b6b2f073f57abd9ff22

    SHA512

    aedaeb980c7d801b106ce678745e34b41494c2851f339e6a7ed1b6a1177a9a4fb280ef7d7f5d930272056f69cda1e84348b73e159594c4429f7de4f06fc1095d

    Download Submit

  • memory/2196-0-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2196-1-0x00000000005E0000-0x00000000005E2000-memory.dmp

    Filesize

    8KB

    Download