Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

b6a819ef7e...6d.exe

windows7-x64

7

b6a819ef7e...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6a819ef7e168d266b46fea369795c6d.exe

  • Size

    1.5MB

  • MD5

    b6a819ef7e168d266b46fea369795c6d

  • SHA1

    fa60566c82eb267a28b456f9b71377f9b1801623

  • SHA256

    58c9d3a5be31309d1842f9a9f0531d632df817fcd0dba5690645631a6b81b6c0

  • SHA512

    57f48832ebc52c40e2f04c277579768d3466ff72301679c35215c59821d932bc483f64140d07cb254fa6cada9aa2e2d34d0c11050b7840e913e4befde825567c

  • SSDEEP

    24576:sGoseufagFnX8dfncq6cPwKPqnLolyMEIChp2GClQjX0bX7xNTlRFb5jnOAJIxd:JZfaeqn56wwQqLolrEIC3J4r7/TbTjnm

Score
7/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe
    "C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe
      "C:\Users\Admin\AppData\Local\Temp\b6a819ef7e168d266b46fea369795c6d.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_52f2a890"
      2⤵
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2716
      • C:\Users\Admin\AppData\LocalLow\cookieman.exe
        "C:\Users\Admin\AppData\LocalLow\cookieman.exe" /mode=read installiq.com
        3⤵
        • Executes dropped EXE
        PID:2480
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c345663a9efef2a38a984061ea32bd8e

    SHA1

    95943fda8449dd1e463aa356ff54ef4420649954

    SHA256

    b648c452d995a54f84f3a32ca6b1e8200f640e73bb517ba5dca5d5565a480968

    SHA512

    5217c06abee29ceb89cdac7914d223113631ce53a6092172d4d4934029ede70e006affd4b2906ec7a668b2ef0a52b2839090001ddb176ca5f83b83913d2938ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    65e6831b117c44305568238559efe224

    SHA1

    0fde9453c308b9686e6f39512a6053eae94e3c16

    SHA256

    fd0deab322a4aed005c5b58f772da26224833234826bbc1818f1e0578ae86e7b

    SHA512

    8dfb6b1396e17087176cf7c51b518eb74b7726b68430f417e63333bba2fff3336bcf0def800a63ce859d2dd20f92a9460b2d43c09050845b354c92255347edc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\cookie.ini
    Filesize

    34B

    MD5

    3f4519b56cb1e006dfe4341e72112913

    SHA1

    0ff5675d359c898b6a6bdc1dff10f71097bc9927

    SHA256

    125adf4924899f2026436c0919853bb78b718c7cb6f2187148b01938b79388a2

    SHA512

    78c0961f0828f32032c643f0e6ab59d1ca8b96bb891a74b0b255e1a1a63a0c581f486e9e16b070399e6365d1fb53464eb2b723932480b41a2df5e9f1eb89ab40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\cookieman.exe
    Filesize

    45KB

    MD5

    ab5cb7f226388cf9e27218fccfcced0c

    SHA1

    2c1f6f71c6887220d718c539ed7b210bc93af2d5

    SHA256

    c5c48cc063094e3663f0f1931831ac79a6a9e465be10db72e0b7f8130ec45276

    SHA512

    d6e2318553fe7aca3c186d0446163278e0481a8d244e9b837cec7fd72f5561534ac5b1a513a72202b433959556d1aff78d416c6a20dc73552b36aae9fc9a60cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabADD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF76.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_52f2a890\autorun.txt
    Filesize

    125B

    MD5

    b58695b233b69c4502acd4b65453c77a

    SHA1

    897699242b02206523d980d9caf18f4f0b00709c

    SHA256

    aee64388c220040dd53324a9c8482c3e75c2c9340dec83f0c9240da00616c8ce

    SHA512

    bd4d486ee5c30923fcb9f7e5e873f4c3fbd4e1f239346b60d22d3481c0cd23af6ec90b7263a5b3fa9412e66e8341ee7ab4ea647befeb190b400e53c88b4c54fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_52f2a890\timings.txt
    Filesize

    371B

    MD5

    bfa55e417c486f5f5b76a16a99feb668

    SHA1

    2508e7aa5a27cfa3dab1be653b51a2fcdcda1f24

    SHA256

    f7955d2c6e725247c40286df5e226e2f641b85cfee302b17b0fbaec283248051

    SHA512

    2443add90cce533aa5c80851c0399cf533f89337fd0d4151e33237755ed4caeff23b85afb99e0e924d1523ac701d5165a12ec9ef1734842cce144d7495a3d31d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_52f2a890\wrapper.xml
    Filesize

    692B

    MD5

    44601e00ff712607d2a0b64de786d843

    SHA1

    5696d1604b564a38669035faf395f78c933d8717

    SHA256

    424ef303f88bcd0c6af1858cdacc0e3225545957fcb6c49110e39ff39b26b7f9

    SHA512

    7328a2db19fc89d43a4c6dac7338ebf71dfe418bf3bd5bf04966afa1cd76cc7c73daeea07496c7df425ad369f6b17ffcbdf3b2d5de7e7d70424621d9375b73d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UG8JTLDN.txt
    Filesize

    103B

    MD5

    266ab2140e2a622245fa1d53a8ce82fd

    SHA1

    e4bdcad51065c7ce19066c2f7ef7f694c7ba30fe

    SHA256

    bf61529d39e4311de4a53f9651abdb4918a9d89770cbdecfcbbc663e27364373

    SHA512

    9a63be27174df95f744eed8cf6e5cd0ad0291c6be1bae43c4285d0776ecffcc7c48e6918cbf6bc3ac37c61defcf1d0d3a275d9baabbd8e8b0400c0f1ffd7d8bf

    Download Submit

  • memory/2716-58-0x0000000002340000-0x0000000002342000-memory.dmp

    Filesize

    8KB

    Download