Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ce35c3f58a...fd.exe

windows7-x64

7

ce35c3f58a...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce35c3f58ae10fe6ad69add959b6f99834b52b79353fe4fc19a4c4dcca3a65fd.exe

  • Size

    386KB

  • MD5

    72dfde60075453ca1f42449435f7d065

  • SHA1

    0cc24486fc24e4fd8b0f6a3e34a4cf7f373eb3d8

  • SHA256

    ce35c3f58ae10fe6ad69add959b6f99834b52b79353fe4fc19a4c4dcca3a65fd

  • SHA512

    5989a9037602fcd0452b8fe3bc8c14b3e159ab8d3a4c4040186374617b2c96cb30423985f589029eeccd18bbe49a277ed18adfdaf593c1754cc57ea72b413953

  • SSDEEP

    6144:FEWDFDs5t38dX6pxE4XU7kpJTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvLbhcy/N:mDux5FHLAcudQo/uOueJZJmR+

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce35c3f58ae10fe6ad69add959b6f99834b52b79353fe4fc19a4c4dcca3a65fd.exe
    "C:\Users\Admin\AppData\Local\Temp\ce35c3f58ae10fe6ad69add959b6f99834b52b79353fe4fc19a4c4dcca3a65fd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.foobar.com/test.php
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.foobar.com/test.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2524
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C: && cd "C:\Users\Admin\AppData\Local" && dir . /s /b | find "test" > "C:\Users\Admin\shellcodefile.txt"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1116
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" dir . /s /b "
        3⤵
          PID:3020
        • C:\Windows\SysWOW64\find.exe
          find "test"
          3⤵
            PID:1108

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        67KB

        MD5

        753df6889fd7410a2e9fe333da83a429

        SHA1

        3c425f16e8267186061dd48ac1c77c122962456e

        SHA256

        b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

        SHA512

        9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        52098ffebba31f2eea76f335d883fdb6

        SHA1

        be959fbe7b0d38b10c743728c3f45b36f3dc2a38

        SHA256

        9ac0291282b9e1fd7bd1c56cb1af2ea8281e9c3bbc285a89326e6d03f35745e2

        SHA512

        cd0dea0a999ef9cf0cf5b12d4d74ab89e44f28f6b703f82f5d35f6b46deec019d9b6544168161b72e6cfa090f1a18bef4f5732bf1ec8529d4749b530574d4200

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        7e3388c81a4c2745b330ac0468350fb1

        SHA1

        f6fb8f94c9b07edc379552fb1a4eaf3ee926db7e

        SHA256

        e5a0057555f35034294fed0b35c2e0e4c863eca0a4e25d6fd7a6303352dafa97

        SHA512

        fff76138e8c34409e2d0d60ceabae79aa334920a13e07602e655c6ce668ab17f8ef94d24e2cdfc5e990838a9e24b4ee25912da79c8edbdff63b7cbcc63a083fe

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab74C4.tmp
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar7672.tmp
        Filesize

        175KB

        MD5

        dd73cead4b93366cf3465c8cd32e2796

        SHA1

        74546226dfe9ceb8184651e920d1dbfb432b314e

        SHA256

        a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

        SHA512

        ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\~DF7A26CA2FF1C784D2.TMP
        Filesize

        16KB

        MD5

        f938dc335c98e31785e963d22c304b40

        SHA1

        2318e4a8b5e8f65375805f301ff540571b8a2c80

        SHA256

        79cecafb981bc32e93ca6eda0ac9e900acf9dd466b480038080d1e42e65e0989

        SHA512

        7187d2de877fd9662fe8d2e704664688744083998576b7232a608d73039328bcd4332bb261092ebf4f3a5d3204def98da879ad2c1befb1826c5ac265f93ae9d3

        Download Submit

      • memory/2340-362-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download

      • memory/2340-498-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download