Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Pantheon O... ).bat

windows7-x64

1

Pantheon O... ).bat

windows10-2004-x64

8

Pantheon O... ).bat

windows7-x64

1

Pantheon O... ).bat

windows10-2004-x64

3

Pantheon O... ).bat

windows7-x64

10

Pantheon O... ).bat

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 04:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pantheon OPTI/ServiceEnabler ( DO IF NEEDED ).bat

  • Size

    223KB

  • MD5

    c142b4540cc672b4d7984533fa2c9d8c

  • SHA1

    bf31c1a5cc6e25978182319066a18925a4dce17d

  • SHA256

    3c2d6046bf772099ae8f94cb7ab60b86e950927da0a570fc0c4e3d6a3d5a9f14

  • SHA512

    846dffa2ce11be806fb4fecbe17dd7c8034006ac11d2dbc1bd41f252e9fc94f905a226dd3b4867eb97ef29cee12cedc6a7bb65dfd3a3e687ef734683aea385d5

  • SSDEEP

    768:EEoO+jjTtGiZQpZHSV6PkXl1cXAx5frBaRyCJnJzQltusqsqynwt50PRAbF/b2AL:EEob6SZBmNqYV+pHDc0gNAc3tFOU

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Pantheon OPTI\ServiceEnabler ( DO IF NEEDED ).bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell "Set-ExecutionPolicy Unrestricted"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2112
    • C:\Windows\system32\reg.exe
      Reg.exe ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
      2⤵
      • UAC bypass
      PID:2696
    • C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      2⤵
      • Delays execution with timeout.exe
      PID:2720
    • C:\Windows\system32\cacls.exe
      "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
      2⤵
        PID:2708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/73mJDyTp
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2424
      • C:\Windows\system32\chcp.com
        chcp 65001
        2⤵
          PID:2464
        • C:\Windows\system32\mode.com
          mode 158,40
          2⤵
            PID:2452

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          93f2959c82fbbe563699f4de9c8670c5

          SHA1

          6117039aace5c8027f4854cc2aa0cdde8d7b037c

          SHA256

          4a5d00bed2febcb7693313c0d8dd2516cb64b1171509638920b5a50804df2740

          SHA512

          33db17e96ad17d7f2913b38f6a7b9eca220ba21637fe135db180f1c19a5a67de6b641648f2a086f4eb50afaa480019f7e786511321a5ee4fe7e93c563580455e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          23b580672900df183e9f65aeee080301

          SHA1

          22edbb30fcff4743fe16c8a639f1430f5890e210

          SHA256

          481a88ed36e9d06f4c2d65d2d195b3494220995ddca794af48ce1694a21d2182

          SHA512

          c946f8c378b21a5351e1ba7abd61afc0279aac5479dda0468ac5c34ae9146112b4c8980b18e6ac80b093a19d8780f18a1e9fc5d16578c24a207db8c1597be47f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4c94fe60630b06cb7b7ed743bb6eda6e

          SHA1

          b551821bf6d2fa8930656430a4e7305716134848

          SHA256

          2c23e565268932cb6be97fa6109f8a96ed0be9ab2c0e24b4cba0042476e0e972

          SHA512

          a521bb17406101ede20538ded4b5e4af8c7427062b2d757e9dd1f55707450b1667e37ac600eaf00c0f6462e6f17ab833e7d7d43fe95b61aaca67638765a9649d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          45bf50e83d7489ac1e2843c5bdbb2aff

          SHA1

          33740bf8e90ed712189a8a24c5903f1e15061b8e

          SHA256

          260a73562976a791c888320510266b7155e963cd698aea4eb720ea46a868f99f

          SHA512

          db0216460ab4d64828ac78bfa0bae3956b0d23cb21b01cea8f2108ba460a767157f629ba8dd07437c19f0b0e3b86f635d5023fa4984f246ef17a0542a4fbe1dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ab36a97d513a8d2ba5a2a568b8cb7688

          SHA1

          debe6739f1018cb7277a4ccb9551d443772ab67e

          SHA256

          ef765726cd8a3a8ae694cd5494d30afadb68a3d34a607db7bde54aa1fdbf91ea

          SHA512

          289192510548a340b161ce7ea6bb47488976f856b351c0819b0e953132991ebfc96c89eea747b5a3a700bc6d3b3d08fd3b7869808ce65eb66486aba5b199f05e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          635e2d8bffcadc2ee6366a9fb80204e3

          SHA1

          d0079b89fb61a4cf95c0f0b0a2bb0f24b4175376

          SHA256

          6b11c9405e5ef7a9c0173fc8bb8299756796708e24278e5aa3dc83737fcf7390

          SHA512

          ac87ba8dc24f531a1b87d72b6ced136bb482641a6d966bfaa83e26175e947f794b65e5c89d823e5df81b6a548d4a4d068bc144fbe4955e8ede7e09c4f3cd2c2c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e171c9cf4e39cdb0751440341e4e0be2

          SHA1

          357aaf6e22f5dfb2de779a018efc20bb47996dac

          SHA256

          8f3dbdccbf100dc7d07973284ee97403729b2eab8fe3b898bac99def6bb1b49c

          SHA512

          e3c956f24a9903ac65061f743de913ada454150a3304f711a537981a21130a2ae78442a6829e59b2e5cbce4672ec70e82dab68ebc5ebeb6b621f11642cea3bfd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bb63f16c57239c892c8e4626bf5fb520

          SHA1

          e4d43de2b1b5ab646fc690312df1630fab986693

          SHA256

          a412d96970143edf5aad1af078f873dd02131edf6af8ac6f3e7dc52f3e34b093

          SHA512

          1ac06e856d151b7cfcf21959a16351bdde3fc905d42fbd54ff45cd3daae23d85ab80d93cbaa5cf32a92699b3e1d9b90d31db3a84d3d516c59615d3278ea1e128

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b2f0489b0d5ec094e505eebb0aea8f8b

          SHA1

          4cab7977215684f3990ea4509da4d6b22560f94c

          SHA256

          5e94ac22af0e2e69eed102d9eb5024a5c18d391fb0bebbfaba29defed0013795

          SHA512

          5d30e53e6d19e032d62b9b005ae5ddb6290663e826f907368c7d616dc0117a88b1494fdbe853acb00b9f16283ec53324dc09b512c3ccd461f9b1d70ccea3b633

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          12cb0913b6bc374fb8b0a797cd33ad67

          SHA1

          8d7925b526df8206159c63d0268b83d584cbcffa

          SHA256

          78aeb7e448eb8a2e225ad62e5d0b97caf898a6055d929864119db63333f9d2cd

          SHA512

          c0b0729a16381eedfa66937ada4b6d0e3d7a5a87a944c557e95b6c18ef900598cc3674c7d8b4502b524a42932cced924e6e4927ef2fe615458a7b6bb08ff5d6c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2992a9a17572eea1723ae5001c87e70b

          SHA1

          a3b022848ea862be6ec4ee426817d800dfe5362c

          SHA256

          0659f313cbb8b3e02defa75d89633fc1aed983c3afe7e9d542bab4e37d824d67

          SHA512

          cdc99eff8451fa36e100c9d41aeec226980b4133ab8a206d5a4b5d42b58efe1887a8da5b867b9002446a7b789865669e32992ec75b4b149678fe3a8eb13c2ce1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          980670e5d9388b2b3afb1860b71c1d2d

          SHA1

          b2325706368771bc3aa9c7db4abad7610c1ca8b6

          SHA256

          064e7067d8831b33fff9f72ac4fc4d3020bba0a53f24ffee24ff84c4bb86aa15

          SHA512

          ef504ff3c6b273a40f2bd87f8e69bda5578c958d071f7171349877eb437f63c88aee6abaee212de3ac3e3e443eb67ab64b18fa09f5521a642025d2f6aa3e6f4c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          07a4933fa4ba48881304f0eb9731e3fc

          SHA1

          168f582bba340369804ef79c7e6ddcf9dd796119

          SHA256

          b5eb70d93e41b4008ead65c8d0c625e84c4d6d565fc3601e4bb87ce59c332d9b

          SHA512

          5a2ecb5759d0721b44a47d4ee1f465baecacff6642fea2b34dcd1b881907aa3f94d40e8180d07ffdeeb63482d81135e2595cfe5b2ff2b52127e1cf32b2d4cf67

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dc79c1827e2bda6871d6ed78a16d2e8c

          SHA1

          b98b3068db22cefe999b8c8d20bebe5970fe663a

          SHA256

          094ba44ac5e85322fc4b5a733ccab712a907e704b7c9ef6e089a1f833031ebb3

          SHA512

          6874c848df7ee3278732111a7cd3a80fd7e3a4d1e1f52d0b473c2fff5a9aace51288066440d5b2e3a0eb773bbcc7464cca7a2895a019335b2a852416afd09d49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a3230303086a5ab34cdb67d2b4571511

          SHA1

          fcddb26820e6f8e750677be4c2bc959f8019f30f

          SHA256

          d4c41ae3944b1fcb5e7de9f07347a9fc995b4d978057b5b6389bf149ba327f33

          SHA512

          286b3993e3d080b25d95f9b83f079dbdfbdd48f771d2584f6204ac9bde129d109ec32e98a3f16a3a7585450e54d879e63e607325ba44dc2656f665f3b8a207cf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bb1d5c0a9354c96def15ca18105e39fa

          SHA1

          45700c836e743e9acc4e055b56e0982620e51df1

          SHA256

          df839a45081353eded8826f7dec55650096465afd524751d8f244b61e4e7928b

          SHA512

          e385db70d78035f43f09f7fc99ce0e0bf9ea67615b0e72ae19da809bbe28e78db2f967c88e795222163d7742d43615ffae72366fc70537345dd2b671e0f0107c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d697e7f0bfdfa1fcb0c156c06773c2ec

          SHA1

          36c0a968e6335a438d8ad97387b7af71114b6a84

          SHA256

          c101ee2a31a8d3023f0f73cd520568b4ecd3f706ff0287b16ee6c57ddf6eb960

          SHA512

          cdd1e7f166da7754eeea32fb9d339c91fb5e789c2360d7ffe631c3f4fb45b2b35526e24496f0e9e70d6cca43cabbb03a741b6b8272d85e44cba977f12cebc681

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a78816508e9444201dc9301fbe2d40e1

          SHA1

          e184b9f0c9e1696ab3e77af53ca3c9297e932599

          SHA256

          07ca72f0fb6638117910890466d13151798f1e2a0a71f0a1929993c09b0af7a9

          SHA512

          7b3eb4c43d0d285cec4ec119ecff21e03f56117063def88dd862eb9a9dd48bb94307b85a0095a760c1a7a88dc043abe33a151d43b80881861982d61e8dbb47e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          da09187839e3ac87ad2307ee63c0b162

          SHA1

          1a75a0d235f2559cb5b38b43b0da7d37620b5406

          SHA256

          00feed48b369f37642f9ac3ef7e2379d7eb3063aa988ec8bd5025fd868297aac

          SHA512

          a9a5f4117193d96366dcc80180e1c7e9ae3bd05ffc68239daf78f420fa8ab633ed53c3ae548871e49750931a35d8fb1cbcf6213c4e2536f263cd5719af576e48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          942906b01c462ba82f49981764dfa785

          SHA1

          035e3e325998a558c716b0a53e7b8c41104f9091

          SHA256

          11a019927664180ca4f3e14729640d9c9dfe58c9d165e9f6f234ac591ef34587

          SHA512

          c8986de2bb1dc19cc5533039b16464e0ea50d10687ecf8e9d072d6e7db25aff8f23d5c5c2234ece3e0d10ce28925c143cc99ed68b0ddd0d0b721fd4d6293b146

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jre0bgm\imagestore.dat
          Filesize

          24KB

          MD5

          e839f52a2ff5389ace4fe908bc99a070

          SHA1

          a239385a9aa05c54936b38b16032e305eea82c60

          SHA256

          8f3d3e6c1ed9e262cdbbf78764766892526b655684ceb7f379fbb3982528a7c6

          SHA512

          027379c9bf84b88a58b93dcb8658a65a9bbc234e079d780cb86e39bc416eb9c3b1d3691dc021f626d4d4a89f5f2b9b55fc1b7a5ad43c2b1fae4883f5f1d5cb84

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75OMIGJ7\favicon[1].ico
          Filesize

          23KB

          MD5

          ec2c34cadd4b5f4594415127380a85e6

          SHA1

          e7e129270da0153510ef04a148d08702b980b679

          SHA256

          128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

          SHA512

          c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6374.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab64B0.tmp
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6503.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • memory/2112-9-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2112-4-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2112-10-0x00000000028E0000-0x0000000002960000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2112-11-0x00000000028E0000-0x0000000002960000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2112-12-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2112-7-0x0000000002310000-0x0000000002318000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2112-8-0x00000000028E0000-0x0000000002960000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2112-6-0x00000000028E0000-0x0000000002960000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2112-5-0x000000001B2B0000-0x000000001B592000-memory.dmp

          Filesize

          2.9MB

          Download