Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c11f1068be...b2.exe

windows7-x64

7

c11f1068be...b2.exe

windows10-2004-x64

7

$LOCALAPPD...fg.exe

windows7-x64

6

$LOCALAPPD...fg.exe

windows10-2004-x64

6

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

1

$PLUGINSDI...LL.dll

windows10-2004-x64

1

$PLUGINSDI...te.dll

windows7-x64

1

$PLUGINSDI...te.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/nsisos.dll

windows7-x64

1

$TEMP/nsisos.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c11f1068becb883528d1f7f759a11bb2.exe

  • Size

    308KB

  • MD5

    c11f1068becb883528d1f7f759a11bb2

  • SHA1

    cc08844c9a756d64ae9691096ec45b00a57cbbb0

  • SHA256

    e6ae1063da1fa6db72607d1ac2b513e6023018150d16ca9f126f7088cba84407

  • SHA512

    2c81ef48025c4ccc6ba077188eba66348bd14943bb264ad7ed8c032bc746eeaf17f239316f356c58242071f474d7c7c7a5821afc24993d346737ccac363f5556

  • SSDEEP

    6144:Ke34ebpLo36rFR1gmq3HGpv4qCiRZHV55G3/w0ljEN:Xl036NgEMqb2LjEN

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c11f1068becb883528d1f7f759a11bb2.exe
    "C:\Users\Admin\AppData\Local\Temp\c11f1068becb883528d1f7f759a11bb2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c \DelUS.bat
      2⤵
      • Deletes itself
      PID:2508
    • C:\Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1056
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c \DelUS.bat
      2⤵
        PID:2716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\DelUS.bat
      Filesize

      200B

      MD5

      1206640d27e21528a56cec77ebed0eb3

      SHA1

      2a40f517c1a11b1dab652992575e0dc8795ddc15

      SHA256

      ee1b3e748bef1e2e34be991d81fe32e995cea975fa8aae78119f8e25f00db918

      SHA512

      da2b6c0d4127b7008ed26eff0776bd2c3d9a4e74798f3e5d7eadad0660006ad4b7a24aa14f0634eb6ded44691e66ab04675cce4d9cbe3671b7ba45675e00fc0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      85f842984fa3aee165f671763bffc096

      SHA1

      4d596bbcd12d74d50f01bbd4cc333130bb248b9d

      SHA256

      4e4d93dd8a97449126dc2740f482be3aae194d79c11268a186c457e3e43d9cef

      SHA512

      e802d3f878170c74f419fc900f502d961dccc0b7008f91e0d8bfe6098db131370ecdc8f508a910c18daf05b16d748baf9b366d47a15ac65b5edfeaf5c886f554

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      8d1d3b0bc02e935aa20c164c0650d82d

      SHA1

      debf63635ec377214a57a586e4d88b03bf175179

      SHA256

      966ac2f159848a86f6dc8fb7d59dd93a51351de2591dd1c70e96cf64363a7fdf

      SHA512

      5fe90e495c526b19d051ade4fcece9e07fb0728a5e27b34162e2d4652f928160758f6ad16b18d76f246e64155f036f13c4ab636a32300f07d1334ea2be56851b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      c965b84aa742f344329e935c9abf0f75

      SHA1

      e34ccc277e04e4c2e430395f6bc03cb01060874d

      SHA256

      2c2178883bcb5168111b834a2db66d56b3797bb1342736d6840de88ba4a93b63

      SHA512

      076cfc87db90470a0fbd8d736ddb35816bde4ecd6ae4d233cee6fd281b6a5996d6eee06de2199f101022c0523b5a985c573b7e6539b4fad26ed78e4615770bff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      671e33cc9def2bdf20716066fc4acab7

      SHA1

      5273a63d693c0911bd6b3740f76e49c02a5da94d

      SHA256

      8018a0457eda194c75a0377788d979b650fd53d26f524a2a1fe4ee10cb948cd0

      SHA512

      45ea82d729b85ff6db3115dcab4e2167c71b79117681d06f1751a67816889beb5684518e1b8ecf8f3ddc033696119c7087e81b42c0645f7d0ef993d1c9604d9d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      589612831a76468c6ebabaa3c5bfd11e

      SHA1

      a78eb6bae0fe5d755011386838b08b247c222215

      SHA256

      c2527e1c6acbe7f54f43b6f104a04d3e5340667cf39d826be206804377ad5bf8

      SHA512

      5073e6b4ece6fb3a4eb9caee49a89a3ab4e8116aefb93574bca5e43ad2196b18f4f61d64eb9add010af1e2c0cfc1bcd724d670c70af2fe8d56858e4f501ec0f8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      e612f23b77763dcfd50312e52540ee95

      SHA1

      72221e9926d5f808baa4c0bf698910e27f49568a

      SHA256

      bd73e2e2d49dcdf4208621e754be44f3b91873b6f0e7cde86f08318f304ea1d1

      SHA512

      efda4ec5ade5364ce21e08ac72e5474be602e0510a72a4d76651802e242cb23cd207f3ee904d1f219a5dcc1ea4135924a8c82013097681dcc8aa2e301a261434

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      c857db75fba660fec27297eacd78ce04

      SHA1

      591bd4b3770b35aa000371ec105c28d2a1cea0ff

      SHA256

      ed1b5f03019e880e52d5a3f34e53b63c7cc7ea8c5feb8b24928deeefa8ddd729

      SHA512

      156a4fde36735292f569f9466a8a8cc4c6bd97b42625b37667877767b726c4937a7e7445e7a425bc7996a29937e9a78b3d21a9805eec92ab8bbc0d6eb1448d59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      aeacce4e26e02269bac3312b5d2c0498

      SHA1

      f8474a22f330027d70426e0cbd903af5f7613d85

      SHA256

      e5468b7d97d1202269a586253bce8e6ddf01d8f28c99484f52ba1ad65b5cf538

      SHA512

      2d78833afbf93d0e5f87f3e7bf7add41b7767f1e035fc1d2b1a1595d39059c6ca4014f367690e9d1143a18ad5d02b7e827028b8ccd4690c84eb5182fbffb67ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6878450fab7b203d75517e24bdd0c879

      SHA1

      510df6667a3832761546eb04c243113e14048dfa

      SHA256

      0c839ed7982f72b3b4fca217d4c5aabf4850bafb97e8c3809bdafae0c1e78302

      SHA512

      3ca0e1f59ca9209b25cda324b73cae94225f6d18c36ec01a15960063e93544353f50dbe2d8e1a3d91fabeb9ee7d15632d3b14d7ef22335dfbd5714ee1c5e2bb3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      fb1b4cec7f01f9ad928d9e5982f0b3cf

      SHA1

      84d258341675f124d92fd37899652982159c633b

      SHA256

      a718e8c76257be43c5d32459b0e24e1c42948757ffb18bd947eff1560fe6f8b7

      SHA512

      945bc23e9758893fd1feec6b06d792ef825a8b06b53c0dffd0783a1efc4c699669aafc436e530e67d8801f0bf1fcb2b863d2f12a4c3dec9135ea8a8d22e189bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      54b2ae143122a4714c5a99981599658d

      SHA1

      da8b47b21b4b726250125448304a5d4936908874

      SHA256

      7cdb3e09de170801db724e965ff245f1b7618771cf1f74faf13f75fbf203a096

      SHA512

      36c2189334875bbe43c7792afe1b3673b03b7c8d9e62a1f9f3182b602a7a6363ef94719fa614e1a236f0ac81580586800b89caee29857d6e0bf59658166bc269

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      cedfcc514cb64fdbeae7085d5e9a4189

      SHA1

      f42ad9d43957804596b542fa24e9a15cd3ede563

      SHA256

      eaaa2dae2e418fe62fe8cfb93a7078a32c706a5249ca5f2473513d095b54c9f6

      SHA512

      461152509148939de2da61f4e64ebf23ae332380ef2ea44e736eb1533e5666cf7ff6a24c2599070cd958df9d3678d17be165b42d5d72df3be97d01bc7a1829d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      a6664012901be6467261e921a71aead0

      SHA1

      a70c13e37392cb0462ecfb3c5961021dad9c66a9

      SHA256

      94c312eab74bc26eda5644df81797f2350c98148de237728e0e500adce53b38b

      SHA512

      86951123733051cebdca8583f83dbfbf7e8a479f93ef2ccc1e7472920f692ee90e4cca2b701674e6d5fbb419375958ff2c3c2c1956369580f455b1457570ab26

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f4ef8798485995f799b2b8105f362435

      SHA1

      71b1daf33bc7b38e1bbfc91c2b6518dd12a34081

      SHA256

      920db669fdfece43483a105ad51361f69117c6407b86c56f1360cd50e13e4754

      SHA512

      08d2a26d4e9cef73c8ed8515541e6332f14d7b88bddcfc7491971007457d62978814254296042b7751b3429252324a0a0b3263a43e987cc78e1ccf7b49cae619

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8788.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar884D.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • \Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe
      Filesize

      407KB

      MD5

      dc69eb8aea7fd76a9acb740f3b46e445

      SHA1

      28c5bc35621319024e4828d17704fceb7e8e3246

      SHA256

      ceaefb320c8b371f8a799ee61f7165cf8664a8c954cebc3b131a5729139280c0

      SHA512

      80f9469cb64201d0a66688db796709d95f54a8bc959510421b92076eebfde745348d1507e5cfa64dc7aabd2e8b250f727dd008e1345e32f4bd6b56c442374d33

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsisos.dll
      Filesize

      5KB

      MD5

      69806691d649ef1c8703fd9e29231d44

      SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

      SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

      SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy67B9.tmp\DLLWaitForKillProgram.dll
      Filesize

      28KB

      MD5

      9c4b8ec42d89f7557bfd90798ce52787

      SHA1

      2376dde426ea65aa27c30e304086310605382475

      SHA256

      ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

      SHA512

      17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy67B9.tmp\KillProcDLL.dll
      Filesize

      36KB

      MD5

      6958016193a066833556992077bad4fe

      SHA1

      5f564945936f99381d7e2408f034f97d069005a4

      SHA256

      f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e

      SHA512

      fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy67B9.tmp\SelfDelete.dll
      Filesize

      24KB

      MD5

      7bf1bd7661385621c7908e36958f582e

      SHA1

      43242d7731c097e95fb96753c8262609ff929410

      SHA256

      c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

      SHA512

      8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy67B9.tmp\System.dll
      Filesize

      11KB

      MD5

      c6f5b9596db45ce43f14b64e0fbcf552

      SHA1

      665a2207a643726602dc3e845e39435868dddabc

      SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

      SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

      Download Submit

    • memory/1272-27-0x0000000000370000-0x000000000037A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1272-36-0x0000000000370000-0x0000000000372000-memory.dmp

      Filesize

      8KB

      Download