Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c11f1068be...b2.exe

windows7-x64

7

c11f1068be...b2.exe

windows10-2004-x64

7

$LOCALAPPD...fg.exe

windows7-x64

6

$LOCALAPPD...fg.exe

windows10-2004-x64

6

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

1

$PLUGINSDI...LL.dll

windows10-2004-x64

1

$PLUGINSDI...te.dll

windows7-x64

1

$PLUGINSDI...te.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/nsisos.dll

windows7-x64

1

$TEMP/nsisos.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c11f1068becb883528d1f7f759a11bb2.exe

  • Size

    308KB

  • MD5

    c11f1068becb883528d1f7f759a11bb2

  • SHA1

    cc08844c9a756d64ae9691096ec45b00a57cbbb0

  • SHA256

    e6ae1063da1fa6db72607d1ac2b513e6023018150d16ca9f126f7088cba84407

  • SHA512

    2c81ef48025c4ccc6ba077188eba66348bd14943bb264ad7ed8c032bc746eeaf17f239316f356c58242071f474d7c7c7a5821afc24993d346737ccac363f5556

  • SSDEEP

    6144:Ke34ebpLo36rFR1gmq3HGpv4qCiRZHV55G3/w0ljEN:Xl036NgEMqb2LjEN

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c11f1068becb883528d1f7f759a11bb2.exe
    "C:\Users\Admin\AppData\Local\Temp\c11f1068becb883528d1f7f759a11bb2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c \DelUS.bat
      2⤵
        PID:4248
      • C:\Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe"
        2⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of SetWindowsHookEx
        PID:4988
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c \DelUS.bat
        2⤵
          PID:208
      • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
        "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
        1⤵
          PID:3180
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4760
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4760 CREDAT:17410 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3828 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:5732

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\DelUS.bat
            Filesize

            200B

            MD5

            1206640d27e21528a56cec77ebed0eb3

            SHA1

            2a40f517c1a11b1dab652992575e0dc8795ddc15

            SHA256

            ee1b3e748bef1e2e34be991d81fe32e995cea975fa8aae78119f8e25f00db918

            SHA512

            da2b6c0d4127b7008ed26eff0776bd2c3d9a4e74798f3e5d7eadad0660006ad4b7a24aa14f0634eb6ded44691e66ab04675cce4d9cbe3671b7ba45675e00fc0b

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows Searchbox\searchboxcfg.exe
            Filesize

            407KB

            MD5

            dc69eb8aea7fd76a9acb740f3b46e445

            SHA1

            28c5bc35621319024e4828d17704fceb7e8e3246

            SHA256

            ceaefb320c8b371f8a799ee61f7165cf8664a8c954cebc3b131a5729139280c0

            SHA512

            80f9469cb64201d0a66688db796709d95f54a8bc959510421b92076eebfde745348d1507e5cfa64dc7aabd2e8b250f727dd008e1345e32f4bd6b56c442374d33

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsisos.dll
            Filesize

            5KB

            MD5

            69806691d649ef1c8703fd9e29231d44

            SHA1

            e2193fcf5b4863605eec2a5eb17bf84c7ac00166

            SHA256

            ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

            SHA512

            5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsj76A8.tmp\DLLWaitForKillProgram.dll
            Filesize

            28KB

            MD5

            9c4b8ec42d89f7557bfd90798ce52787

            SHA1

            2376dde426ea65aa27c30e304086310605382475

            SHA256

            ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

            SHA512

            17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsj76A8.tmp\KillProcDLL.dll
            Filesize

            36KB

            MD5

            6958016193a066833556992077bad4fe

            SHA1

            5f564945936f99381d7e2408f034f97d069005a4

            SHA256

            f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e

            SHA512

            fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsj76A8.tmp\SelfDelete.dll
            Filesize

            24KB

            MD5

            7bf1bd7661385621c7908e36958f582e

            SHA1

            43242d7731c097e95fb96753c8262609ff929410

            SHA256

            c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

            SHA512

            8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsj76A8.tmp\System.dll
            Filesize

            11KB

            MD5

            c6f5b9596db45ce43f14b64e0fbcf552

            SHA1

            665a2207a643726602dc3e845e39435868dddabc

            SHA256

            4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

            SHA512

            8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

            Download Submit

          • memory/2460-28-0x00000000028E0000-0x00000000028EA000-memory.dmp

            Filesize

            40KB

            Download