Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

30e777e73b...89.exe

windows7-x64

7

30e777e73b...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe

  • Size

    421KB

  • MD5

    c7a72087a3c79b49f8a976e9aa044cdf

  • SHA1

    c5ccc17fb40b77dbb32febabd7cb23504d0eb79a

  • SHA256

    30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589

  • SHA512

    1601c7c7eb58701c202edaff830ee7aa280a167c99ebc693fbdde2692917cbe81426615f77feb48ecf1ca450df6f512167c2c5abad43f01d4a225283f3d439fb

  • SSDEEP

    6144:WZT3H5umWrA7oSLvd5Gr83KS1PCG0LlZYO/G/lxRVQinwdYrjzUderlmsOVKkaq5:Wh3ZukLF5fRYZmLd7FDIsOPczRfv3+7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe
    "C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe
      "C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe" C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3060
    • C:\Program Files (x86)\Adobe\acrotray.exe
      "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Adobe\acrotray.exe
        "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2588
      • C:\Program Files (x86)\Adobe\acrotray .exe
        "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2472
        • C:\Program Files (x86)\Adobe\acrotray .exe
          "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\30e777e73b1db299d0b5bf492a65ff0cb1a749ee6d636e58843e4b8b3ab2a589.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3008
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2512
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:406545 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\acrotray .exe
    Filesize

    458KB

    MD5

    8cf21d4f7cc032007ccc1bb21ec9f584

    SHA1

    b7693dc162430ed1e29babc856fc85a3e92facbf

    SHA256

    4f38e2ccd69c9725ef47c182a9d33a39108d1d03c1248d20ce02af1a72b4f229

    SHA512

    d849649cb7f9b6e32326b51e3554845f635b70508370d152f02e3199f44e6e5d419a81767b13db314b34efa23cf084791471b82b41c11c123eebfb4389b7a991

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8136c08863e17d820ce6b21c28ea055e

    SHA1

    961e3e37987e414eac3c7e69edde818366767ee7

    SHA256

    936d5458b2537068ecccec2f7da61ce22536816f4581ec77c5b5758fc81c3fd3

    SHA512

    baf2fa1328939f5c45234051b5a487054f51ffcd184fdefd7350ac5efb17a918213f3a607848af44a4dd9ec383b73eda8b10878596ccbec2f0f29297231d6fef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d1e8883caec1fc537d20efc5d8217b4

    SHA1

    0e388433027c28e3d07d7b6f2c51f6390e6443b0

    SHA256

    85e96a76e73a27cfe6655a48ee426710d78e51aeecf31077f12f5c37204d74f0

    SHA512

    80a296125c7156b05c6dd99e881d739f6bc650abac18355b70fd299a9663b6172627d67acedc421a42ae4e4bef6414c47bd812ee6e8545bca0f139320a348ac1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec6015a51573d5b2ce5e9337faf06728

    SHA1

    214eb7dcebd2a1b24500c229107e9bcd358529df

    SHA256

    8bc25294ad89c175f6b7d28d3e9060897d3dd5c8ab6f220387567759dc33c1cf

    SHA512

    a83ea3333acc24d5d1f8876635267927954eed4dafa37c3060ebdf22681fa3a2b49cb818cb339586a99a41853d41ce8f9d96673b78e4f58af5ec6fdf419e352b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17cb1ed608860432103a6ade436d6804

    SHA1

    3c294b573d130719b5fdfd27c7dae099fffebe98

    SHA256

    e28a80b0b20644805d0f0ca97ad85c70a058e888c040084356200faead69a43e

    SHA512

    b99d0167e89b1a27d80da299267d2b6d563d7839c9db4afdab5ebae40f8906d5f8d59f406d6c40b85d658b9efb5f4a1be2ad206054635b99e496e2d2059d6f99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4d02c94f9658f15014f81e0c6b61d0b

    SHA1

    d119471b3734d76e4d9d5e01b4b69646d88a33a5

    SHA256

    3608c6f00973dda3ca82a9385ec06e7efbe6fc87fadbddfa6e0b77e6f9a5bcdc

    SHA512

    b1bdff4d69a250c50397a45c08f2877427f84cce3d7f8e75c5b59379f2707ba0c85ce76b96b545d04625da59ed8fbf3aff2ad5f7ce039be9a492720aa3e03aa8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b18f4501aec665e14bb034f21f6d9c8

    SHA1

    781c0f970b1c4de8591087d1dadb338e2c5d6750

    SHA256

    ed819c30e1bd82d2f85b6b3ce311f3bac2ad044a55b985c5b69d1278623cd703

    SHA512

    a88acf5b42a09dbb8efa936aaf0c6c4c7b29f98d1dcaddd7f276440e33c88f4c0733d04cba47dd58b5622b5c301db05b7679e232664a92fb15dda10b564b0bc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab1fedb9c26c6c87c1938ea573fe34f1

    SHA1

    a8c0c85e89f5355e50cb6709110219669f58398b

    SHA256

    89e35d362de4d653632202c08e977c3444d4fbc20cfe59a6944747b3575b305b

    SHA512

    78672992fa723dfb6fedbcc2425299d8c3a12ee449e8dd55a3f271e93907cfd35dafd65efa86d9c98c5b339521bbbda10864451df168b9b44f8a28b2f75c026e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a71f58b7a1d3ed3270c7f15f36843caf

    SHA1

    ce2ca5d3d713cd4bd795ca9e7f9db77533884e42

    SHA256

    b74eddbc21007a73b63c922f26271f387e170c054bf5956af11adc946c167c0f

    SHA512

    6c6561f9d24d1e5120381c15520bf56e0acd0e46734c81feea02fac2ba50853868b8c35f0c295f24daf5affe490bf2a6b8cb1bb101bcd38e17bd519d74f8a463

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67f11becada309ccd5995a906503bcd8

    SHA1

    f183b193b0cf07816f8ff127707ee71133240b77

    SHA256

    0cf58b2341103a165acbcfade6013f57165791d5c23cc762c6b5d1117845754b

    SHA512

    a61d7e1952271b3ee4abedc353fc4c4631326d9e66213e81d03f7bc6d5d205939c21fd2198bbb8c5fc5e3a6fffebee990dac47f107d2df089a3642b3a95fc916

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\bcgblQDiv[1].js
    Filesize

    32KB

    MD5

    481b762cb35e9b51e29d4c3fd951d90a

    SHA1

    24d87cbe34c340b2963499748cee47cd0bea00af

    SHA256

    dca4905f387f0954bb5e1bc86181072e58c18bbc04593e19284253e7f85bac0d

    SHA512

    25f4802ef9f14278641da53616828048901e488ae533617b9b4c24f7feebd7043d96ac5836ce57c7efc25f869baabaa4e4ecba95ebd2c16207b49b529e48430c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6F8D.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • \Program Files (x86)\Adobe\acrotray.exe
    Filesize

    431KB

    MD5

    5f11ff81c6ec5565f78a4db0f159d743

    SHA1

    59209ccbfecaf49330aca5b926ba6af9ca2f8e4f

    SHA256

    40f5edaa5518da6d36bf43af8e4a11682a927a9b85c999ba919eb8fa632d9ee8

    SHA512

    e28fa3d7aad52e2a59d01059c8a4d1e6e7deaee8ec32eb383ca6670db3d7d863dabaab8be2d493780ba2cf4d365af6e7ffad5e741d8af93eb45e19b98f152ebb

    Download Submit

  • memory/2152-28-0x00000000021D0000-0x00000000021D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2152-0-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download