Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bot.exe

windows7-x64

3

bot.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bot.exe

  • Size

    328KB

  • MD5

    1cf3121e2ed71c34f03d1fe5d4610026

  • SHA1

    4b05c283e2469156532dcb3acaecc507bfc71663

  • SHA256

    5baa4898813a80f593f5e9720c34a5b29e097b70c1ba764ee7f3f5ee2dd31258

  • SHA512

    0727af27856502fba6069f1b10f86b6e49fe43187b22ee57dd3819382354da1c73527b0fd2ca7839237cca51aa0ad6de3c3d7ea8af6a150e5555e608564730e6

  • SSDEEP

    3072:Yn2Af+SLiJO+Y7mR9USl6yOiGB3PSQQivLXdn+mvo+vuChrZtwkYZBwOepe4PUe3:5E+yclwQKjdn+WPtYVJIoBf1X+tFV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bot.exe
    "C:\Users\Admin\AppData\Local\Temp\bot.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\a.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Windows\SysWOW64\timeout.exe
        timeout 5
        3⤵
        • Delays execution with timeout.exe
        PID:2632
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/shorts/H2yxV8kR05w
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    3b10167929df99642d15446e7c23a46b

    SHA1

    470aa82b6ab9e0c4d88edbb0790f259b0fdf82c7

    SHA256

    100633bc034dde049c21f2fdca4e034bc52edf15df1c7d1b422b118afe36722f

    SHA512

    05d3a6736c9be1b4feeae0531fa97cbe68fec568ee2b3db3c06944096c648eed8e43a803ff1e5fe028110b388920c047fc14421e08a62c198643558cee8c0430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    782b1525fb440c7563f1d67dc0e04793

    SHA1

    e0b0e20f9f89ac1ff9344923970e5558d7b3a1d0

    SHA256

    910354ee0534288b6ed8365d4c953dbfc6d533ab601fd1bf5352320ba3257e66

    SHA512

    528393f94ea27149414a057655fd6519182d4e04890e4af15a23a75619f24dd6b84ce5d96ef2582bb12784fc9fe0f5d10d1bbf98430055407779c7cbdc814ff2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0b8fb829fd13b4eb281c6828d6aa890

    SHA1

    4359c72c25f8c8c0a3ff83be9b852cec3bf87ca0

    SHA256

    061ed32a790126334a055072db52bcb23924ec1a2b3d39130bf1cd7fdd0d95c7

    SHA512

    06e64a695135f1ab9a667076ff416261d05e3df7bb4438d94543ad1a86627249f51e5c5dcc0d20d6d8bce340f33b523124493bad5929c5ec0f9e44ac32cde85f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7392250f1e90868487eedf50c5fc1349

    SHA1

    1569e51572734d036b6409d0ddf2b9c29e8a9ede

    SHA256

    6be08d68db633d595a13cb080999b0bfd88232c9e6b1552c13763b3f47bc6ade

    SHA512

    ddb62a0ee41a83a42fbfc1c31b02053fea8605c86e3fe26f9a3d24703ab9260a9bb0e12a06f34a604013421e8b8cceff4d8595defbe194bd3772396559120b73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad22b8386a405647a6296766775b2abd

    SHA1

    7d798819eba389ba21d189ad760a649e1db1e305

    SHA256

    7d8329d985d174603a7fb1a1b5a2a82a5e14c69390ac01630205bb03ebfdc01b

    SHA512

    117cb0d21d35fd56cf130bd4893d117c79e4d6eaabed909ebbf3183fd5f3f4dccaed07f1170c281d2d63c67a1e84e25f283f9a10b9eb975d160b973a445c169c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a971ea3b0e5972819a506e40285e4373

    SHA1

    490632824dd5e5a5bf6b9fee8b37673a896b6e3e

    SHA256

    1d27b2ffa3b548facc4b5cc0a08d0cb62d7c4edba39e55391e5c64b63b4cb1b1

    SHA512

    d98080b3ff8266d1669da11a1dea9269c45db36c3771a3670fe09f23ab66805d08b8464e100af07fac19d0d5b0d8bcce1bf5ec5800bce9b117f606ebcfff2e30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f26c01a3d8be742185109e48a7bcd58d

    SHA1

    18ed8d26d9bf6f6f786a6de0fe5c3eaa751f9d51

    SHA256

    4ba1cfc103cc041b2b6a4e6e0d25689600f8ab0743a5ac31fc6ccd03e15ae125

    SHA512

    66fa2440c28814613d983a242f5dc5540e13ce6d2f1bf3692ad3e8546b69c49a9d43bd355a8ce4be9e70ec3b5b5851ec098356254ee4fbaa756172d34685f936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    211d9b03d58963223f6e40bcab419f00

    SHA1

    1cc13ba93db686928198a42fb7cec8be159831eb

    SHA256

    596865d36a1bfaba2bce73382b9af8ce90ec3082a4d47de36c3a77845ce9f3d7

    SHA512

    517e8d69abd19231860ce4efb8a085a46050b1f24cbba3d55ce4fab08878e5b4d6bdf0298c7d468271430d711c9dd9891cc0e454328a0558ba168762760b6c02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88097d24c8d766021c85cd971d38d5ff

    SHA1

    41fd385acd74e265afc111e236165ebbb8fe32fc

    SHA256

    6a2eb0261b5eca956bfe83cfd834ee28841ffa9879ff59953ed893967fdc2ad8

    SHA512

    a14c833be119e8ce6991c001a2cc43e39349360a81277e860720bbe1161fd454eeba8b1e2c243ac732ef124a168203cf60bfcae89581b1c741923ef5dc2adfbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    5c0179916fb52d72245e148bd0f620b8

    SHA1

    3cc2c32cf53479bc7aaa1d3cc3ae01e1ab77fee5

    SHA256

    35989f8e628ea0e03a4f0cea48459eb31f150e3d6451e2788118f0fbc4d8b9a4

    SHA512

    4427e2dee177241ae137da9c900cd2444ba11ab87eb82b41d151cfbe6c8b5fc41bd162767d36ebea0856c77c16795df6faff6332b76b6334f988a3c5c70e4db7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M4WHAU9A\www.youtube[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M4WHAU9A\www.youtube[1].xml
    Filesize

    229B

    MD5

    5ef9544514758515bed9ad431f418f89

    SHA1

    f861ca5d227144216235d2b420aa0ed191ba6540

    SHA256

    a7d55945afc5339544b26f9d01c248e6b37d5eb55a71b517a65ad47ea84b6c3f

    SHA512

    0be200aebb9605655ff17c656aac682f53e2e6abf90ab4b0f5fcf0c688cae4d60443c4c92f9eac3f25e8b38d60b6667134ca083df99b84c236b95842c62ddf23

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jq7rho9\imagestore.dat
    Filesize

    7KB

    MD5

    840c4f228a496bf72b72871b07ba57ff

    SHA1

    705600fcdd84a8123b1778dd40ef2c6b8bc8ea32

    SHA256

    8e57b0bae4dc089b5f96e2e242783f1130ac416ec8d778b75970eb1f1289b85f

    SHA512

    92d859e6c3b99a1d699927af3264011b006d209751991c7c9a0a6ed2cba09f02d06c81951b9cdf370fe8e897bd557c93d61c9c1c96110a24e88589c23700a154

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jq7rho9\imagestore.dat
    Filesize

    5KB

    MD5

    c05f959ba6a67a37847cd71f9a1cbd7f

    SHA1

    76e95fd59797d8461b4622f5dc7ba6fd2a80dc0b

    SHA256

    383522386ce48cff4f3797b1930d356fc30495695390c1fa212f4a62c3a09b17

    SHA512

    e0af7149766bcd898062fd90e18816ff41ac7dc6f1912e9d9d63b35bc67c127fc9cac7ccaebb8d90c4c43124449bc3621c7abf5e0e63f68f31d1248f101ece50

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFFQJ7AH\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFFQJ7AH\favicon_32x32[1].png
    Filesize

    1KB

    MD5

    12430f012c4b6b4a91c63cbf1369e1ff

    SHA1

    a8502ade0c47e23230e5da9d5658ec1f1da309d6

    SHA256

    079919e3400ba9bc0d569f5634cc41b2fd1b8e7a721b2b473d21f10fe2fa7f6b

    SHA512

    17b7564088e12cd64ae79e7179ef4b26941370dc442528cb08320fc0d40bec88d2b77124624685acf9ba974467e27a7051703761c6fffe5468c90217cac5a4a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB694.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\a.bat
    Filesize

    143B

    MD5

    1671542fc4d5cb57d1b4f54c1682271d

    SHA1

    49cc9307310a9d4bd21ba57752846f53bf8b0922

    SHA256

    7d392781966d8b7ef2b1b6180db8b0f83b5ca18386bc2f307fc143af6e7c6c29

    SHA512

    0c15f924c9809e05b90fd4b4ccde869c0aa4daddf9950eda37930a02a81c9d4fc45050e8cb2db2ae3767607914c19d9fddfeb2cc710058a504ee3bd3685c36df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB6B6.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB95B.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit