Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

40591b5f2e...c5.exe

windows7-x64

8

40591b5f2e...c5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5.exe

  • Size

    1.3MB

  • MD5

    fdcabcb8be12117c4a8618d928150eec

  • SHA1

    ba8de3b00b01f515a1a426281f4a2f9e45245022

  • SHA256

    40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5

  • SHA512

    b591703fa18fff42a942ff4aa55f7f0a2156853b1c58c474d0c589b0501adbebf68a1747c7fc909a4cb43aa4a6361bb0e76bb51be24eff1e121a9edaa14f4f68

  • SSDEEP

    24576:Qak/7Nk4RZGKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/VZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5.exe
    "C:\Users\Admin\AppData\Local\Temp\40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5.exe
      "C:\Users\Admin\AppData\Local\Temp\40591b5f2e9261925f211547f9aa9d758dc78d2897634fae6828dc12194396c5.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19aa243a5715070249e79e3e3803f0c0

    SHA1

    810052690f0af588cd6265840ba228f9dd40f9aa

    SHA256

    baf0b307cc6817f0b870dd51c7275cc916fef2e726f85b33f501d704c3da2f24

    SHA512

    f7907f76f7e4a25e173b2c18ea001cbabcb21afcfdde307dcb42625dc024b523007962d090bca0c88b4fa4a392fdcf08f5a00c2cc4922785d5bb900ca8c85e7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aca909c3c60a8ba2bfbadfa3a8f7856e

    SHA1

    d29fa0db5809015a19bd51a64a74a98be802e6b0

    SHA256

    8e956a6dcc7d8b11a8f5f558fdb422fb6fe0d8978cf138efdb02de7ea796a51e

    SHA512

    83a876bf2913191c77a8058945d60b243fefab979d314df5cce879fab92568226716b4f1ca3b1eb74cccca51252c2679c9428da23f6594f7c6b519939d429774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38fa355c3281bec2ab6b66236eadf913

    SHA1

    26e425a5689e36a944c9f505243e74425131259f

    SHA256

    df09f87cd1072e853ecdedc435356a487dcb50c570486f836b25bb336e297206

    SHA512

    4a458fe9c6883295d3a98e441a98b9402c00592d7923972a516d7ac5ae38a88d505213472d916fbfa1de67bf15e912309eec1f3cba21486bd7f4cb1db6bee3b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10677b0735e14107ca2211f68a2b8aee

    SHA1

    c5bbce0ea91f35584a861241496cd1729e6a6e08

    SHA256

    9010c2412ad094ad07017858d1df5dce57aafc67584adbb9adfdfa3e26090398

    SHA512

    ce2b5abbb821752d7f658f6cffb3905b524e2cb8ea7941f7370db3ce6349106f534fa4fa0e32c50ed6aaa6cce8c463f5be86bb0882fef796c721d9d2a433e4a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d1f6962533eb14ad302fe9e68105ccd

    SHA1

    47bcffd2feebc91a50873397d8de607b28eddb98

    SHA256

    37cef76995f76a16823d0ebb58dfecde333c1673a02c275ff16fa72f9f130a12

    SHA512

    0031f78d3c9d38a858497fb8a7c4a91af61c385e2a4fc00e1f4e40428b9a0900dcb754efa93dcf6a750a16e707c128e999f412b63d9abd88b012c9ee6ef3a343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd939126b4d5e2f23afb95f2b6ddbc77

    SHA1

    a8fca3247837d3f22d1fc62d55e9ce15862484df

    SHA256

    deea8c98db151d5ac30b273c42e07f152f43c45c9427e85ace70e33fd499bc35

    SHA512

    eb89524dd25160d027ff9cebed567d120c73f771ec47331da6d31e4f478910acd8930d90821ec31683cf44c161dacb1c73450841eb9cea9f8ed3cf47f020fa14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a05c4c44420d60d982258dd9c6feacdc

    SHA1

    fc322a39c47d85a9bef7a99c6537edfb0398514b

    SHA256

    0c85152c64aefcff009cf94e8a83023be26a2fe6e51d51e6402dc85ff2691696

    SHA512

    80eef5b72e08ade6eca4d0679b0590efb57f0b70e7b47db57f56eb046c84629f0b0e40fa784b77bac04777ccb545ab1fda92eb205cec0f8e6d30002ad5685711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a163764a985bf442eed2722e7688c8e1

    SHA1

    f17ac40c9c02f5e0748666a98124874fc293fed4

    SHA256

    7c52e46d610e9a090b2484e1d14fbb336b2f6fba9023b23a88530568e8c2276b

    SHA512

    b82e98ff953722d42681907e7286b761dd760717985e9c7f8d3cf32f3093cc091d3e6dce2bbaa4b08dad38b4f4c9c9476bd88291e90971a4fbf4337fc7e810ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7028caae7824f81344b7c2eb87aedc0

    SHA1

    f953d8b1fc847091bc8d263443f2b9ca7978a0ee

    SHA256

    c5cf5ef7f71c9cb2f1b0e24907cfdba85d89d61014944a1ccd3821e0715ea223

    SHA512

    1375600d766a25a4ac1d1716a51eab429853aa6bf5360b681a8d1368da0d17088ee68722310bc560fb6872df11d5f493e29ba6cc72862bdce337e75584ccd484

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    286b6fb2063f5ccd0b2d3945402c20d3

    SHA1

    7990734ab8e760c97bd8d5064ce29b0e071cda70

    SHA256

    a748b3430dcc9c44a0ef9e6c1d8ff557a9a9ea82ffef17c536e321d34f6a8cf7

    SHA512

    1008434ba4c530a76e81a8315b5317dbad46ee988dbceb6095745f8d8d15d97db3ef3dcee68630ea0731de5939fdd6c09d148a8df44d6c48ac72679c4df1b452

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00daff356206484bef9361f0146d544f

    SHA1

    295db1a62981e515e32179e517061721411afe0d

    SHA256

    fb216ef1d7bfc83ca4c22c5059cb4d4988b2555ef0353ef98710db4db3e5c6d8

    SHA512

    2f128271f9aefdd2ccaf4b4db9ae1e18e99391cf0f6fa66608b3e51bbdadd7cf99c62d0590567351b13c00497f4aa78317d05c76009ee65b01dc8c219b07daa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3a8c340eeb04eade8c87d474a81c43f

    SHA1

    eecc6b1c3bac028031988d5b1d13082dfb1e5bc2

    SHA256

    6f4cae7eef163d6f477e318e502ef23c9b0a1d6e1a3b3fcaea605fa7d2dd7ce9

    SHA512

    44cc6e5629ebc3ccac128601a22de76c5c91e34f0541c204f35f415c70a01a4618164b651825642bc69b5896addd77d93ab12a8c29c618c335cb161c1c4713b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    602565b2b3676e4ec7f6badad94b6dfd

    SHA1

    930ae00c8b59da224c95c59755a8c000a07b25c2

    SHA256

    86b0ab4afe4c8823342b25afeac66d9662499950895a3cc909c82356b7c890d7

    SHA512

    b3af0439d336e2154f6fb958e8cbee377d5a87f1cf2708e90fea76503148cefc6645c0e6012c088d5cd739cb62aa2d98c950e498c569e3d87cea77eac1017929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f745487cffc48cb691bab4aa606e84be

    SHA1

    c8d8f32d3d3ed116c3e36ceea6b2ffef51bf7be1

    SHA256

    c077abcdf32d25be08268d5766fb2b934fd9bdb9687d3377f5b58dac96bfb176

    SHA512

    fead92f4a471078aa8fd9fc5e42d9df6dbaa9a203493c0c8224b052afe1097d32076523ccd184d60de058ab4b71dc87c750973e40929af48f58668dd038290b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f074be5b2c86a19464346e6251910f31

    SHA1

    6c68ff8a241951dd53b47e8a68d817cc1362343a

    SHA256

    47a988bfde90266c7ca38ea90f25486e70509505e64f91c053cbb83371d906d7

    SHA512

    0d5f8e33fb33cf5b73bc059632e027271a9a7e002e54b9e2144f5a6203b06650a924b4a83fc8b9425490f929a5b2a1b7e3b31e4c7290f3e0d792fb32a53cfde7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f87a25797f6fb25874205b475219e69f

    SHA1

    c4f8bbce6c112654c7238c35a620270d5da43313

    SHA256

    f04718cc51e027332e132f08ad9f83829f5faee191baee6268f9bc4438e762ce

    SHA512

    16a4b7c99286ccbd8697b5c1b07cbb6a04e75ca7c7bfa9f6be8223b5f5948159a3af229c77932f32447c740f88da336d576f90ea8e23944eb153f6fb1a1e5eea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90bd39b1febc6f2e9c647d4b8bd6954d

    SHA1

    02c08500058323aabe2059ba3d52e7d296e8a54c

    SHA256

    9b199443bf0ac7e961fc433d904e8daf77b469cf3618b5e80651da3b99f98bc8

    SHA512

    d7f1e4b826c8dc9b80ff6c4a72616ea2fb1c0d37aca7b572e307b7de378843cd7951835512146329927c8f592230ea8bce884bb500840bf3295767bda302ecb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a105717a2f26051697dcdfd4ef7360b3

    SHA1

    9b56759f907b4521ccf3a999422bd25c2b663ad7

    SHA256

    1a831312778301952190cf783d78f6e75cbea563820025e8d11380abb1438859

    SHA512

    f3a0cca00b34dfe22c9a4edba27cb3f429f2b039d68236e5f19dddfa079f4bad03ea3aeecc6117269a45eedf7d93fdea4a18ea032122504368ffa531ec0fb52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    816d54bd0753ac9f0e50e69b8b120492

    SHA1

    b42cc2041c317a5d6e439d3c051f77ddb4baf084

    SHA256

    6b613e06290a048ea1fb44be4e0cb3bdcb16f4a648e6dff73bc3984a85d1499e

    SHA512

    63aa7513b71066a2571eeca94eb273ab32897efd2dd1ae5955f20dd5673933ded4efb881279bd31e9453543dd30df18079c4f4b91f236d9503a2c44f985de650

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3AB.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3FD.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2812-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3028-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download