Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 08:14

General

  • Target

    d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe

  • Size

    1.3MB

  • MD5

    0f7a88187b509a9c3c262af89f041332

  • SHA1

    c6718b2d69922f241d4e38327883d76a1a6ab11c

  • SHA256

    d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b

  • SHA512

    852b48a8b86e67bd499cdeadf14ff89e9cd381315d671b6f3d9e722bb1749e1bb2061503377c75b205778bdb38a53c5db0bf12305e6552a1313f4ab2cda4c27f

  • SSDEEP

    24576:Qak/7Nk4RZDQlKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/5Zu+k0WdEacJRIo+E

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
    "C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
      "C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2648
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e94449f129845e8d1bc670f852c6972b

    SHA1

    54ba904ddcce9a8170f9f5761a604d126fc3410d

    SHA256

    0f3cc171c9b4a160f4297c3d332108b864a83df585a4cd1b4cb13cd9f616cbec

    SHA512

    639b985f85c18b26550f8ba811c8acd71cb97b8bad9b0ca591401bf2cc00ee93b5a49b71c1c74da7e14b05fc30c0170274dd5dc78088ed864036163b4c1c2398

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0eea4d11ecbdf3aba4b57ba251524d41

    SHA1

    be34c569078855326d372fdcefd333fc3361d3d6

    SHA256

    5956101f2a0cb02f44b95809cfba09ab7002f0d0ae9dd1741c99c7a9e35c0d9f

    SHA512

    267887b985be31e177648451ac9c81c640ac50f067af7db30979c1d67957ad09633f183d4cde51151319cb127a8b8a564b7e839a19e76647fccd57070c3c837f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a1eac590336780e81ac055e852997d00

    SHA1

    5e9835a5640f261dc661f9e0ea6a3b188d2d2c5a

    SHA256

    1983cb8c665bcf408008690f9409df4d900376628692629583b127ac7aaec0ca

    SHA512

    e36877b5777757329e7afed0f107947c89fee594468d46f301463c1bd92221a8b51f2a1eab3d9d224f29ceacbdd94b2f3ba8a90596f9a93bc6d0792c9ca28478

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f0f9bf370a071e828d999b00bc246dc5

    SHA1

    141de8215cc2ecf37279620cb8ae431307eb9edc

    SHA256

    9c99191faf074c17dcc9e17f3409e28a90617f9504d137df2ca51a90054d4639

    SHA512

    b7b9c6525e0d36b64570dbaaa28f2632fef1d6630bc5d77abb4ac5e270ba89c0b4ea5b30f274affa414c8afae1368801c26ff6a312a81af24794a3cd90309665

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16a967b60740253725115fbd949ac979

    SHA1

    5d602cbfdb360966c162039d90f34f5612953aab

    SHA256

    37c0df20e0fe4c6937f6fcd3d9d9e138d0675783116d9f9a046ea3717e5c057f

    SHA512

    a25e04ec3a0808ff9838b61904b4fb819d8780578604ced78e5880d77326b13b69bc82c4cb37375d43aa7d5426f6b4926891107384e6f78fb1f32e84d21e2a0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    87fabcc79d0aed9775d1a9e21cc65824

    SHA1

    5b25fdcefdcaa3a12d53413fc7ed47c107a2ee6c

    SHA256

    399bbfcb0f75c98d419e03a862f63ae9b99d067bc6da44ca27a0c7dec66f103f

    SHA512

    4338418d3d6e4f31c760c9a23dba2f94e3d164f7106e1e5f4293b75c920392888eac03aca57ac5defdb54b3ac1ef5b28d00196e748448c4668aca520eca01173

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa0815ca06c8cb76abf898593544b426

    SHA1

    8ce01d64c07e3b3e9f48d38f7ca2e290ac9d805d

    SHA256

    8276cd5f8d35667aed1ed34106a5028fc7bd599182f538d88a5923ab3b9aa274

    SHA512

    7d7aa748c40b69c1b41d8086ff94c58a99eb40e068099af0c1fc15fd3cfb7dd81738524a588888cfba3704d8f44fba8266c4fba793171fee64dc69ee15c6bcd3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    afd20c5941a9a911a2fd33867b020efc

    SHA1

    1d2613f01d99567ea09adece580fbb8770910c90

    SHA256

    faffe484181d723b99ed996885770ac3cb5402dbe9c4168306813605fe3ed2a4

    SHA512

    586014591250b652d77b5bba8aadade6fac52c1518b6acf5861140b1da68b0044174be9b1360936c6b39634a9c23f4614910622e350c5bed5789db3ee9efd87f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e33d4f95c37a4e268d4aedd453521f3f

    SHA1

    cee242c171d7bb80ccdf856ac9e8103e9a8e61a1

    SHA256

    9bb907295dc3eb01730b881b226a3f5da488399c4e6f8c42a9c7061fad516f42

    SHA512

    3e4d18f58ba67b7c74c2d306dbe1513877413bb09c2a3906b284a1b5471842741ab0add89eb2886c791f696fb0ddf8bae5903db9cc91e0bc7b1c9ea357a53939

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    062694f81927f40995436fc8e51b2433

    SHA1

    3b39957f57d9433352dc53bec0c40fca2c24982f

    SHA256

    a0f1ec1b2307396b0c99060ac823c89dd17ac0578d61ccdec17ce2ad069bbd02

    SHA512

    92160d96d49bf3edc68e8d36b781819dfc30e4f79b49f38baff49bde3f3e39349e4fb94d0a501902be71a3949314df2d7a5340c2afba691f3024bcbe94076379

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5bfe822bbc1b964b7b316514ecea1fb7

    SHA1

    2e072b62d9dab425e7368767e4e61860be1d7ac9

    SHA256

    463eee7c0a658768e8923d61fd06f45ee1776370275f78af5b8a18889be7268d

    SHA512

    6ba6572c8be8b207c922c16863c391c2071a1b5c094b6ff8868aad6e999d108d4687083c62df5ba7469b932784e8679052dfcd37a9274b0573707f8e95e4f6b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    23e0abe2f2b3696a83c52b3afc010694

    SHA1

    0b146378018e24bb4dc2eb24ec626fbfad2ff778

    SHA256

    3fe11140f72ef3a34963b9a156d226afd1f340742d140a1e270bc59abb9aec97

    SHA512

    fb961eb16d29841a8f5bdf26b9a3e14ff41681fd25fe509c367c46048e2e8cd08134cbb2f8c05cd70d5a4cd8328f7a16f3a0a11d8c254389d1b9cbbf095934b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5014d138ae3dc726abdb3ae520c08fba

    SHA1

    921ad0bbc74fc152159c5f3a56ffd3fd6d0964e3

    SHA256

    6e98c492e17823e59311cc822f060c5db7c90f1226030bf7375252c1f78644a8

    SHA512

    6c8f82f061c82f58f71dfe3ab7061ebfbc9971a2bb8348ff83028771f6843e5be73b2d757ab67adbb0b9d7b4cd7cf8306658a273b00e7e7e64e5931db7e9dd42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    02a10899bf5faffff6a845ccc5d4194a

    SHA1

    227d74b8b1ae4e8d043722b4af311e6e68a98e99

    SHA256

    d47aa2793acb266c7c97c8e07c68a7f65c92494520df88d91e43002e02211e57

    SHA512

    fc55f03d6276a8c86ca7e5ff732a7f75a7b24bb5a91da8c393bd4636715958ce5c3bee4f80a13b2fbf0419299cb16e20b92212834f06293fd0dde39851467327

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    55f14d61b4def1b39188a12a960c8f5b

    SHA1

    f1ef39ae47a0b4044c49d12a98bc82d5bcdf13df

    SHA256

    8c41d93c078d29006919e08b1f968a582b7e661f8c79d919812cb3942aa2e8a4

    SHA512

    4bde6b5537c4737d2d3255ba3725694be03b9fd8ebe0cc1c3372556b67ea8365dd8c9f86a19a51f6b142816ef6b032d27f124a080748a3d92c9eae2ed69f434e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b578e85b423ae20ca2b7fc2e466e0872

    SHA1

    d6bd9d960d314c2facc19c23c16c731cd28c7b56

    SHA256

    ead6e109526b58f2a37d71cfa54c56485ecb4e2f3ca9cb0444d8eea5324bd50f

    SHA512

    36f659e64b94270a28c4edb1f148312c856cff0bd14e09a4b998a886a2f1820f1ae7c031f8ddb22175040e4e62ffbc13edfdfb9eaa03511649f4a32725689c65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a01957b6d32bc35878e51ed8e3551235

    SHA1

    2c2d55b1cb132ea178f8542ac39779bb2dad0de8

    SHA256

    cb91f3e3513ede05686e077acae3a172a37a8985675a5d0c2b2d3496e7d72033

    SHA512

    c66eb1cc0e1a3251157493032095ecd747299cb0738396728490ea048aa4ebef3675ec76446c86946e203be8c613cf79043c2b9380fa9ecf7b8e2c25a9fb1240

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6ea1061ea077720a92c73fb1566a408a

    SHA1

    18b4cdfdfd742c2d0be2e6cd6a23c4bb1b402320

    SHA256

    6c8220a9465bf3acfdcba1f9b7c0dea2d9795e8e0b492e5c878b07148461b08d

    SHA512

    c737dddde4b8d809a82253cef99e34bfeaa5fcffedd8b5d352b28845062bcabc123aedbe87e9afd5cc76f38d4af3dec056dc2ca996ed84581f0c540c743d1182

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4dcfcf572a000c26e7ccbba2e5c53c5b

    SHA1

    0bb0f0b8b4beea86b99da3785199a4efbfb8ff82

    SHA256

    336344ae86c3dfd38b11b5e1b7ee480d4c0fbf1c4b8dc80a4067ac4728022c3d

    SHA512

    7a7f0967208d2b5c90b57023992c1cafaf6f59977b1a77ee933f39c723ef4f4ac60b6985111482bb2264455c826b396e4ab91cb83be17a8b7a0452057888fa77

  • C:\Users\Admin\AppData\Local\Temp\CabFEB.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar103C.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/1384-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-6-0x00000000038B0000-0x0000000003B56000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1384-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1384-13-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1992-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1992-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB