Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 10:18

General

  • Target

    bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451.exe

  • Size

    1.3MB

  • MD5

    43bfaf76e0286fed0d207de5cc96a711

  • SHA1

    a2376abe07787f35353b4a3499a9b2f680523279

  • SHA256

    bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451

  • SHA512

    ebeb74db3d37a7244c994321441e05ba1e3f92a1a0f5a5d01544adceaa98c3cbe152f479d1fd299aa26cbca60c3a29f063c049d846d4b203320b30a6dc1699b9

  • SSDEEP

    24576:Qak/7Nk4RZoseXKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/n/Zu+k0WdEacJRIo+E

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451.exe
    "C:\Users\Admin\AppData\Local\Temp\bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451.exe
      "C:\Users\Admin\AppData\Local\Temp\bd51228ad6f44f57047b4cf7bd8574d5485a7e9321bef3f0cf7323d42d265451.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c24ce8454acf4f326b0ff4c71a174da6

    SHA1

    df11020fe0c0fcf9a66f8e4c7f71551392302993

    SHA256

    40cf1c047556fd87836f3d6ed26621b3978a938f97dd4d07481047b06e6a049f

    SHA512

    016b5fb0a86d7071c7054bf4c5ad4784572d3c3f1f94b38eccab35d74e5a983d120b8b0b6bb79841c8f67a869cebd92d0de8907cb553fdfccb37def1e7cf1c05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aaba9d4a2e42f45d5bae893d6f99d0d9

    SHA1

    165f3ca27427c6f00c31f6d5668015b07eee0d5f

    SHA256

    b26cf3a7b27105155749671e7969aa034dce0b017dd64941cf8f2ae50da5b935

    SHA512

    01585a038f5fe05acc78e48dc5ef941abbe6c7cef052c2f8d5b80f581e3a2f2fc898371bbfa1048d7d7c5b244317c91278fededa3ee643ff38cf1b2726193d1f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    528a5e47191197a924cd71161e19ec71

    SHA1

    dc520a6f387b887887d14d15f38cbaed15d0311e

    SHA256

    9b3a909a9c83dc1b33821c532ede9f386a21986093a11a9bd0a6977b94acf193

    SHA512

    ca969d9802fa6f96146f20166a54ed400a050d29f9488552b466ce6fe5995071dcb6ad9b594038a60192e29de6ef3f8e49a7c6298ce0aba9f0d6fa1aef013262

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5680898ea1072332c05d7636bebfeeeb

    SHA1

    3dee467a2de228ca046c6bc8ae8046639b42570a

    SHA256

    dfb9ea59643912049195e216900319a139d60d0c4e84048a552b713c1cdf6662

    SHA512

    44b8914dff3771f3cb69d902c53fe9f42d0f8ffe626cc18d0923c0c84062532536abe1538bf58ee98d33d343f44e895045a9ee1ec439ec8ffe499ee749c8c382

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    898ca1f004191d9a517cf8b2f7384597

    SHA1

    7246ca0b14634714918bb8641a5698f85fcd45aa

    SHA256

    a68e0e9e94b29ae091a5f61c66c452189e755b08faae2351a414173ee0c2f54e

    SHA512

    2ddb51812e8ccf427829351ad04250446f76a13174b37e2439f30562c3ef41b17005e450ef9c813e32b19ef35f959daed624b4e1d8127df1895006b16b803ed8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ad6a85d0bf2a36ee2dcdac52e7715e80

    SHA1

    449b827e17d7f3fd6303b0423a52e73dedbd1fce

    SHA256

    e3c9d1500d1e2048902d284b807c7c60ba18e825fb24621cbe42c7f8afefba3e

    SHA512

    b67a1b0bce290be67bfb1e615309e20eab9ad08220ff11f93d34d4b59a60bfeb7d35837c73ded54fa8c49ee8e6759932815c1522570d4e082667a57c1b4ab389

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67ef49423302c2f195ccf2a023b5e691

    SHA1

    b1fa7764fa72c347ea0daad2161aad1c058ea339

    SHA256

    b66684c4584859d4cc88064f2f77bf4ff4a06c73be34292b0d9d61ab00235062

    SHA512

    1d10d4288a6300efb3aae465e95863d4f45fd4ff522ba7b8df291f7218e9962880d56e4fb0e3e96dd40ce6d935c2e63f7ad8880ff383f1f79df3146a12739b7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dd091afee0b9f8e4ceb49eb3ccfbeeae

    SHA1

    d76dca4cea5d7f1ad5104cc56310618b1b4eddd8

    SHA256

    9249f2331a60847723eedefdc463d1e5c658043b1fc2ea11aae76e188c7df4be

    SHA512

    0ec907597e176043d265b54d9d27a966786ab03048aa253398e2e8cc54f1a4f4e5c59025fdc5511f7fed9f4edcefc1c1b86fa780bff0a9fbc4943604c2238e98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d42b33d79f35f520c315df8164c571fd

    SHA1

    8bb160e0148ca045e752cec38873ba1fce01ac01

    SHA256

    ef91a3e18128f5c1933da547d209db25fb3aa0f6f7b635c3cfbf0041a9e795df

    SHA512

    7288ce824563b94d1616aa49d1dbfa7a15eee5923c1f9d75149fa47fdcdc5095fe4a44e216272b9ade7363867f4599977a6bf3d7f45602ba5c25c2c1400abba7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d5b1f426497c871362ec484dadf04848

    SHA1

    9e515d474ce65b97b77ab67d7fa3cf6b292f1637

    SHA256

    9aa0634f2a6f26d223d0c2aff775c766bd79e6a0d8fe058843f72cd313c97c72

    SHA512

    b65bf7020da00c8e902fba25ee50e803a3b1c8418aca2edcb08258471247dfa7fa66ce334b45d6d98ec8bb626a5d499cd2e53f10ef828d22460d4784af204968

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    201693486dc68ddbd8cb6ce01d02ea9c

    SHA1

    e808b929e937d29e27f6f8537d8d34bcf1be3935

    SHA256

    d23486fc7d7407eae5f25cf8264683fb8e43718a6fa6290e7689930c50ba225b

    SHA512

    f62d8f96b036154bcfe93fb3fb5f4d0f77d9b4237cc934374c0c43046049c980333ec4621e087015830439fafc4604907e1e95886a7255c718d5a9accf3e66ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88478c0a77ff6a330eec38537574402b

    SHA1

    fbc34f55f022e0492f0022bc009d485d60fead3a

    SHA256

    6e9443832564d26cc9aadcbc272abeaf293ccefd11c01187429982ff274e4a9a

    SHA512

    ce6238ad7977e109b2ba41d1c682bffde2e7317da3dd12223d58eafb690c75f8288faac97f3f3af6503a969e9d620ef1b2562540e96a1a6db81b39147ce9c42f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d2ec7542b72d072f224280d07be4aa92

    SHA1

    163cc8e92973e386f325cdf75d474071067adeb6

    SHA256

    a053ade469de2bf3a3b971754de1407ff12832506a3675d4387ccb588ff03e53

    SHA512

    a45b74f726fefa9534227cb7c09d01c2321a6c9a5d823a50cb148f649ea2b3e61195ab349081c8125457fbdada1646f54ade18a7d3dceb5fc1e77eef53c23cc7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ecd0572811141851fc454db4be07d4a1

    SHA1

    d2aea46b623318e572d1502d23c79173c6379e9d

    SHA256

    84ac0a25b777ec8ac265f385004cb41fb30de466e925b81dab8ff92ad36dce5d

    SHA512

    e20a3da8cca3bed610e0c4348b1728a532eb09cd10ee9e9f764265449bf4625cfed4c5639f9e2db602e2acf126dcb5d38000bbb1f974cec20cdd853167cfd4e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0082400240ca41589da32be774b291a6

    SHA1

    0705c82a28656322fdeb78ae8e8bea769b07687c

    SHA256

    73272d76789cc99730c08c665bcdeab26878d074f77df8db36c9790cc9c70e5e

    SHA512

    fa3f8da80b1b14ece57bb42d78b9434e1f666699da056712a4b4ce58cbb5c6c9f1471c3b65da77a8d07e5b63205e2968c8a54b8926d92b43aa7264321281c97a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16d259a287de334b5c0993db014d60bc

    SHA1

    8778185b1f42470e8e4e7cf54b16e671d711fef6

    SHA256

    4f8cde93bcb1aa465b6a0757581b2bd1723331ae16879370d334aad8d6d974df

    SHA512

    75f3026bf16ecd2909e718c3f2d4e918d30274aa9328c5879bf5422c86d94f06f2d75c88885078acf8187ef2b1c9bb97001b6cff5c88fbb63130efbc6953fe4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4339c5f661704902238785c2a0b20bcf

    SHA1

    391afb9843c08b02dda04ba893ed452977d1c590

    SHA256

    d56b460233c88119266d3be5dd94c8e18c52d023375bc8e95a7d29fcd5bf4e0a

    SHA512

    6a58120f433d2ebcc48295f5684d0225323f9f7a5f48501ef2317371ed0cb74f1f2feb3e68b824a0e2218b34f18e057fab6e1f431029b34421dd17c151068dae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4752099011159c5f10035b9bbc2392e2

    SHA1

    e47a788316d50aa7df495b4fc7f47d0cf7598a6c

    SHA256

    0b046caf2eb9862be01a5b6ea39fc879522dc97326e7915325df266155ad39ef

    SHA512

    84ea59e1d90b731f01b67bf87004ccae2ad25b121e16f3b645cd56b2b6dd45b8d74b1ac6d4ba00eb82cf47c221c642be16a1a66002a2b6ebcdbde6e0423a1bea

  • C:\Users\Admin\AppData\Local\Temp\Cab19F7.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar1AEA.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/1832-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/1832-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2128-5-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB