Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 10:25

General

  • Target

    ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0.exe

  • Size

    1.3MB

  • MD5

    f847c188f96119c382e7d96b05305a92

  • SHA1

    c3c8e0db6b9c71505f34f2a9a775e2bf43df40c1

  • SHA256

    ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0

  • SHA512

    3238e2731c0e3192a3cbb4f4a02846edaca32bc2784af5264944677f93efee7fab86b3134ce5701305db1e5e83d72eb7d3d72cec4addf5158a4ae68606be29fb

  • SSDEEP

    24576:Qak/7Nk4RZnOPUKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/tOxZu+k0WdEacJRIo+E

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0.exe
    "C:\Users\Admin\AppData\Local\Temp\ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Users\Admin\AppData\Local\Temp\ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0.exe
      "C:\Users\Admin\AppData\Local\Temp\ecc29681c0c5dfe5a7d7bf8d4ec364fe0fc2b5c6d5e99508b0fb73ef1c5ef3c0.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a1035097f2edbabcb6f717dcc7f8eccf

    SHA1

    b8f9ec0c8b0687351faf2da8cb743c6816b24d92

    SHA256

    df833f0cf2e70e6c41c791edcd547aa6bd4b9532077d836439b09a0349bb6193

    SHA512

    f0958f320cb3e8675ed1a5cbb3c5f32fc1417dde38e105656ae8646f6d38586bf855673f28c6ed1be60a144912713ab35be3224c3ddec832a0c5235d4a6a9b79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    56f0b3160956435ceac1b6e44bb11aed

    SHA1

    1303235d4169b5f06d4658b8b5da250f999130f0

    SHA256

    626ff527a12778e491a569a12f81251dae4c45e94f5c9c903f8739f906daac15

    SHA512

    ec2c63ce6e4b860f2f8822375310c922dcccce46ce15e958d1ee8902a23ffc6eea02f6e8d403a22472c2136d0de24683cb944828ccbd6c09b25c49192185fb6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e90155649c5b0331d9225c817daa1f48

    SHA1

    d911f8b45bb8690a3f978eb694e23a23a4b7aa8e

    SHA256

    8f9976bf73f7ab6b58d3767fc11eba91d4cacaa98c2b26307d3d3c7430a97d6c

    SHA512

    e37317ea1bbb971ccb7d75ead688cf7b7b3ef09e682cd05128f9764757f92a313c768b4b2ff01786d49dcc18de3eea27c487a15f15627f2ccf81ba5a86bec824

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79bab983a805e309a9dc89d8ccdd949b

    SHA1

    1ce72424cab5a7d465a53e7eb6ee0e536376552d

    SHA256

    e090ab3d6ae22cf3194c0d0378058a34228b2becbc4ddaf773dd82cb99567ad5

    SHA512

    6e6889afaef8c3d9f813ae4de1828739a6294224d38fb343477a89a64d1217eff126dc3755e8b40424449be3b54a4408351a0a992c82d005991032557c044ddf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ef5a6e3166abcc3d6e877809a6f55b38

    SHA1

    50be8a1f2616d8259b456d6b9b736d1fd0ca0d22

    SHA256

    af0dfffb60f5ba789ee4de73b863d8bfd6b9feb33694676df01d591a0d057ce6

    SHA512

    98b978b04b60ad896a3fd097b9c6e788071eaf4826499540e773a0211b3b37dc23bbbd0579331e22cbf010470082e0064ab36e73c0105c8135f1ec0045b8a61a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    93d463782f90e0ed638453144cdd5b52

    SHA1

    14d42934d2f28ec7b6ab6b1de001a81fc0d6be05

    SHA256

    011ebbab3adbba9e057d0c6ac29979d660ed9022d95c0398c66a55b7f95a273c

    SHA512

    e37860225dc59697b008f4a44fae2e62ca77d68a9cb53295b458455aa20992b8967c430e1020b50605b24c52f82bb156b3cd2617469f31f751b8d4f1f8229130

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e1f6fa393871cc34bd2cdf9f40007d9

    SHA1

    5bb7165f4c227d5d3a53730ee01b3daa07a022d3

    SHA256

    b2b2ab22bdd5d5fa6cee5c54e23ea0a632ef99757e74f25b875747d88c489b44

    SHA512

    3e5393fc2b019329ea49cc4f1644a6e635d85f8731a0c169455ef957ca8f1048b86910ebed60197fa5d88cb38f31bfb93b7350ef44a5c581a1bb4a1a1b9e524b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f04d39f0fb8f846ae1542276a6ef5a86

    SHA1

    2cb7b72a1a008b418f840a4e178f92fef5dfd59a

    SHA256

    c2c7d5cef6dc8f567a83c7aff866db7cfe896ed8177343d588fedafa52e8d537

    SHA512

    3ecbbae402c980a5f004e53a3f38ee014efde66219fdd2888bef1b3a17d16fe2df04c59de1bcf9fa42579f617d7ee8a6ad88a59c75fe355a3e4983b3af727754

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64a4a6974c26d85733e22228843bc5fa

    SHA1

    fadbdb5002932df84a7bf1b7d00fcb3b199c9f33

    SHA256

    228426fdcf6547b82050e003c790931d42319cb4b9e3018b2950f6f067b9db2c

    SHA512

    8349ff587f6b7e967694d97c09e074ce40a1ea6353834241797f30072b037fe4a7a0656206126d0081caec02d14f9a32c76d655daa36e15492350d743e6f342a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f4beafd0aff1bb745a3940eb78fe62fa

    SHA1

    a1b845794336b57a0bbed83f140b1113340730ee

    SHA256

    57b2e0dd6c279ef3ea34fcfb687576b7763a470ea9ed970a7ba22378d5bb4280

    SHA512

    23b7502da31431ffe9cce17636c85b3869eee3ee153f0921ad76c33b091e8ccaa441fb5ed737875ad887b4b1e9515f15f806d59c097a8eec7d2a5024a43eef26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    24da99e39d580876d183bf4f46c793ac

    SHA1

    7260ab05a09c4bc4d50e8a84264aa605a0aa6895

    SHA256

    755523815277f324f38223f3c04907209055158e9ee4c412835e76dbe8adf837

    SHA512

    5e29adb9a96564bb5a54288d00ecbbc373ad51af4fa4b63bba0aa98752191dc7c27428d27828d7119ef2b70cd5337362aecf25fcb5f4ac24e960fea46f7b4747

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33c2a9f5c3f68d4287b04c3c6235e849

    SHA1

    014f7c9c1519e8fcb6895e9194f5d50451df7650

    SHA256

    bf76b5e577537218572f160b1b5bff876910152e5c9bcf66f991cad8e5d06eef

    SHA512

    34923553789aca6cff4c5483f969dbed286300139dbdc6a20877886d541c6e946f08b0839b4f66a75ed0acc202624cb3f842c4039066d9c5b40ae52e5fee6ee2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9109f7c8cfbebf250e16aa3ede867ce6

    SHA1

    19d304f9c0ed14ef1c0b5cf56645264719079879

    SHA256

    3138ca366d498520379b25cf56565f2353c8dabc3009d8d03102ed7fafbd904b

    SHA512

    c96e45c43d867940b110ab80625b585df991dbf14f1ee39ad00d2d0948dcc45cb4eb72538c663c5d7fa266cc708c53182548e0f5079b836a73ca204a182d262e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1c4c530b497002782c4222b1034c127

    SHA1

    31359d938f2718070e58eabcabb1b591cc52a96c

    SHA256

    94abbb26c66a97c94187c595fb13a903be7e0d1ea4492ab006c5ad6ddbae3893

    SHA512

    73155f5eb4e630673476e7bc76b27620f9ebdccabe68233b83b2d8e248983d309b0ddc5c7927d08e1ed33ceb20461594c3b9d833600d9c10a4bd5e1e027ba1f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa6515400e2780ced7ff5c1b9387f7b7

    SHA1

    86ea5f5546319670f4f64dc8bfd43cd60ed28fa2

    SHA256

    42ec99a168d7e38e68726afba2c4d152f3ffd75eb09bd5b9f57a6585ca842465

    SHA512

    bff8269c117ba7142a8e7af8fdc123de3727347579218ba57b9c74773afbef40ed10dd2f510cc99bf1e17508047d3b3656e75fd086ce4aaeb4a4272ba62e3f74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ec93acd1144a4c24f7e4daae8015515a

    SHA1

    24a05c3d0ab2e817a9913074947112d3606923d9

    SHA256

    74736c7c744e770c0342f5653d65e3995c33822f324cd171550bf5f2975a7bac

    SHA512

    59657859e033a21198ab48ec7358808dd80e80174c006476ac8ae28a07ac123f734b998be81aa5bb9129bbc002ffce4089d47ced9bc8a1c96311bf0d8179e253

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6791ba467ae3edcd5aa0ce2e000b5ca9

    SHA1

    7d9f02a3e7c59d14793d07780fdfec880670e523

    SHA256

    fbf02c8ea8921bff307360f227c25277cd623adcef68c1278ac7773385bf6f7b

    SHA512

    7ab163365ee14873bbcbe5e33aa5fbf62c752c1f315605b9df7ae0e96c3ebbd200a85b236e8e4ab37223af7cbf35b681949a564644e4d92fa9c6467613636e66

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    129346f342842e4f79e3d859c1bca350

    SHA1

    db9ceb0ba8f5f24219167a97dd421a1780f5a44d

    SHA256

    9fa18a3990baa8059d57c3e0374bb57f7dc129fff079395594b4599bb36079af

    SHA512

    cbb07edf1a0a1666a4c2f5a4fd99afbfe73745a708d72a5bd7ad99dbc7d7c3d2630a96391ed5041ff7d784345a0f6a66624bd08b818e97ff6ac4472311785035

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    366344520123248291752f932eb6d858

    SHA1

    859b82943bffcbea2c206237f2b9040aff24ddf4

    SHA256

    8941299d54b93cde3a535ae666899f73ebd6ba0767794e5a0c5473edf3704881

    SHA512

    3f36948d11738e228643eb20bdb56d60e788562fa11f30236100d1ba137b967a93f15e26635101b32f145581109fbf2f9bbe1a226ab13840c86e5aee700e6088

  • C:\Users\Admin\AppData\Local\Temp\CabDE9.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\TarE49.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/2432-5-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2432-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2432-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2432-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2432-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2432-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2432-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

  • memory/2820-13-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2820-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB