Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

6707f4bf94...10.exe

windows7-x64

8

6707f4bf94...10.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6707f4bf94da5453439f5be662361a10.exe

  • Size

    333KB

  • MD5

    6707f4bf94da5453439f5be662361a10

  • SHA1

    f10ce9409c260d703058fa8228d432e35a212eaf

  • SHA256

    be2b45e4f97d74582a0529cc64da0acda4bdcbcc1298161b0d34b2bae832d3ee

  • SHA512

    06c462b1627ee6fc19757bffd3c24ff4cbb00331d7de5d4d6202b1e5f1e27aa2643b05dda048aba2ea9a9f08b32dc14e586a76ca324c4b4e13c4d29a08c2fc58

  • SSDEEP

    6144:ppMM8EV1ODepMM8CrjFyfjn0sfiUBpqpebi3vmnFn4lAVC9O5j:UxRinFyfr0sfbLi3vmF6Pij

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Contacts a large (1286) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6707f4bf94da5453439f5be662361a10.exe
    "C:\Users\Admin\AppData\Local\Temp\6707f4bf94da5453439f5be662361a10.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    480KB

    MD5

    75dacf6460933bcf9159d520797cd9dc

    SHA1

    33dd26dffe4eda13ba67686055e990356447df1a

    SHA256

    802d443a7e605179b27b28e2b0d106816cd370b88827ab623ae623b1096fbf3a

    SHA512

    ff22a357cc708260ffcdba50c096acd96dc35c8f010c22f5f3cc92cb12f4b506fe63f149619f627c921b7084150dcfb300defa180e7490d1912d75a326647920

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    13ac2fb55912527d11ed9579f7b38358

    SHA1

    0ed3ba585a872363b788985fcf0db8a928c33f9e

    SHA256

    9cd52d214cde0e85e5b362f3dd409e2b68cc0c73ebb4423808c601fc24f34e38

    SHA512

    40e66469bef5643ed99e54f1c1a047cfa4041348b01d9e88ac62572d089450dd0d638b6b2e1c93b524bcec939e1f84412a242f7792f449572601448bcbd3d520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3b0bf5116bb6d30dc0f91e9e29723b01

    SHA1

    021d410c382d02ee7671f35e9106b9e21eda3ba1

    SHA256

    6c3c2789d6a1b1ad8eee32378909f4d7efd8da08ccf808316574a78978420cb0

    SHA512

    d62aa39bd32bbfec4fc0efb7cb8665eefcba5ed4205d593ddbcc125325ff64f776379ed7088e75b2d9b83f15b854ba85a0ffb3cb8892a5965cd5bc7b5fba2756

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    04cb09de908b6915882f2aa9842b193e

    SHA1

    cba454c1916b5cc51d838af99fe22dc0d785c44c

    SHA256

    908938f2bcff5aae2e4aaa3b68d58080b53c1e77c90895518975a34db567598c

    SHA512

    f0092523311884fb5268a361444d0c64a31936afc9b6b100bbc28bbeab783db2c0cbe9734d154d0a8e564f00b612b00b939059aeb3ad5645949769886db0acac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9f628d47a1721060f640b077e16d818f

    SHA1

    7ea8cb7c16a4ac438b0cfb3cc5a11e0fb791b869

    SHA256

    fa05006bded0a0037ab5b5ae34227e31c1545af4571f9deb66fb9d8b1baefa3a

    SHA512

    d0de628b1cbfa64f93b3fd1dbc7fbe9fbd4f8490e9dc4d7a036475a0cc2b8080b90ab14d4ab87868770ed42a97d8a9faa4769e38222ef59561c24f8b80ba5551

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3e93f0d6f06b46429198f4dfc6ef1acc

    SHA1

    6a78104297445e19fd5653d211e213b4a1884ffa

    SHA256

    b38a668139855066e58fe4d439ec23038aec9c52f29d97e60abc1b1f9c1e477d

    SHA512

    2735fc6d0e92e71bcd653885aa44edcde273e8cd4a2eed7817a07959693f1e19278d600bbfcbb4839c0827150d6aa20186d2e681b78410737d7f2736ae3794e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b51f757f8af7aa71dc7d159b9d269e75

    SHA1

    567dcb609a6a76774623ec4a28c6c0d802169043

    SHA256

    7266ab9a17e29ed8414524e935a27cf4754cf4133b3547e9e553f839414e8d80

    SHA512

    f8bd5799246553d0dd27b8b36dbbfba1f3a811a1b052527fd8c3b1522be1e03f9d0241c87f606d85e03ff47970245cc5c8cbe4f9fea0049adf14691bd7108d91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7b443f4f1816a950317cd0309c5349e0

    SHA1

    6c5dbe89aea90b6e2d2eb1e6b5bb1bdd101e8cbb

    SHA256

    3067f2ebf2c938b6bbcf1b436b452e4dc3367c52fda4ee783380b2136ef60a82

    SHA512

    f264c55d9734aee1503356b4207a9c8aa02353515988177fdcc0a5161f09b4f3504ecc38d7ae5d544d03ec33e8945538415a842a2be6b572e9ed4861ad551fef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    de8367d5dc782c71477612075a0d3e3a

    SHA1

    f8706179dd3d323b7206b130b28de52abef2b40c

    SHA256

    fa171ed8bb5c4e2e1073cdab2a428007e52d6281adfb8c8ad62def82f8779fae

    SHA512

    1de38ee58e2993957ec57f7ee3f0663af9047ecf5f8591973a18f12c633cdb9f3a58a4f7f9a2830d2d805a734ab46a8b71d2eee51b7425b6737682359f21fa38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    99cc822b226f66c52a84be95a26e5fa6

    SHA1

    a1901cc9bd5e1a4b45d65908badfbf1949338b5a

    SHA256

    8edb7ce62a9c46f78fdf60d735e9b51d604760ab3d1f52d11037301c4d15502d

    SHA512

    35807b17bb274611b3df812f22b2bf2850ab93887c5305d869a1264d41b44f237144a1a14b2972f6d50db1ff18bfe849a5208865d26c93548f78106881a1cfea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9aeab8c36a346bec109c9f50cdea88dc

    SHA1

    fcf8e65fb0116944462743421c0cfde54787e085

    SHA256

    4cce926d71233fb8c78c6a773630af2d3ea49dbe52e0476c47daf479ebb3811a

    SHA512

    4891469e8f1abb0a41a28599ec99f6c24642f6ff44244a038e4b366b839d336b1c74f42db55d4f56798ccdb52ca9202aea9759caf490ef27fa932f61d312366c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ebb07cc789c1bba19cfea7ef77addf27

    SHA1

    d88af7b77c38bc0af4ca19886e029d2ab3748950

    SHA256

    dce92f9d431e493d5e3be88810e88adaa2578034f7a9dbcc84bd67281d6ed451

    SHA512

    85a4cf1a42ac2034a4450c6475adf36a1840f3ae836ec7727fd401da150ad946d9cce9a7d3190d8dc24479d2308901aa50da73ab4af260ba45bc31560618b4d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f9f8110c3f66518f4750853a34711b26

    SHA1

    bd09b7ac8e8d54e1b1b1e4d96d23adfef4c1b875

    SHA256

    64850ea92135018b9ff9c3d1acc6447cdea480f4c53b358cc9d68e41c08dc1de

    SHA512

    fe79af44bc6f1b4c495816d80ad1508b67c01a39aedb2e0ea2f6030350f281e8adbc30c45285d0cbc7d17fbb8ceeede4b7d013d340165f0fcfd6704206ca0a59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ad04e339d74d71f08631c3a0ba796d94

    SHA1

    8fb4f916b85d1561a612a09079ae018dd5fc3c65

    SHA256

    d920b67b5d8127e0a8e0ee4bff2b9e5f0d27b79f40da378da869b0297991d73f

    SHA512

    69091dda66ea72cb8e6f2f110aadbaf4ea673b6ae922bca046b6f11fc70f664f8e1947c7b704d2a388b5bb533d2c16b80a9b17fbaec5beeade6fb250d9c6ddda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    06be0cdf90bd0ccbdba7033e38afacb6

    SHA1

    106a99254a8325075ab4fcae2168b7a1a5afd120

    SHA256

    4ec9742ebf3250e9468a563317804f07dfb404ed414a38c149ac9ae4b58bac88

    SHA512

    b42158cd615e23b5d1d196cc9194256f516847c6aa3ff33c99b34a4abeba6733aaac632d1ffa92509e18859c11d694f5348174e20d64769f5f8b22728c6ee0b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c2538a0635c75d6089fc0bf25191d8ff

    SHA1

    bf3494054d8593e1f4e71db480e5e7e8515aab07

    SHA256

    1d2bb68ddc3bc560c96d4d2d9196ae59ea5c7891d8333a6f9b539d49911051b1

    SHA512

    67e5d400a5860e41bcda8cdaac7e5e1b6cc4abc622b54e16b33d48a527ad36a760c41fdd41050945f6b46e28c536b2c54848b3fd504bcc94a0fe5b20a261188e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3561aae2f894d5954308880c3e029fd4

    SHA1

    dfe658073b4bc364f099ed945d5ac8c96211e4a0

    SHA256

    312121b7fea3ed30f1e4ecc17e5ba10701cc796ec6b81f3db3e3b1ec18a935fb

    SHA512

    507c64ba6c8718f395162ce487e38c809c892649ae1d2ee020a2fcaaf756fe8f4952c84c82fb2db3f4ada1c90111fa775c9a4bc711cf9f3a3a4e144331256cc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b87e659829a295231c8c9f24ecfbb2b4

    SHA1

    7fdbb38661a0d154d7adc5f0b7b845060c0fd6aa

    SHA256

    31bd0225fde3a3da51a57e5fad1f5b0ed327b597738e2f183dfcec49b49b7b59

    SHA512

    e7023c70561aa081aec6f9ff139121ed6d92003f48df96e485488e123c0f3aa3e9c1d33e888750a0f88942055281bb63195ef081dc85cb7bec57b217dc2e0543

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    821c040624365c96a910505c9ae7bfac

    SHA1

    c61f8ae65fabd8a513be6e80a67532743d872f49

    SHA256

    79722f0ebed6fb360de64825014d205721b05d187cc26af7fbaf79d447d93d2e

    SHA512

    90020b0e64f6caa4095264bce2d9666f2e7187b0d78ec795fb8f31a590b2a47f1315e26e27825a46ca5ea4c59b2a80307643f2125b9c9964ed5ffe2def8a260c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    51bc9cabd7d691ffa475f1aab3226bf0

    SHA1

    d8828f3d168c5382c2e6c179e077558651086087

    SHA256

    abb86683fcc81bd92cbaa5f41e0416ad3dfdae01dddbd140ef90a7ec8efa52a5

    SHA512

    c987158cc3f174325dc91b9d12618c2a250649dfccc934b04a23d36f5e083af6e87e7158ad51d2854e4bda23149da801762c2ca2da679a310e26ef61316a4a6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab428D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4361.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1176-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1176-8084-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download