Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e53c2f42d7...51.exe

windows7-x64

8

e53c2f42d7...51.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651.exe

  • Size

    1.8MB

  • MD5

    09f8786e67b013d415a5d0f5094fe912

  • SHA1

    634b1b41dc92f30dc2fcca2d3da33fc7fb10f29d

  • SHA256

    e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651

  • SHA512

    0af7d63c80bc964fe2725e7654c63a1385606c54fca72457ee099a4d8045a5e22565f0b2cf10036397f7defe3be60e91e823bb61464ce017023b39789432fd94

  • SSDEEP

    24576:j3vLR2VhZBJ905EmMyPnQxhe4/LwvHYgXkQJCtHYX6kDC/hR:j3dUZTHzLAlUQhK

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651.exe
    "C:\Users\Admin\AppData\Local\Temp\e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651.exe
      "C:\Users\Admin\AppData\Local\Temp\e53c2f42d7359f98b0827889379eae42aa32bb454e57cf12949f39364594b651.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    012008b7a71e0814a9ac86a4367fdf82

    SHA1

    f7da8ff7a4de40f476ffea152cfdd94b6063e18d

    SHA256

    a1b7a726e06729dbbf9f2adce2515a819be305c69278bd6279e6a0e318b000c5

    SHA512

    12235d95323a56922bc940bdb9007d633b110b366fb86aabadfdb2304cdd66b9553a11272e18cbfeb75a1f3874b8dc9691874ead07b5c0374b7e5f5cfdb7040b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    190e96e6be4d29b8f1ee190ce9bdc357

    SHA1

    2f9460ffcaa78508ee522d558d7509d90992ea59

    SHA256

    04bf9b6943048fbc6636d6d98bfa96e17e22a54269b3a1fd24033a0ffa3e53af

    SHA512

    fc444552733967acdd5c065e807d6e17d5158b90598363c62a8264bb9e0cb1c2aebdddab59e448cdbe6ab399276bab03c4a41bef56a5644af573fb7758179341

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    886e39da2c6c6787e9650613194aa4db

    SHA1

    6b8e00ae648f59c4c1253e3304d188a78b3a16ee

    SHA256

    c0f1e4bdbac9b05c3548dad7e0680897d07a4462886da0e46cc8972722882950

    SHA512

    1aa3972d33572658e6ed880e92201a1118177cf423010a42ec7918e9d21a6188d463acbcbf139208aa06da971ac8a7b484e02774d4fc557ef222fe04d4006600

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53f37c59eca46db7bfb5fd1c34b2ab61

    SHA1

    1cf621fb584c95b658ed0f7e6c64b077f1f67b2b

    SHA256

    758d65489caeefb563ee01b7e2a7eb707042db6f05da967911f32c3addc08e5b

    SHA512

    40b429a9e3b522339874e4d8681f749424286c4d66bd9d78e200c48b2d7416f33c164b2aec5e49d7008232ee4451e3f788316fea3ad8f862b09871a6598e8a28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9aac960993f0adf905d7263d57fe9f46

    SHA1

    d7fcadc92e9830ff500542fb4ce59936f86b0b06

    SHA256

    ad73e6c51146ddb2a45bc08357137cd29db61e5c565ad50be8b397527b1eb2d2

    SHA512

    404c30fe50b9327a8a92ec8cf6129a22e6827c101aa1822bc01ad7beb22817a3dbff1cbfbb8c3091541dea8d0011ac5bc81ac2b9a8a5c1266ede87c26921d0a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aeb256ceae6c89bdb11402c46d0672bd

    SHA1

    d0c1cafced08d08cb417ba90c5ce8135f267f91f

    SHA256

    47d99114d55694258d4a75cb44bc49b6d10890a73b6a9b9926ebb59fd9318ce1

    SHA512

    d2f884198527dc50c4f07d8776620c89c687483316086c14485f411a8470eaec6a372b62d4061e3d0da44448c314e5fe9dd25e00551aa376457823f668858a15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7826e8380c2f36aee2903287ba17689

    SHA1

    c4753c768516fd153ac63404accc57645dfc2a5e

    SHA256

    68ae05588170a67b6ed93ea7e7763318b9d22bbcc769b51a75cd29e0b93fcaad

    SHA512

    ca0dd91957ae11c65a69687275089213883d0d1863024269e33d660114b5bc8764248f434aa0189bf6c2a5c80d891739b94cdb6b06d8a6a4d47671e5d62068a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    304c42078ac8eb4565183fbe35e41f7f

    SHA1

    669dbad466e59e99e675ae24555e15c83fe95dc7

    SHA256

    70d06b82d4f27cdfdd8df3b79a25c39c75ca66e3c43a965e4972cd71c16cb429

    SHA512

    f7eed0e5335c3b5c330bbdf7858044901d6893e640695b60de155d2e9436d2752de4fbac38758604c503feeafba0d658f172ef8b51b19edb7cac1cb17e4904cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe3ab99019fcca83f3b0c9ef132d776a

    SHA1

    b555e018714da57bb211aedadd0029fce1e207fd

    SHA256

    f5fa90d7317e0badb9bd94073517b25040bf8ea2a15e9ab159d8d8bd8025ad02

    SHA512

    c01b1f75e5698db749e948dbc920c19d80592aa18644bd233f320afdb722a35a4da6f2089dd1f72b4bf4f28714197216c259d338a889156b0dacc44c61ee5ba6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    755c7b24b234dbc3957565b894adb280

    SHA1

    c4435a98adfd1646ee3813333f2696a25e302d97

    SHA256

    876f2a2bb197fa4a9fe43904790ad54430b5f7fe0f7802ad11fff38e73277ffe

    SHA512

    2fb1b3ee53a3ce4f5c933d312e639d9dbb8fcd22febe886fd2e7d67e4b7d6dccd7facabfb84ea4b32a253f5f23cb6e124a361eb7e5d6e4e0262df327e46dff14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0d8eba221198cdcaf8b982d34442d42

    SHA1

    be4ef2e976800c6d518c59d3eb657345a7c819ed

    SHA256

    8571f7466753b8e7ae5032f81540b6b16f59653fc4fbf9842e0510cb65c3d343

    SHA512

    5a29e98a0ce31f38b5b3efcd98f2b0089623b78b1cc8e0cdde77f7fa2236506cbb4d0a28e20716cddd694078dd3f7cc80b9f511cb41c1d13e7f4d01f7a0c1547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    683d714559dbfe6c15d6f7dbe62d3fe5

    SHA1

    0ce770f3b6bc692396911088b93d849762f8efb2

    SHA256

    89423dded19cc7e3fdea4b15f700d522020a87435bc0322bdd77de581f971e5b

    SHA512

    10d5798398233f1ef962e6194153178e2cee3ada97b42239161c570c8c1443446536909b71ef7fc25466070f90a1f5d5dc177044258db5b83cba065919fe9b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf1b5eca4abb4232102fbc4f68fc6df6

    SHA1

    8a6a5b5999c15f94ec73c216e2ddb719b0f4b135

    SHA256

    357090e8447e0a7a96b57c41af78d29cafb9e19696527f68c16727188ecb6f1f

    SHA512

    e36d4cbd470b48b82bf66711d1a170d59670e8a5e3229d9d1be771d97346bba533dbf1272713badd728cc15c7d8609a9112d8c10ae9b0b3ff5c45c16293d8352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc54e06e0ec8b3634fd01c3e027eaa94

    SHA1

    76b7dd074d06b67e4df0a8ee85e970efba8796d2

    SHA256

    20fe370ba21c7f9b21e94aab5c83d88463927c55b52998470f08180c64bbe65b

    SHA512

    9aebe1839752937370a3f503ce823a8a065919f397dee19dd715b3f0006e812dfb3de18e0d3131cf5d78ee0d4e6f513a67ad106bb2db409d7d8080165ec37045

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41b93818d52beca135a715f0a343f6c2

    SHA1

    2aad168ea542d40ad8f67d16fc29534875e83945

    SHA256

    80f4610aa16f4dfa73fd2e286547776582fc7099b1bfca3e6a9077ba41761c57

    SHA512

    c1b9df7fb1a194fdd2a27eb09d0dd32bf5032ffffd6eee53254bcaa09df88ad7e36d1d0af0e136c8ad1d04f7c4e6df570d285ba86cdce37a7ec4247462fc5d36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19ae21be1e789312ccac0c2c859ad3c8

    SHA1

    68d5f417576088859786a4fc0375d90cac22a9f6

    SHA256

    10e9f270c3ce98eb339a4592ec6278f3cf4040d99b25ebc0b8af38e4ca98fa45

    SHA512

    a689cada74f7574dbe0fd6481950959c67d1c9ffeb0cc997aae98e8b4689c77e500a525919277c724a44fb847823b89bd0d2d0b326ae64dab8863c3024665d8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3BB.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar40C.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1912-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1912-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1912-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3020-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-2-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download