Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

e360826a6e...36.exe

windows7-x64

7

e360826a6e...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 08:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e360826a6e76ce38b10b2ae922232dc9526b3fde9920b3ab29f26ad4a9bc6c36.exe

  • Size

    5.8MB

  • MD5

    a97e66ea7095597de7d9b788b4f73b3e

  • SHA1

    472b743afce38086cc082aa896c289a558559549

  • SHA256

    e360826a6e76ce38b10b2ae922232dc9526b3fde9920b3ab29f26ad4a9bc6c36

  • SHA512

    4aa27b38f08ecdad505907a3fe2fd10067e385fff1e0bc72b1cbf91950ebc64de8ca8858a49d72e91cc410597d898a94e6cb033d7e8ebe8e9286d97c35d11282

  • SSDEEP

    98304:Vw//0Kco6MkP7Cgb5ii3Svm+RiHh2eHvxznfwgai/YQyz3zJYxwNwiwA7ou:6X9gb5i+EYHkeHvxzb1yewNwiw6f

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e360826a6e76ce38b10b2ae922232dc9526b3fde9920b3ab29f26ad4a9bc6c36.exe
    "C:\Users\Admin\AppData\Local\Temp\e360826a6e76ce38b10b2ae922232dc9526b3fde9920b3ab29f26ad4a9bc6c36.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xz.weimaocm.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9b29afabc9f6276bd23e72a2ecfe147

    SHA1

    9db85d16423d3bdf60d62e5080af8c373e6af5a8

    SHA256

    071550e5ed561b5316944bc0f20c91f806be9e64ede4f253aa5102f320b1ed63

    SHA512

    c16b1df4c7e9fb16fe5efdce3b3495ff80766dbe1314fd537cc2246d90f95151cb551f1427974fe8435a849d1940e15a39c703e8039d10022edc8fcf3b3dac63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f78470ba07b7acd037b4239bf571b78f

    SHA1

    07f69c9c99fd66065f6dfef1c5a128442226cbbc

    SHA256

    d40bed77d8170987d7c645339e7a504c53bc67564d872f47ea9fc848fb31b4a0

    SHA512

    e59005ee3464dc2017fc514c6b7319285d2782b3ace4c0b983b40d047a159e2349d42dd64e3e78b0bde1174cf8482494911b8e44813c258f6959e9d63b2c068e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f488e7e2976afdafb89e5b38e112e3ea

    SHA1

    d6e29ed427b43c491060d9b6220157beaf531caa

    SHA256

    379a030c9e148b4d6982899a42aa1f4e9ab71f6653723571a393cbfe551fe3d5

    SHA512

    f8406f376892a3b1b7e44ff72fd40f00829b7aa9eae7e3f2ae15eccc140520eceb2a6ff59b8d80a29aa51659d82c0a8b5902bdb36f5860e91ac8d20eeda49be7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2509fbb6e67d88d7f1c00d0ae5c46877

    SHA1

    672fbb2323082b90c083bced2ef5a363f602e39f

    SHA256

    cfe8c169f340808f6e5ff99684ecc1ae72cc8121d8a6895fe5b620c0ef30c8a9

    SHA512

    31d69229cb2de92f3df435f526e8cdeb864a626c20998e1c7b9cbcc04dca567e22643fd2296f06b7d62250f4dfd2978914780a2123236d42220cac35d6248f82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3d949f77737e3f453a2c4d60bb48573

    SHA1

    635d41f2decb5d972acbbdb20a9d2281ca8747cd

    SHA256

    014c6c173206f7103099e692cec9ac89eaee8bb5c97d5a93da886f609ee4c760

    SHA512

    e56465d2db3f8db9f7c9259fa1f647acb5ed272abfa6329629eb8c1f694276516350ce7d0c6f8d883720be08bb5cfa2491fa574d958ba164000c1078f26e1b2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b04aa00dc4ea6b76db21ff896905fdb7

    SHA1

    1aca15c678f31df5767a4de147692a5a246da53e

    SHA256

    0bcef73ae374447fa4989ee5b74e56e2a901adc424452d5f98c15023084dfcff

    SHA512

    a20d2f79d13f92e36e4f7ea41d983ff764ac46212043bce6d3b6862c2703117e694fb5ac96cdbd81c4771cf3b1222283d6b69ac79d8f31741a777ed97561f501

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a83d9adeb9677cac81294a6e26cf0822

    SHA1

    18b1f4fead13f98d630bf394eb3142e98cfca3ec

    SHA256

    b91fabe0180164ec8088b7fa4a3792a81aa14dd4c21d7a348ef8e9a1739df859

    SHA512

    1ebd6ad3bbf37d5ef39e612d521fb37d6b96d5a23485e786dde8834daa1e3f088b7115ca2da06a459cfa4feff7bcd4bc6ebbffa3dd34ce8789c168bdb7efa7e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73d5655382352fbcb943c8083467259e

    SHA1

    f2d8c51d86d21c650aad497427040cb2a3998d07

    SHA256

    b2aa42433cb2efe828f8a8350355268fb3aebfb35bf07e32a5c4c19419369d87

    SHA512

    1f41a4c98bfe33b2df1e6c9577e90704199580b770cff933f6c9949a1b8a4cd87227b2399ac5c9dda29d35295ea1360bf96d92eb4f76ff289377a3551cae7799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48fd600620d8afbf1479236bc2afc9b8

    SHA1

    f4f93a36f6c05ede16332807392dd72f20679549

    SHA256

    1b2cf6c1c07868c98558594b6ad40519dc057c75edc1f617c815ead24ad987f8

    SHA512

    120e45749728188abedfc4fd5d61b16da029cd31d2ae93bf56c7ac16052fad0c8c9ef72da58092fa802be0c3a5221726267630d3d0a4448a30d8dfea8ef3e464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    358e3282ffd7d5d50a7e19c24faf1cbd

    SHA1

    f716b745cc83e60285f44d91acf6cc14251efe5f

    SHA256

    ed2d3e545c58c3e616ed79b93db9c4328e57517904b33bf8593e587254230693

    SHA512

    317a54e180342fab87776658b387c81775f1a20d512831bdd42037a95f79219d4b7e1ddee11fa823d176faf488760186654365c2ede047891ee4c074d60dd282

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d19d748b43d20d5d064120fb044afd55

    SHA1

    533623de1b57dedf5988fc718326a6146e7cb012

    SHA256

    dba52282100479d82ca732a3b643cc6e66b7163366a33f75e401df72500b2d5b

    SHA512

    32c8f0eca48b0bf10c99c855188ffa2a3ce88df41554a1251cddde6489012a5fc0ec8e621ce4c86a9de97e201fc4c197c1653effaba1beb8947608574ad1fcec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ad9f3356f6b9b602f125bcdfdee5fca

    SHA1

    901c4b84d71d769ee28c71c3d2f3895b6957bb4f

    SHA256

    3b997bfb539fe2b293aa1030ced80551f17b92005d63699b715c690ace68e959

    SHA512

    a9afa973e3d5cc8137c1237ccf3094bda7603892c278f6130cd92c4854c4c53dce8a74bc905902f75a9cc1ce97582eace2bbfc817cba66606d664dd57d35758f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75a5612b89cdd321e619ad94ac77331a

    SHA1

    88c9467c4b7a267906eb40002039f6c756f68c61

    SHA256

    1c7e67648911a178065bc10f762a562559ffcf5632c92c6a24e1c27077bb7bc9

    SHA512

    ed276875fbc54ac3120b665b327d9473bcb182ead3ecae7aa781afe9cfe71fe5ec906da36d3bbb0ef26cee1e80a6d16927286a489fa45ebaf4bf1f0e60621615

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab483A.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar488B.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2972-36-0x0000000000572000-0x00000000008B8000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2972-32-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-24-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-22-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-19-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-40-0x0000000000400000-0x0000000000E90000-memory.dmp

    Filesize

    10.6MB

    Download

  • memory/2972-41-0x0000000000400000-0x0000000000E90000-memory.dmp

    Filesize

    10.6MB

    Download

  • memory/2972-43-0x0000000000572000-0x00000000008B8000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2972-42-0x0000000000400000-0x0000000000E90000-memory.dmp

    Filesize

    10.6MB

    Download

  • memory/2972-29-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-30-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-27-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-34-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-39-0x0000000000400000-0x0000000000E90000-memory.dmp

    Filesize

    10.6MB

    Download

  • memory/2972-35-0x0000000000400000-0x0000000000E90000-memory.dmp

    Filesize

    10.6MB

    Download

  • memory/2972-0-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-17-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-12-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-9-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-7-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-5-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-4-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download