Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-05-28...il.exe

windows7-x64

3

2024-05-28...il.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-28_32501ec06dc9ccd7319c801639d56d8a_magniber_revil.exe

  • Size

    2.2MB

  • MD5

    32501ec06dc9ccd7319c801639d56d8a

  • SHA1

    ab39e31ed93ff11175cee4540a6fb069481ea9e4

  • SHA256

    bf2132034fe81c409b1cd0c9a0ca98afa6b06790917a979c76e840177b4cd03f

  • SHA512

    43230273da9e3b0961218e6ac59375d4b52fb8c0a1743978ffc7c1b97e5bede87247e7ba208cd733896401415e42a97c08b9a7456b7ba0363a485440ef57ad04

  • SSDEEP

    49152:tqm9/YkeGDw3D1WO6tHl8SPCBEUs0se5NGsT:tqmGkeG03r6H8ZBXs0s

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-28_32501ec06dc9ccd7319c801639d56d8a_magniber_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-28_32501ec06dc9ccd7319c801639d56d8a_magniber_revil.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://www.aceview.cc/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3792
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://www.aceview.cc/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2008
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    39f991f6e6aecffbe2db5dcecf1f226f

    SHA1

    b512ccfff1d83f102d75aa8f78df0c7051bd2df0

    SHA256

    6911a1c252519f8cb3db2a3eead8863ae288e14c699866b2bc580cfc0f3f42a7

    SHA512

    3d7954ad14d8361a0f9a5939c0b0290bb42fa32ac2da1a809d3985195347898f4f0b1d0c1e33d87a6d14d61c48fe3258d7820a0bece6723b0f6e18eb60307e71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    52f24053e3879baad5c394382b0da86c

    SHA1

    d8bb9c220f82dd1daf4bc50eabe2377e2ae0a6f0

    SHA256

    5c483653bc3182238d58f664f35700f7c79dbd679c5fb1cd7b38d231bb38189d

    SHA512

    a8fb6d94aeda81bb02697486b323b598e98ce5af5110de85b084c2cc0a482550482acade06b15c41c824696e9b7fc3e0f9bc0fc4298a9e934b26711db008b17c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE7A1.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1m6rheu\imagestore.dat
    Filesize

    16KB

    MD5

    80b4c36692b552fa1e21d01fef155955

    SHA1

    e5b0fc8fe6cac5d2d0c12407c6c24e388421960f

    SHA256

    3e17df3cfc77ba142c415c8adb5096249f617276dd9cdb78a7de2da947135a1f

    SHA512

    f11c85b3e2fb8e8e9ad1d28b1984515cdfb6c64130ddc3843a34067d11e330bce7d9e3cce2a4e965b8765a8a322171cf809c79d05d1a4504e06c0da1712eea93

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\favicon[1].ico
    Filesize

    16KB

    MD5

    be7cc2e19d6a6713553450d6b2b690b0

    SHA1

    d19bec86a7c8334779a7087b9bc392b81ab65419

    SHA256

    61faa3885a3a1b109970c1212ea3367db494841e82964df867c27415eaf341e8

    SHA512

    0b922115864f4b923bfe67e96ad404777638bcfde164bef88e04789f20de409bdbc4c4d40da6dbb607a741fc70cec2dbc42f65ee4530661b668dd7b2636a4665

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit