Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

c27f426146...2a.exe

windows7-x64

8

c27f426146...2a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a.exe

  • Size

    1.8MB

  • MD5

    da94e3e12237250c17aed59f7b6e9e2a

  • SHA1

    13a1aac6ba264a53659b23e3f8824168f043b923

  • SHA256

    c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a

  • SHA512

    73560a004fd9fc8014288f5a3d3dfefb2c8f584fe2187c695efdbaa8b314dfd6526fdfa0a7c4da3fae3d18a6dc752fc5070d4ef0afb0047fbc184a75808c9d7c

  • SSDEEP

    24576:F3vLR2VhZBJ905EmMyPnQxhe4OLwvHYgUBoHyC/hR:F3dUZTHCLAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a.exe
    "C:\Users\Admin\AppData\Local\Temp\c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a.exe
      "C:\Users\Admin\AppData\Local\Temp\c27f426146b8e4db99c94e172b978a57d873c05954ed91b83a6e1af4e050702a.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2272
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76bb3ade9482d2fbfc2251254a797a47

    SHA1

    82ac51627aef2f03d71726a0402e6e8b3b1c00fd

    SHA256

    7d4b91c72c91fdfb583d9ce96e49f3f9209120f34251079015bb3463ef76a017

    SHA512

    a7d8f45e0c3ca17030be16009fd0490e2592204f5d7728f3c673ab4699473a3765d5b7c5e29d5e62d9fa374b88cb3092cd49797ea364bdf76257c04d3f0ae32d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51022d388c33ea0e96552c84443aacc0

    SHA1

    1a3a5d7b26e7a249826a115ad9d70c0bb34e1f18

    SHA256

    104ce512f28026aef17b02bb9626200d8056df3b2df0cf6907626b8ef13dc27a

    SHA512

    982f8b8f3b25a53ee0e70ff1482cdbc7a38ae77514d2e1774ecd930c27d1ef6fe48be8c0495f678c89624d3777a9423ea9691d49ea0be635af6d5da73c4598a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4187571f81695daadbcf515275d651ee

    SHA1

    313da3ed398469a6360fd5dbbd2f3386d1f275a8

    SHA256

    634f8d88cfbc6f07c821421af6dcb97612bf3c9f8efc5a05c1ecf6789ae9c9cb

    SHA512

    c3d5afb03b7a87558d3f927b039c6e5baa9e1a3218f43d162b339d294b7a8455ad0f8f950104e93764fb02030b695a5a3d37fd5db7157135e783a834963e5c0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f78ed2602033631931ccf207ac8a7cc3

    SHA1

    0366b8c41359b9cc4d1289fe7e34cec61baeafa4

    SHA256

    c5af6abe8a8a7e5336dea2669736c3b8108714af32ab7982c3db84e8952cba66

    SHA512

    b6ca8ca4395f493b091451ed5e0fe190f58ef7d59d6a4d3756ea96dc416fb6a403f03ecef5ed63df97b67117bc14c4867decfe5589c2464faec7fd8562161f36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    341aaf03b8a93fda58451d86d49153a5

    SHA1

    b913c1ed9c5911033b30096b13bb00c1919e28bd

    SHA256

    846c78ba9c27a965fcf67f4295159e48be150d7d8f4671387c58ecdca129ffbe

    SHA512

    12a2ee7ae5da221aca90a3b44888f556bc1a69f7ade9a994fc568966e3e4982757e4a4d09c62be9fa2875a42c2991a20ea250d27e199a383f16cda0213de1812

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02781b1cb008e44888a416c8030c31e4

    SHA1

    a68ae3600e045b780fb6a1120e34c0922287c3ae

    SHA256

    d562132893e57a009ce9fd0636132e757bc3ed284eb348739de8181ed67f1079

    SHA512

    f7124acf9cad87ba18e73efe6d435f294680a0a024903fb7b274baa7d286b1fd1ca7211c7b9617a4ed3a74859e1449c309aed2b24243742e805e1fc3f83d3943

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1fa8f9058da16f03696b765752c1969a

    SHA1

    0b30054e3d0f333fff089caf35a64b6ebe32698b

    SHA256

    9ba086894e98b0f2804c6d2555c783f8f453a992474e04b543fcaaa8af49db7f

    SHA512

    84d4637b844d5cb143fcc44254fd038ae91e4d1978ed36728a8057e624e339520bcd82a10c2556e09401fe1602dbcfce88ec58004e6004d836745b4acd2afd66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db2bbfa123e93238014fb4b964914569

    SHA1

    113246d72d2033a5e3c45a8ccc0776271c2bf866

    SHA256

    9ea23302f6752b81231a33ab138ab58e6712383eca9216f1bebc90b9be5f8aa4

    SHA512

    93b108a1f2dce2d980aae9dcb9037b38294c6961e4ce2a1798ef7200102b6914cf8f38d9d7e572b69b44d72f2d6c078213f5891e9e40840b951221a36e2ffd1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6041108744c887dadd1b009b0f29909a

    SHA1

    ccdc205ea2b86c26ef4446d11e58138b975449d6

    SHA256

    3a88320d6c7305cde79927e85b8488515381b01f4de700047b07c845fd40d72f

    SHA512

    30a7079e438bb16a9de3301a81bd2731a854a3af55e162596bd42ce334d76315f2c8697105ad107ca301eb091d074df18cd94687c2a69df39b557ace060c9de8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9628de8cf62c4d09d97b72adf347073

    SHA1

    c70673e952a371a1813f300541b3f4a1e13c043e

    SHA256

    39e9fc1ea9e0400f5ad15230174df5577300d25a7f6d3bc037b338f8628d71c8

    SHA512

    c822abfda818f4c5444a97b4f1587d49efb145a1b4761fd6a853d3966e92d734cc9a3c382639701262afd0865bbf9c9bd5d0bb5a53c46d5e37b976b0f0fecdae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b25b8fa79db6c5fd3567e83d95c3062a

    SHA1

    17cfff12c8508de9657bb106b2460f100fe64f31

    SHA256

    0258befe9fd846de00a5d9de0ef5ca54fc2caa71af07eb8d381f42220d78675b

    SHA512

    f9ba2b131185d9748ba7455400a40becdfb8a74829be7eefd0ef6816ffe496d53bbfd3d3cd2c1bf5eb7bf22ff48de92900f871fe29817316d1f85fdfebd4862b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03138b3af78f4eb75f22e7b37e77d9d9

    SHA1

    738d27f425544f033ebe82385a1044ab97e48210

    SHA256

    8172feb4b3e998521c184af0f659b300efd233f256c6b6fcb92107d1e4e83a6c

    SHA512

    c05d968794152ad60c24670bf837303a5bf76d32cf23ecd18e73d1de1d113421b5b16b5cee345f46b3ce56fe5562e855f8b3845717c561ef92b6720a43c83454

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb6bbbdecbdcf238a146f936472c0242

    SHA1

    708f385c35b8e8e4c0daf3da1dc077b496b92750

    SHA256

    e4796ebff89c1ee3a8653d8fc8795605a61af17ba5613a016990d53d1a21e031

    SHA512

    861e90e82d8e227d3a28729c03b6570cbfe54b62cce5aa0fa723aea1310563dca1f7ef6518c9a25c0fd3bebf32e26d5cde1a8f17cc985647278812157c368ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cf1cbc639ed7885d981a23ccf144f7f

    SHA1

    67e580606899d40473a9e1ea7af2da9262a03d6f

    SHA256

    d65190a7d17590212abf53429f3fc669561ff9067937a252c41ed28bee0ffdfd

    SHA512

    2097990f6e183cd457385b990c2dc3618250755267f5c69fcf5e812a6a25cf83b02fb40b156086cd52897f21e1a0662729561a8974c201959d4449db4af4bbf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4cc8b8df72df70e561068f0878a12251

    SHA1

    9fdcdb222db07a9677a4b9d63c4d8807f7b47d96

    SHA256

    26ccdffeeeee597a8be39baa86a97dd09481296cafb2d195412fccac8f06b3d5

    SHA512

    6f5c988f97b362f9215f78cd7345d845ff80fad3fe96cd2d20a88e1fa1564391cbd90a4ca4bfd7c6fd34e628ec7d765f2df826e872397267f8a50e3c13033625

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3a7c51170f3bb47499c8d9aa8f9f53f

    SHA1

    875c8cae4dcca3712dc5aa07f3d4a602d190ee77

    SHA256

    da7377efde1b52a25a13deb1663bd7876cebe564f875c755682833d5c1582707

    SHA512

    2d1d31dc8572baf37a9976ec5344778249ffe012209f69cea7dfb5c3be1b036a75a41436e94c21059f985f527cc5ecd5a297417795cde4246231e7ebaa922e5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f4ab6f3d5efc27e5c0448f85bd65207

    SHA1

    dfc9b8b6291670abd84778b32a2b850b47620e42

    SHA256

    26d0950316d3d5ff878086d543fc30c3618ed0ce46b02dcf1d06a058675d48d0

    SHA512

    ab55422df0b5307f1cf85f4fb50b83a8336a902ef12a8005f0e715c020bf5106f3492ef525e986c34f11e571375c073a8e0f2eb93ff1d9650c3d53c4ceb11365

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    321ca6882db301194d783657a1c7d99a

    SHA1

    f7560fd45393b1f85efd999ad252ca2bea2fd32f

    SHA256

    9d3c51b08093fb34d3cc3c8b40e1ac4327c07fbf98c702bf1bd4251010876264

    SHA512

    33a58c5fb1cce23af92b057b982f920a9027ff44294bb4dfa9be19b6759dccb9c0860541d9d5b4990da48a9588583a92b814248116ed0c34349c462764e33521

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd5ff805e3d5664d682d573475a4be1b

    SHA1

    90a4e3a3748c83133b4e010ba5e80d54035a0d75

    SHA256

    06fc6065a3408697fb4ac99bd8981cf18f49c857aa124a5788146752644f0c79

    SHA512

    a1d7af740f1323bee134622a72683dd0639738152cb2f6f9f58a4c7900c008ae1d488278e990fd3f9f763f22cd5a7ad6593b716aaa012fc8cf760219043f28ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab11DD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab12CB.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar12DF.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2516-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2516-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3028-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-2-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download