Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29/05/2024, 14:22
General
-
Target
9gpan.exe
-
Size
1.6MB
-
MD5
4ab1764f657d113a8a5ce4ba1374f5cf
-
SHA1
8d087e7f19787daee69ec69347f77895a2079284
-
SHA256
5d838f8cb19dfc41737fee7718f4638da40c044c5f03fa4791e45cff6b707543
-
SHA512
1b13296934dcc6a32daa4bb86fb78499545c7b4e9082eaf06783308e69d77ceb4e7a19b738823a63ee7f317a916cb38dabe94ea91f9391fa15669073781736a0
-
SSDEEP
49152:hrQXuHTEgedDme7cG2NgiL2c9SAWK39P0KXZcN:hmuznq7cZNVL2cgQL
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9gpan.exe"C:\Users\Admin\AppData\Local\Temp\9gpan.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.9gpan.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
342B
MD5b5fc2d671d5b9e37dc49d37b302fa471
SHA195abd6100fff9261621474954409105b659edf72
SHA2560039300a3bae5eda4699d8284c7986522373fbc3ebffaf1caf8ef136435d9544
SHA512ef83bb931fd6d9d1133be1e640377a30afd43281ba7ce53b21d53231bdd47b4221bf257fd6085444bcabdebe2a62feab110dee9a5ca89290ce6c36f6bcfa8511
-
Filesize
342B
MD507babc7e48181e6fba20a399ede033ce
SHA172b1447b4727ebbb3e3a5cc5cfe5701d0850b1f8
SHA2564441dcac73e7b6247aa142ebdf30039d5249f833290b4c9ee49b788f2721d416
SHA512c431e67c2ad937493b80b19d5217d4f2d6a6f73be1641683b81bbd87139d5752200f0d0240e2501961840afd427e9236271a44cbf074014a6879f0c2d004c3cb
-
Filesize
342B
MD580e2de81f1aee26952f32f9d0e1b97d5
SHA1542d780f640aa110f872545586394a69bb9669f9
SHA2565daaa7a597ac41b4c0aa43090a06dace04737e0fea8d379a22525ba3c485cea8
SHA51268ea3b4eca56fcbcbbbb5c701af599cdafc1246a953d146bcd12b46e011915c65329386d4d755c4b502999ccab691ab89660145af1963ae989c750a266ca3fa5
-
Filesize
342B
MD5dcea7a37a1b5994072f0db0e7a7bc4aa
SHA143662ab29a97c35ac62a57ddb309d26f379fa8e0
SHA2561eb4857ff8f08972b60adc9db630f80ff85ea06380906a68f640e00700cc0f6d
SHA5128910ce38c6113831a23e2891794951a22c9c77cef25be967f3d27602f4160aa06a830f8d7a5b5a05d610943e3311e7602043d7d6b8e0a267e754c658c6c79a6f
-
Filesize
342B
MD5b33bb39561b4ce43053099f5e914e799
SHA1b9c23b80635e44d7bc5ad848e7406c11e12f07c8
SHA25663375565255513c3a7693595d6aa8dcb4e8ab7fc255daffb95fca38591dc119f
SHA51201ff39114b21004bd6a7d3ee1aeee7f220d1cf58e7d7ce55559c34aeed7dda4f1fc00459accc2a887ae9b4d1b9e2a8a3fc94655425b5dc67b816e35087a17012
-
Filesize
342B
MD5874eb71fd33683d08da425af152cbb3c
SHA145e1c6264e6456a44b6252d2b4facc5ce8382f01
SHA256097a70e5e4678c3da89188255da6ac4280c203625c51fe862b7363b4d25f18d2
SHA512176a081dbf6e0f4b3cb2da052d4a729f937b469e419a664dd2d5e639f0f15003ca1ff855c1ac53cc5ed7cf7721ae41c20fb7a9c566e8a0def99cd740fcbe4399
-
Filesize
342B
MD54ada3036d56bf7feb9f1b2982cc376fe
SHA12fe27eb4ea657be55b5bcc91d91e06a27b66e212
SHA25660a40daf784a11ba2498822bcdbdd0c863a376fc0d5458dd4ab23b2819d39694
SHA5122d511bd06d4a107b9600aaf0e04c257922b220721bf0e79326e5e149df0dc16b404283eb16cc444ba9264eba47b2b4a5cf19b6a504a11a98f11af6369dc54f5a
-
Filesize
342B
MD5c73e9bfc199a2c140db79f829c61442c
SHA1c4e1760099fdf0772a9c88262680d4a03cef5c14
SHA256962fb1fb20217361a59ddf039bef92df3bf2da352ebe38741dba769e8b0c4585
SHA5120bef9b30e449d20bd13674eaf47cb3a19123c12afe7fd2293a3c764c3df7b5e2b8730b978e848b21a27cf78eaad23dd117a188b3a12db2a8f2e275b0b8b076f9
-
Filesize
342B
MD5604c6c2478f1c325c5bb5ffc18df7276
SHA17078609f2d539fed61564471e33d0f540f5fa1cc
SHA256c8b2eca8c0f3556d4f0414916c378917d33dc995f1bb92df474fe2e938a6cf73
SHA5120311c8c528700b1c4562e2fe6b038174f95dc17dceff2f76f43e444fc36251d5c128a7baab4582adeccf7635ac4421f7ce8311e80cd613717258c4a21c5a151d
-
Filesize
342B
MD50b6320a22952f10c0e3d3bee4c6f632d
SHA16fdb065761cc289a6fe929f2cd93e52c6b3177dc
SHA25613da561b84c5d5bda60d28ad9f9968c4300a06ab7611d2fe26224da43fd7e3bb
SHA51268049c39797da824060e3beaea1a5b05f0c792bb5c6d4968fd2da1e43e2b2a1101f989ef1a73bb7235a7a82e067e080acc73578885c0053b4c3821b580d5c3b0
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
86KB
MD5114054313070472cd1a6d7d28f7c5002
SHA19a044986e6101df1a126035da7326a50c3fe9a23
SHA256e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1
SHA512a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522
-
Filesize
4KB
-
Filesize
4.3MB
-
Filesize
456KB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
248KB
-
Filesize
4.3MB
-
Filesize
64KB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB