Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 01:25
General
-
Target
5178fc4896049fc29c0c1d6cca080705263debcaf47077829f0d8c882959de83.exe
-
Size
54.0MB
-
MD5
8583a7539b74e8223d479f70c6b2de51
-
SHA1
b0c2427c0899c20b725b85dff1126a696c372857
-
SHA256
5178fc4896049fc29c0c1d6cca080705263debcaf47077829f0d8c882959de83
-
SHA512
2434db81b7356e1ded0b86d80b29fd87449225283f5d59313bb875107548b46d1c2513a92a0392cae0ec5aef01a135fd9c91fe7863df0634b0858bf85f7100dc
-
SSDEEP
98304:xDr5t+zSg6zFhQdQBFgtD75qFb0I+0PqkW:xvzTvQdQsD7sbS
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5178fc4896049fc29c0c1d6cca080705263debcaf47077829f0d8c882959de83.exe"C:\Users\Admin\AppData\Local\Temp\5178fc4896049fc29c0c1d6cca080705263debcaf47077829f0d8c882959de83.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeC:\Windows\explorer.exe C:\Users\Public\Music\EUEYEX2⤵
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Documents\1YHYHX\TASLogin.exe"C:\Users\Public\Documents\1YHYHX\TASLogin.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Documents\1YHYHX\TASLogin.exeC:\Users\Public\Documents\1YHYHX\TASLogin.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5d5665ef0cf8ed15e02bd4e049303a777
SHA1195783839058c0d56a1006b1f7b1fb90f3f690a2
SHA25639d0f4532cdf0c09fb7d9cd3467d13f210ee2a94c0592178ae685e43a5121cb3
SHA51208367dce50ff7264467648ae68a926c09e74a426d9d322472f10912988d2bc3eaa542f94655c98a4ffa31b3fdf319cfd71a2b16cbf12a7bc43aec080be511808
-
Filesize
2.0MB
MD549ca5d6fb817f9af89284dc0be61a1cf
SHA17b3d00869d8fb0266783250046ba0c11cf45ce18
SHA256072eafa9fb2840f6588abe7b6c992d89192609996da4579951de4a0f4afec6c0
SHA512ca1a3fb0f164e74d58ee190ba31a7bc6d8ef50c4ab63ed6f8ebcbd7df339a1de2aa6393eb694e288ab32b32668413331cf86d6ee0e06ecad1a838498bbf4946d
-
Filesize
567KB
MD5e6a3caccbd9ca82f38a14bd0d4428240
SHA163937051b04582255505261d512a80ab40513b5f
SHA256ca1f26619b4483f4bda6b4d352b58a9c4f30c2e985e62e761b7d6f3440922264
SHA51221fbc87528dbc6b0f4aee165d9b812595ad1d30af434c401f4bc86d8bd6a209da950523cf00e7ae5fb1676350cd299d96e0e7a0255e6ebf53aeb7e51dd5d133e
-
Filesize
317KB
MD5dba8607e46cceda5dd57916a6bd8c7c7
SHA1c99c80cb5d46035b05a7dedb6e7d22946ce2dd94
SHA2568b44645c0bec9179cbb8ffd027395127d81ecc3b3ac5271b29e5221bc88ce10f
SHA51276dedd75107e24dabf30893a720af642e49c513a5a1ec80d5c9cb1baed8c7f29023455cf3aa75a5f7de90b542dec6d13490a03d482755a8d301402e5914dd9af
-
Filesize
130KB
MD5ebe2802b6afa5a08bcd83f8d5202fbc6
SHA17018f7332d98781236c3abc10097dae7dd53bb1f
SHA256c074b60774ca11085dcd7f34772f2979769dd9ae38b0766fa7b829bb68d02a4a
SHA512fb6d29a5889d2335ad348dfb772f2aa0d34caef4d0955c2924ad1bb1207ed24a06555341ad206ff10a035600a4299c0429952d6fc1305aebf2c82054628d6ed3
-
Filesize
135B
MD5b5ec2ad8561202d74f282f4b28058c2a
SHA145f440fc68502c144aa9e3e6a6f2fea2570d4e48
SHA2563cea6a95da065b2eb4beb8072a40645e59b0043ba56e9c61b3805f2fcc91bab3
SHA512cfed75a993fcefc1a6ff695edfb7b3fd9989d0ac6162032e41c6e73033e52b48def1ee6cfca740df781d36d796de1007e7086378e1d863f37415471155a15555
-
Filesize
131B
MD5b1c8e18ef45bda95066699592f0282ee
SHA1d405c7049fc91f6a77f182a89b71485c8820b535
SHA2562001cac8eb1b98508b99aa64d6963ba70bfb804d93af4c93760baf9a1943b599
SHA5127426a11857966766af3ec54c29e44a3eb4d4fe6efd72735be4ec5d0cd5f5366ad08f861c0f3e1ea9d2041ad4e886f4a792020de824bc77f37df10915cb4f78ca
-
Filesize
940KB
-
Filesize
54.0MB
-
Filesize
54.0MB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
-
Filesize
588KB
