Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

977ec324d1...ae.exe

windows7-x64

8

977ec324d1...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae.exe

  • Size

    1.8MB

  • MD5

    0eab07398b3fc838778e4469cfecb625

  • SHA1

    8842ee46c3ff30b8d4a373fd91d326382e4b2b82

  • SHA256

    977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae

  • SHA512

    2c9d052e7111707d29a5f000b4ef0e920a7a457a1ad15077c79a2833ecb8952d5660e3094ad01e0142e9c81174c1e12a84cf415e73b6d0edc095c3f76603c1c5

  • SSDEEP

    24576:j3vLR2VhZBJ905EmMyPnQxhe42LwvHYgUBoHDC/hR:j3dUZTHqLAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae.exe
    "C:\Users\Admin\AppData\Local\Temp\977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae.exe
      "C:\Users\Admin\AppData\Local\Temp\977ec324d1fdc2c9c930d8eab34ff2161a305a0bc450c3a8421373c2ed4178ae.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2520
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa652304dfcc8a7da949e8743ccc0887

    SHA1

    c2802a70735941f3b05d7f138b486ab7925e47c6

    SHA256

    735afda4dbaad147f90e89e5c584ea90b6159f83297608a5b6d021eff4cefbf4

    SHA512

    ddb8325fdadc3ae5e31bfcca1f939de0098cae9a9f0eb72487a38ddfe3427ee2cf3a9c53e377ce9459161ea154858f7cc87125baac4c84e23df0439f12df2d5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e92e0ef2f9c892b4402deee77fd7add7

    SHA1

    f8101efdc3ef648f5e147a2acc4e527016368267

    SHA256

    036ca1396ed4469caba762397a276beefc8617733fb4fa1fd5b0a1ff844aef9d

    SHA512

    c3fc4cf3fdb0a8ce05c135fec6a63704296f98af1998cb1b7eb1ecfafd65e69fc73c7fcbdc79a87e14246e2cd0926664203f972bf69759f1f8dbad99cfa7341b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d2fec95b1074a3f86c46da926a92acd

    SHA1

    598968f89aa1d42d4cb19ea2a5707ec466b6f08f

    SHA256

    e0b16040ad131dcde1c0d4e5fbaf13620e4f96cd07068cf6a3e8a75fe8850322

    SHA512

    4a060be070ec62a9fda44a6c6b61db1b143eaf5de3054ec7f5fc2c138a2c13c9f554cb51ef5552f01bf1240c70c348271408a05e23874c288852fc9e74a7df44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a6d7294c58fdcae3ee31f779e6314c0

    SHA1

    50c75c93d028ab37017e0ebcf333e023251aa3b7

    SHA256

    c2dd576171fc1bd35f84f3e3d25da3f3c47b48da31f13bfd18d18ad965e29bc0

    SHA512

    1408aab887f10dbd0f3ef0008b89208656a7ca8d75a0a2c28f791ccf47000e12c59f8a4f2e8748c78ab3e7cf6c3288aa500d6e70beea128633cb509f47510043

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffc1d25d1708daf85fb26d9c348904b8

    SHA1

    98ea7c8ada355b7e27ecd26607bd2f8f5a3fa2e6

    SHA256

    d8c96398a980aa8936438d3c02cd4ce193f3a92dc554b2a64cf9482c248e3b3d

    SHA512

    1e4a720e8b09f755ccd29a8de4433a01c86adcf562710bc4091d392d3b4a61cb047b3f8ed6cf0b67746432b97bf7ce6945241b6907ccf734855e1aa07f2e73be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53ddc1070e00d84357d72f9c99475c59

    SHA1

    0d9fecb87d55a5d86a24202e65a6db2ea2d2f00f

    SHA256

    e1a87d9136654c47f4c2c0163b4bcc2939f2329e7e731317a4b9ab3d1eddc53f

    SHA512

    df4817f86d1fa740cadac56955e901028d65d92fa7a8dfa9e130ad4b71c34d73f3e85608bf424cd1ad3e8cb93e0f8152016a9af4e3211c39a66740a76a0f60c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58031fc74a5437f39fb4c84a8bc6d460

    SHA1

    04145c6aa8d6fa79db96f6d56f611d2975446925

    SHA256

    0609cad846dc3577371e18e32ea4c77db314abf94abe527253bddabf8bc59434

    SHA512

    3c5e4e808341b009fe82390936ac70472f5c1e80c237bb5c2429a7fcb691c9a40daf95475b91e560f6606b20775bb6b152101bf8e880b9819cfddcea94fbd89b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c85d50afb7e9c040b5eb8c9cacf2c3f1

    SHA1

    e18e216f3f5aceef9e81ab74148b826514ae197c

    SHA256

    bf0834fb07593aca61d355926ce6bb4ff9c257d581d227bbffe85d3ee7f54e16

    SHA512

    744994d2e7dc42f2c0fd21986a4b63d3dd6cc81a579ed81a777b191b5456bd2535916861a40524ee6d4fb8630fd8602bcf50e670d610edde6893916e026e4eb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2013c28bb5aede4da786aaeee126cf2

    SHA1

    725549d94148ef8dcb4a55f58eae6a5156cf9b81

    SHA256

    19529081a86e66f51fba97ae6e37cb23520e4fd0c327ff5e77e090eae7619aa9

    SHA512

    950a4ca5bd5807e57873222e27d39bfb1aa0297137e3b29268dbfaeb541eb481ca0c7015742187ef759603eaf33c46dcfd02b892c070a5c8d6245a8c2ba81be7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab35C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar41C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1936-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1936-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2316-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2316-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download