Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

5dc88129fb...d2.exe

windows7-x64

8

5dc88129fb...d2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2.exe

  • Size

    1.8MB

  • MD5

    853fb08be6cb395cf5f85f6dba1739ea

  • SHA1

    96b32ec0ea534a8255e9b56d7f10ae57f5405aaa

  • SHA256

    5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2

  • SHA512

    52551c3ad30f860db4790e98d03d473e242eb2c282872927c012c32d8bec0dadbb5b4d7ebcd898e1b6921c0ef16c8daa6f0b40597449be1ef5f3c874da258ea6

  • SSDEEP

    24576:F3vLR2VhZBJ905EmMyPnQxhe4yLwvHYgUBoHyC/hR:F3dUZTH2LAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2.exe
    "C:\Users\Admin\AppData\Local\Temp\5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2.exe
      "C:\Users\Admin\AppData\Local\Temp\5dc88129fbd0fe705e144f776405cf2fe32282f2c848fd90b48deb0bab9dead2.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d88f9e4c52af24c2aafdb2e4e54eaa9

    SHA1

    bbb8bef70e804a86de665a74a04c0e7e77b2a5aa

    SHA256

    e04d0c1e034a80dbdba78f91160691a17484524ebc5a5336f0bc82d8e54999ff

    SHA512

    4982ddb45089749d1ac7cad6a4d2612aaadb487ea9665f4adde483df7c3ccc03edf8a6b908ff419b19242f93e98431a78ebd6b4e88913c0a878cddba5020f988

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    401b5ed79344877aa174e396935d68a1

    SHA1

    f4c60a1fffc862c34efb130097dff9b7b8d6ba33

    SHA256

    d43b479c7f9cfb4b8d980f12436335a47c13c98e56593118df1dad6d1e2c51f7

    SHA512

    3a11409e54c6c00396526b4be528feb064c0cba837fdfb32caead838be1ff429ecda293773670af2ae2ceaf20ffbc26ee500343bd03987c5f9f8a59fed80abf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7358113576ccff8da0eb85c301d8037

    SHA1

    b673cde7a89dfb4f39c0c08690ac536bae069b76

    SHA256

    c4571457ac3445ab3bab6d45a61ce866f9e106eccd1a6a28110b9ca12eb46ff7

    SHA512

    9d40119376fb03580ad7efa5fcf954c1715e816bda0a5d74ac41ad010abf316d7c04113e449b2b9ed1c395ad48a8f3b4a611df9319cc260e40a99372099b9d90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85ed5d2e9e8dd42ba30e2b0434426b1e

    SHA1

    a70ffa7550d9b4fd95bc860d5fc22374203cf464

    SHA256

    90134056c2aad818df6de2eaf8534a9e75e5a4ca4a26f6d27e5af431e27b18fb

    SHA512

    c055240ac982de95b5885a72c046833f0991fb61ce7f1709bcc66f58e2ae97f616927d506b796fdecc1d2cbd856ff45f19db97e0cf49531e66e576b9bdadf7b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c46ac73b939d904eb7982f56d86b5a7

    SHA1

    a4fc82f1363ec9dda5cfb36aa6b3d68b8439fb04

    SHA256

    086dfd088ebe56a3f6887ffc25a604384b3002860409131905fdfd716c9e1e9a

    SHA512

    a815bc254d3569d28fd8dde631cada26a3ec1faa3d033e0b0b84afb17f14ffb6caad11875716e726de93748471f2479517f0eb3c04b547eb89bac4b9f17111c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43085ac1223daa18a106c237729d5dc9

    SHA1

    87572ebef0c96d484acee253e5e8594827642d99

    SHA256

    3d1be714ceaa4506ed3dc58778b916b9a4c2b19c66d9e5b224e1c6e2d0f26f80

    SHA512

    561d799dc0e338bb27d9a4f3e7306836dbd2d7b15e1cd3a5fa178d8e1d59a5e0b22543063c8ed38a1465f6166d2f6f78d9f44c79b420355e3302cf787bdebc3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    412f4cde5e6da71c9238ab679b2f291b

    SHA1

    d34112679c66462b417b52bd2d5c39bfd64f7d5b

    SHA256

    d5142eb6dc37e17d300ca4008178a4eec94a557697363ca0a4d67f3540a3ad67

    SHA512

    986455ba47b235f2613f178af10f3df180cd315832c4af9edd6d19026cef7182b14f77fd7b2200d6f605049946cb37a41ed497eb447d8cca9068dd971ad6c41f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d49a0a31d5807e5b159fe7f75298c856

    SHA1

    6282919a8809200e85edf29bad2f4a5bcd38c95f

    SHA256

    8a69ba8eea9b8bb0a71b6e7eb155402a34824fb30dd5e388db12d0d9099eb4bc

    SHA512

    9dabd7f4516bdbafca861a08a760e829fe67e7dab7e45d9c76e3aec644d0ad539a9ffc53e9f28344f20a7d2b6776efc1b257b66ba2b0613d4059c9867106cc77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2538103b6e667e7a5255d921a013ddcf

    SHA1

    9f55bc1f896d54da85c609811742833509652066

    SHA256

    6f5aeab0e760fdde045ae058d80b985554c0bd0dc482d3f4da8839a31c3c0f78

    SHA512

    11a4dbe06753cd24e40f50ee98162f97cb3f7cb7d244604e214dbbae537c46acb4f7fa3f3ac06045ed923d867b7adeba6d16c046b29efbbec751ccfae32f1d84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce9f789dcb4ed56a8fcbe531d9d5c324

    SHA1

    929ab5b77373ce15668f38442377164e827661b0

    SHA256

    8ca07e5d9f879136723b95e906ca715bcc804643ef3cea57ea8df1f6e34be34a

    SHA512

    b8e4a195dbb3135ba4b947298676a3896667a09e3ad82666a17b527cd35490dbe4cfa89c51f5821cb8ca637d9babfe06bfaab9e12214925b5d0ab755b978457e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4047af24e95415d314e38fca13d075ed

    SHA1

    3191f53d83c2bf4f1e815618c595e8abeb42cb20

    SHA256

    c77bd8caa1f99676cf7e8b65d39616d0596b0ae59b19af969265f8d2f2998058

    SHA512

    283526027d0e17aff27dbb34891c98c62c8405c3040a55427db7e829afc3136a29f7625f51a7f31fa269105bceb21677139af4baaee628a16a025f28ecda13ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73625bd50449a10457017aef6beff738

    SHA1

    b54f03d83b21b62a744a58993e24aeae5ed9fa71

    SHA256

    1138316cbf40bfa8672429b4fcf6a64eb07ee74739aef6c3c1a15d778620f9f8

    SHA512

    ad77d0ad8381265fd46c0f6a5f8000a9a38bcc9fb9c5f8b3d8d2ef276d9455f538a047c5dea672e770c46b447cb784f09a23cbfe995c20beb885fb8a67f9e8c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ea5043eeb3c58f74da2bc3dd06d0d27

    SHA1

    cbdf6e208dc8b0ae9493a4372bd34cb6202f786d

    SHA256

    9d8372033abc1e892738129d094ec58836249cb560f2b63927abec40735bb7d2

    SHA512

    4e2ab9f460f3d91a9510e96fa51ec7d037cc8bca726ea6f5b8a262a197d66729e802a96f8e7f442bbaee9a1a6dcb98ea950dcc5081da75c9fe34109a9164b7f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3f1bde2840a0af915abdeb6edff6601

    SHA1

    947e39bd84c120c94315d6eb71d5ab9f1ad386ee

    SHA256

    69c2f678fc7865191ec7993aa555771bb5fed1c360f5a97c157bbdef6089e4b7

    SHA512

    0001ea3e05ab195eff320fe0bc29427c88977be38a99fe7bad86bb52aaa85cd94ed2eea1231d8da9ce450ce7375057719144272029d78caca845e65b1e03913a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    255ba7e1ace70ff15a36a35bebb9b73c

    SHA1

    2e2db96be949a96deeeacd275df335bc8eaa5d9a

    SHA256

    a99e6874b3572b4d9cb712a302210c508337c97ec4c8f6fcd8a9fd158d5e7a94

    SHA512

    1e972c98c7051e1b709ba249ada7e6e4483831772f66acc7cb3d07186a3b4dc3def9c37657b713f48dfaa0e99caf393502b5d2a2f00e48f4163960bd3bedc99a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b4bf4ddebc34b802533599f02dda71a

    SHA1

    6935b8ace7a77c3b65dcd065e8073b91309bc033

    SHA256

    2a8cb3041f1304e06addcb220e996a920acf5b7e0b9f695e7291b8ee67cc05a8

    SHA512

    0036d39e01a0169f66bf521bd7f5b795090918f97ab2aaf34521328dba0205974c20dfe67d8040638504239e78be85d536967b8cfcae7ea4adaf55223be1873c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28350a9e3aac1f55639e5d0ad38c47c2

    SHA1

    09a2531553ca62fb5a292ab3f0d3ffd2103fe681

    SHA256

    95b885f6877ac6f56e40d3ce65f5050bd1b678e340f0240f8257073e999fe3da

    SHA512

    7d7f7eee6c6876a163c8e9effa50913ef609d80ae93edc2b1f8e3a4d9ac75605e1649dd8765bd2ee8fe28665d58df88c413c92c80ba978b85e66da34a64a74ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e80c3cf9130d27d3919114d1ae0f6b95

    SHA1

    a78477e0414a12de0fa841574f5ca6c1df50b999

    SHA256

    0628e9e24d1b7bdd2fbe62ff1f4dc9385431aa1bde9c1ee31b8961e1fea21e15

    SHA512

    d9752e1a5b8107f3354362523063f5804323fdfdb6895c53817035451baea2bb8b5b1b0170240c6155c642408a80fe70695b6e30f562fd4f7413a091d4c0e089

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab34E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar44F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1760-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1760-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1760-2-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download