Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

668ef0cbbb...b3.exe

windows7-x64

7

668ef0cbbb...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    668ef0cbbba392e41123ff053035c5754b0106c7aa447d8be8462e1687af2ab3.exe

  • Size

    3.9MB

  • MD5

    198445ccfde3c7d3008fcdc4d0f4ea96

  • SHA1

    c28cbcd5d5a5c95d4e85664cde0b4272f98dcf1d

  • SHA256

    668ef0cbbba392e41123ff053035c5754b0106c7aa447d8be8462e1687af2ab3

  • SHA512

    35faa63ac38843e2532741406ca44275020d2b4d2ee8fea0a9a23399318e3f2022691b2be110d6e4b921599d76c2d3eb21d40849c01a4df595e40d9e4cd795a5

  • SSDEEP

    49152:IBJBZDwpx4hvBLbw/T6aFOcyZhEKkD4J5Q6cCVneVJRZY+NOvC250KUfn1Y7ZvKV:y/5wpa8T6aFZA4LCoJRNbD1YVuOnE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\668ef0cbbba392e41123ff053035c5754b0106c7aa447d8be8462e1687af2ab3.exe
    "C:\Users\Admin\AppData\Local\Temp\668ef0cbbba392e41123ff053035c5754b0106c7aa447d8be8462e1687af2ab3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\ComproviderintobrokerNet\NWVATf5YrTd8g96j7TYVg4ALh0T0CEgN16rZ6pCUCuA0.vbe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\ComproviderintobrokerNet\PDQ7LoGhnqrW1weWu8.bat" "
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\ComproviderintobrokerNet\HyperportwinSession.exe
          "C:\ComproviderintobrokerNet/HyperportwinSession.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2740
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UzxQkhZflt.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:548
            • C:\Windows\system32\chcp.com
              chcp 65001
              6⤵
                PID:1100
              • C:\Windows\system32\w32tm.exe
                w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                6⤵
                  PID:1520
                • C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\winlogon.exe
                  "C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\winlogon.exe"
                  6⤵
                  • Executes dropped EXE
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2668

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ComproviderintobrokerNet\HyperportwinSession.exe
        Filesize

        3.5MB

        MD5

        21e3c4d0fb2808d93061a24051b1cd1d

        SHA1

        7e9e8dcf0502aa11ff27312ad275bdc58f7ff840

        SHA256

        616b81d389a5914d515a375e2c1fcdcb2ddb8ac1e28c5d01c9a006b7ea458b27

        SHA512

        0853119735fc5e2fe4fac068bfbb52ad80457adcaefae179fbe4fd2a1c1bbe6589e61f881ec6bb9e42cd88b63b200883305c5a12702df72ec2102a81428399b6

        Download Submit

      • C:\ComproviderintobrokerNet\NWVATf5YrTd8g96j7TYVg4ALh0T0CEgN16rZ6pCUCuA0.vbe
        Filesize

        221B

        MD5

        d656a1b6958129671674c11c642c97ed

        SHA1

        000e73d933503c7fcccffbe8b53abb56db7fe32f

        SHA256

        9e156bb87dcd429b33b01284272931d40cadb5b084ea7999c820d9443b1a828b

        SHA512

        e40fda724d71820e11e9398ff15b9f97fd550344a6767009f6310534e09504d56b9206dd2abf81b65417282e8406e845e2857d887fe450346a023e01cce30ee7

        Download Submit

      • C:\ComproviderintobrokerNet\PDQ7LoGhnqrW1weWu8.bat
        Filesize

        100B

        MD5

        494988d014dee882cd6df819ea7a5c38

        SHA1

        543c33f979b255564b93b5965f4c783548bcaee5

        SHA256

        500780e72faf5d90928affb6cb2e285cfa9f9a025fb289243c3eb7ee7aac7c41

        SHA512

        fb732fb2ee57635635f85b72b2bffdea3e4c25aece684d20f575858adc22e3efc5146b4d866cdac6d0f0c23e02672d3eba0ab3b8637876e1cb2c6510b69450b7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\UzxQkhZflt.bat
        Filesize

        264B

        MD5

        33690cd3890d179054a284aa2187fc53

        SHA1

        dd02658a2b7726aac672802fd3cc207972400d27

        SHA256

        1520e5d36f18eb874e68cd5d10d2adf458b1a38e0b3ef3b2be44dba3df1e34b0

        SHA512

        8e41d71e7db8446a07219ecea4b057c6d6e10effe7fcc3147d1668868f5669ad88ad9985701c530b5f2ae0fdad35c35f4dd2dd9e69becc7b41876d600475d7a8

        Download Submit

      • memory/2668-75-0x00000000013A0000-0x0000000001732000-memory.dmp

        Filesize

        3.6MB

        Download

      • memory/2740-35-0x00000000023B0000-0x00000000023C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-39-0x0000000002430000-0x0000000002442000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2740-21-0x00000000007C0000-0x00000000007D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-23-0x00000000021F0000-0x0000000002208000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2740-25-0x0000000000800000-0x0000000000810000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-27-0x0000000000810000-0x0000000000820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-29-0x0000000000820000-0x000000000082E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-31-0x0000000002210000-0x000000000221E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-33-0x00000000023D0000-0x00000000023E2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2740-17-0x00000000007B0000-0x00000000007BE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-37-0x0000000002410000-0x0000000002426000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2740-19-0x00000000021D0000-0x00000000021EC000-memory.dmp

        Filesize

        112KB

        Download

      • memory/2740-41-0x00000000023C0000-0x00000000023CE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-43-0x00000000023F0000-0x0000000002400000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-45-0x0000000002400000-0x0000000002410000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-47-0x000000001AAD0000-0x000000001AB2A000-memory.dmp

        Filesize

        360KB

        Download

      • memory/2740-49-0x0000000002450000-0x000000000245E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-51-0x0000000002460000-0x0000000002470000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2740-55-0x0000000002520000-0x0000000002538000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2740-53-0x00000000024F0000-0x00000000024FE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2740-57-0x000000001B270000-0x000000001B2BE000-memory.dmp

        Filesize

        312KB

        Download

      • memory/2740-15-0x00000000007D0000-0x00000000007F6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2740-13-0x00000000003F0000-0x0000000000782000-memory.dmp

        Filesize

        3.6MB

        Download