Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

entry001/FILE0039.exe

windows7-x64

7

entry001/FILE0039.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    entry001/FILE0039.exe

  • Size

    1.5MB

  • MD5

    15aee466f47357a6f92385c57e050730

  • SHA1

    e42caaab64dda15a44c854c1733614c2a58fa371

  • SHA256

    ac0528667e7cf1e1bd877e66e1dc0451c3e830229baa5120bce7f7ce6e5bd921

  • SHA512

    1cf3936e3de41029335380606ca2fb1cf03f63fff09e6feead7cc2c2f142887d9fd66d728e62df4781bf723351ca00b7e060a003a386ccb307333d03b30f10a4

  • SSDEEP

    6144:6afsiuvAQ+tTm6cyERSiytj71cWE4jKS6vwnhB9Y5EwAQVAyhV:XCvAQ+q6ctRt636WfjO4hB9Y5EwAQV/

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe
        "C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe
          "C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe"
          3⤵
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:3052
          • C:\Program Files (x86)\win\msn.exe
            "C:\Program Files (x86)\win\msn.exe"
            4⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Modifies Internet Explorer settings
            PID:2912
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        2⤵
          PID:1628
        • C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe
          "C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039.exe"
          2⤵
            PID:1568
          • C:\Windows\system32\rundll32.exe
            "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039
            2⤵
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2328
            • C:\Windows\system32\NOTEPAD.EXE
              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\entry001\FILE0039
              3⤵
                PID:2896
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x468
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1076

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\PROGRA~2\MICROS~1\Office14\OIS.EXE
            Filesize

            274KB

            MD5

            d4175ecf76a11096cb294fa6646d2cf4

            SHA1

            5f70f8b12995dd8150fc0028d340ebfc4aaf3b36

            SHA256

            013e0ca66ede319ddbc81643517b44321f59936241d6c0b24f9032c3638457d7

            SHA512

            20d32e604e453bf0db4d0b7b83f65b44e05b354eb4dbeeaf651c12d5be2defcfe8a6ae74f8f474465a223c39bd739660b43eaeb5478ee5b6c5216d3bccc803a5

            Download Submit

          • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
            Filesize

            347KB

            MD5

            488d80821d4afd1d16aef6391f8f0837

            SHA1

            e4398378c0b260de239f9bc31fd95baa165fcf10

            SHA256

            67a8a006e3a70970bc19426ac0cdb8ce14c02f3c7fec27b6d7c84cb8e5e5da63

            SHA512

            44dec0abd3313728c51fc3c0ff04d0caadda9785df60d836e2d398c0c6409f5b7cbc5f45795127a2c24a154345ad63347a19893df151b5c25e891c75e69d8833

            Download Submit

          • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
            Filesize

            1.4MB

            MD5

            bff673bca03571321b3855e421394143

            SHA1

            5fb908baf835743470c98c90cf0c3cd2a1acf257

            SHA256

            a1572e7328b998037503ad8866fadef99221acd47f5a6d0c7a85764af641c5b6

            SHA512

            f6b68b03b64122be5ba11b330b505904612db5833aacf1a75baf9d66b6fc2c836e8c62c45323995423d0f789170d196f471fa2d5525e527d2f5e49490bc9c98b

            Download Submit

          • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
            Filesize

            14KB

            MD5

            0f0402e147098b8b4a4336219a563011

            SHA1

            f083df029f2620180d8514b25b17287efaafac16

            SHA256

            1c522e0ffe172ee5077bfb5691f8c41527b5c62231218929af9d86723b959104

            SHA512

            be68a4f9fe2822aeecdaf571e90903f4a6c83c78a2cd51cee1491abb23af764e4d7bbbd9d73a1647f46a94a5c686108ff8de54f3ecd741bf2a7420f39851829a

            Download Submit

          • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
            Filesize

            12KB

            MD5

            8156706568e77846b7bfbcc091c6ffeb

            SHA1

            792aa0db64f517520ee8f745bee71152532fe4d2

            SHA256

            5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

            SHA512

            8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

            Download Submit

          • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
            Filesize

            8KB

            MD5

            7757fe48a0974cb625e89012c92cc995

            SHA1

            e4684021f14053c3f9526070dc687ff125251162

            SHA256

            c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

            SHA512

            b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

            Download Submit

          • C:\Program Files\Mozilla Firefox\firefox.exe
            Filesize

            661KB

            MD5

            c421fb3139988f6fb07d81803f0fcc7e

            SHA1

            3da5d6246200b64d368ad05d6ca51594eb402b4d

            SHA256

            9f3daa020a2b65858fbb179d9a75bcd7a33400ccbaa54f0caf620a39d0da6818

            SHA512

            73e0a02546a46f1b8aaf170972551c5b4d8d57032a382fc40dd58461999c57629dc9ce487590bcff7576604d07b093f3a6c88cc13bb632729f3eb1392d7e2dfd

            Download Submit

          • C:\Program Files\VideoLAN\VLC\vlc.exe
            Filesize

            972KB

            MD5

            5a5d9199fbf70ce018f43c22d657f1b1

            SHA1

            ca0ced5af3bbff0aa268b215c29599e7d243c4a2

            SHA256

            f664fc8be71f93db3a8394479d270701fdd45a821800a4c50711c7638fc1a339

            SHA512

            71d342a5a47e388e185b2bc856b73cd87cd275b2d32004317e622e98778decf44cc1709005fef387e70585ce3bed271c03d5b283a2b38188e51f5f39c0c1fc14

            Download Submit

          • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
            Filesize

            451KB

            MD5

            a0fa9bf5ad6ee0885199e35a68b3663b

            SHA1

            aca0aae0c163a5da8382f3c0ea22c4fb6ea3532b

            SHA256

            bcd39d32e479ab9fb166095cfed1dfc6f5952d987266d639dd3e00707f87dd4c

            SHA512

            e23d4daf03f5ff078e1a7c80c77cdb7112050fd5ce7629edc5e4216a329e7e963c2948c5b9c29d3a1cac61bc89d3c0be7fa188a8fea29c8ed78a9568f6eb37af

            Download Submit

          • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
            Filesize

            640KB

            MD5

            b11d8fa18e6944eee313e36b1db12945

            SHA1

            341ded39f1878f20260972a3fc1156a84422b53f

            SHA256

            1a94d22f1348173f40bbd1a0400428af9c848c3a960449fde7d6a361791974de

            SHA512

            b8af640285be1c9688e1ff8e38bac82960532bacf35ee5535e84d0798fc8138b2f56d92654d6ef9e5ec9cd045391856fcd3504688272054855c11cc02c204c43

            Download Submit

          • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
            Filesize

            640KB

            MD5

            8650e446e7adf22fe1bd224a691bde4d

            SHA1

            049d53a11bd777df4e77e2c40102559a4e93ba1b

            SHA256

            e4102f09908ad97c6cad854c95ec030ec02a8af48a85f02c92c863cd1cbd7058

            SHA512

            ced19e775c216b62e8e3c7e745a06dbb5e56c2297f809aeb8b1229975303169aa86b2c26f71d8b0302d7a594928b8ff55477d9a05fa36e0b4dc55ed4b808cfdc

            Download Submit

          • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
            Filesize

            461KB

            MD5

            91f28cc6470fd30cc6b504d874c615b9

            SHA1

            d545e2003a02737b569a3c2443e09e51a191ecf7

            SHA256

            9ae7845df1381b158c6583d4b1a7cb3f0c38a28ba3f710038dc3497d7fe95638

            SHA512

            dee4687326b305fe24d67a39edce97ae01f6626f5b32d7ecdd3c8672ec0273c4f44bae7fadac315d0fffcc2b981d70970e145da3d9c4cbe7ec7765750279e60f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
            Filesize

            152KB

            MD5

            e3042ed68920a4791052ef5bfc9e1179

            SHA1

            b902c501d34e79e6f037b6a2eb261bacd9c28c34

            SHA256

            f0226fbd52267c844d582b60b966d15184fe1e3ce38805ce4c6d4e30ed47c639

            SHA512

            330a4ad4a6394b162ac87276924483addebb339842315bda9d433500d1016556ceff7ad0013ebc3c901c5e3ad1ebe5a13dd78a3a42792963392fbaf73d30c1fa

            Download Submit

          • C:\Windows\SysWOW64\runouce.exe
            Filesize

            10KB

            MD5

            509e21500da07d9c1e832e533189dd2d

            SHA1

            5faf5344512a99fa5f3c514c4f35092915994e2a

            SHA256

            fe2b959c370901d65eefb92e62e5af7d91e04cdafc5f3e18667256b0e316f013

            SHA512

            50dcd2df8678802ad182444cbf0674a58ebe4c8ff7796adc2e49c531cdd05c5940a3fffda6aecd77bab6c61125a3c0b8efdacc629f1fe9985166b137bd3332ad

            Download Submit

          • \Program Files (x86)\win\msn.exe
            Filesize

            1.5MB

            MD5

            15aee466f47357a6f92385c57e050730

            SHA1

            e42caaab64dda15a44c854c1733614c2a58fa371

            SHA256

            ac0528667e7cf1e1bd877e66e1dc0451c3e830229baa5120bce7f7ce6e5bd921

            SHA512

            1cf3936e3de41029335380606ca2fb1cf03f63fff09e6feead7cc2c2f142887d9fd66d728e62df4781bf723351ca00b7e060a003a386ccb307333d03b30f10a4

            Download Submit

          • memory/1208-17-0x0000000002210000-0x0000000002211000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1208-18-0x0000000002210000-0x0000000002211000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1568-909-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1568-925-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/2912-20-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/2912-490-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-0-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-1003-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-926-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-441-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-1-0x00000000021E0000-0x00000000023B5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-677-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-669-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-619-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-935-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-989-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-874-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3004-3-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3052-4-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3052-16-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3052-2-0x0000000000400000-0x00000000005D5000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3052-9-0x0000000002D40000-0x0000000002F15000-memory.dmp

            Filesize

            1.8MB

            Download