Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Krampus.rar

windows7-x64

3

Krampus.rar

windows10-2004-x64

3

krampus.exe

windows7-x64

7

krampus.exe

windows10-2004-x64

7

libcurl.dll

windows7-x64

1

libcurl.dll

windows10-2004-x64

1

scripts/In...eld.js

windows7-x64

3

scripts/In...eld.js

windows10-2004-x64

3

scripts/autosaved.lua

windows7-x64

3

scripts/autosaved.lua

windows10-2004-x64

3

scripts/be...pt.lua

windows7-x64

3

scripts/be...pt.lua

windows10-2004-x64

3

scripts/dark dex.js

windows7-x64

3

scripts/dark dex.js

windows10-2004-x64

3

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/..._2.txt

windows7-x64

1

workspace/..._2.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/....rbxlx

windows7-x64

3

workspace/....rbxlx

windows10-2004-x64

3

workspace/...87.txt

windows7-x64

1

workspace/...87.txt

windows10-2004-x64

1

workspace/....rbxlx

windows7-x64

3

workspace/....rbxlx

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    krampus.exe

  • Size

    5.6MB

  • MD5

    e3f7cfc15aecea1f817fd9e1c91b2b33

  • SHA1

    4427bc42173e964762c4f003628502ec601d45c0

  • SHA256

    64706688105210a3c3d265aceb11475e38bc1f35ffcd72a8d38bacc0806653eb

  • SHA512

    ed233e15a3d3947feb95c388355d7a8b05a06b2c74997b80dba331facf991f57ae252976a2465bec74c13075d06fa5cdc1930ee8e87da830e6bd1821f8eb2733

  • SSDEEP

    98304:R4UGDPt5D8brm4+Bo4M4du9I0y1ZKnnyZhK9iYRiBSqXGijc/Elh:R4/PD8m4IAOsI0fyiwS/iYsh

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\krampus.exe
    "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start https://krampus-three.vercel.app/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://krampus-three.vercel.app/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d539e36babbe9129be3665adb4fc3480

    SHA1

    aa382df3fe43de66f34c2e523aa3d40ee87c3a80

    SHA256

    d318fde6657021d3352954f6b61521ef3444c637db69980c371da603a6055c3b

    SHA512

    a4014f416a54762efcd0eceb6c710224bb0f108ddd330c54fa33920f3c9a210f66a52c62bafeb232590bc8cfddaef38d4fa7ebae2fbe76ebceb8c704cf6a7bb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7726a29dd6a7cadb2598e24939726af

    SHA1

    9b004ba96634760b66b470d1b3df7b4433dbcb1b

    SHA256

    125bd2ad99beb8f699fc636eee530817e0513b6b85972810d9b8d081d17db764

    SHA512

    4afc24cbe0cc5ef56b4a9db935a74a78898dd14ab9d4fbea6d684d5345e6d801692cac75b66032bad9908474787986cf84edbbc61ff99efd0afd819ab3943228

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9952bcd97ad8ceffb3d90c41eae958fd

    SHA1

    b6703b1ab45a1193b920ae224ccb3824241eba26

    SHA256

    ea96034ef843aba9c14978aa927e5ee99ec60a5fcc18c12cc82652dadcee304e

    SHA512

    9a7fe402d99b657cb5e179e4aa18f0136b5db0ad58a4d1fe2c6b9ddebab965bea7e0035212247e571dacaad9ec326bced80db4b02dfa4751317e08384af15a07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d93a1c69c8889328fcb49b85cf6293ad

    SHA1

    422b4354876efd144f65d084dadf8b8fe058fd40

    SHA256

    50b15413c4f06ea6f7a27481a83dcfa6f7049021237c26be277f715428e43657

    SHA512

    00bf499aac1c250b1fb8612fd26bfc287578991947b2fe9359ddfb93229dc1baa5a9d4ab1a300a0609e1d598250b5ddda223305b7d62816d7ccb7dd4d7d36757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c58ea924923b12b60155cf172922c4a

    SHA1

    fdd6b55f00126748cb9921588b123436271dbb2b

    SHA256

    efbca55bd503deb450a9f8c16b60fb07e04ce4b04550cc3a9c1bdb25451d8696

    SHA512

    3da425dd9be37855ae07b5a5299f49c4376bed13bc024577a2886b15ea7fa885deed7077cd058fc586395070bb44c3bb7724ac996619a0d343a7d8290679b4db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64a7597f324001772aafd165f31b7503

    SHA1

    8b193788811d35a243c11f21df7533a590859bf7

    SHA256

    8a72a3283c17b3da949b90323e943c22c7887737e76cd78b2f530ec1e4664254

    SHA512

    3318a8fa78d4a93923b222a13f06ae639fbddc27febbdcf1cf9b7c3215048490e5876827ff78051aad5433012d2c19a6519abceb79939b302c6e5fde5020fc17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4e5a1f7205818642f5cb8bfc72dec25

    SHA1

    5b374f15fa6849f7e647eb2420e139e9a4cf8305

    SHA256

    3ff1ce700290ece7738310dcf124fcd1c91a5188354262c08aeffdb3c6c4ae92

    SHA512

    667562f9b61baa257722b4f8e25f4e2b50f7c70c4b41e7291ec45175bafb76a80fdbbced6977d6d0953cb953ccc9529da3d363c4dcd3365bdc7f43c0240599af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3122567ab3688ae0708c9acc5495fbbd

    SHA1

    685b883c23ab9ce6285b22adcbec203fd5f117ea

    SHA256

    e6a77ab185b1a28036cff07697ceff94ead80aa46878a4a08480538c96b39cd3

    SHA512

    6914df0125340839f5863624bac7b700c02e9f8c9aa99d7ba1a96c29bf01ccb434aba58bbf4d776d77798816da30621da00e5939caf35c6854bb14b5db7f7ef4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e7e029a39050b20fde86c89ed5d485b

    SHA1

    d2d019da2f54a65aa1bfdda4bf9b368b418abd41

    SHA256

    5618c539042f9e0d52ffa949e2debaf5015f5e4d11412734c527e10c5e989b97

    SHA512

    ad1751e3df38dee7a35a2fe859b8cea4fb307e4394ca5959c818b72a6339eae40a813b75f1c6c3d35d55720d381bc7cb956f57811b8893c47ebec75944bd9618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a46b772ab5bca7320e1f2de769ce757

    SHA1

    efc41af54c58dd5cb211aea29d0eee16b5d289d9

    SHA256

    5e04a008c215ef7434e0fdb6f2a5ee33542dffb73233e9d4f859f9ed87b77184

    SHA512

    e350414aa1b4647508cc099c30e362b184d63a76ee6978eff81e165205c76adfedfb1f98ce275da50d24bedc6fffc1a14bddcc5849a9fd4ec6b28724cf786aa3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc93cbd076667de3de08ec7b89f88ab6

    SHA1

    b9a4ae24f9ab6b031200cb0e0ea9d964d3bc1d60

    SHA256

    ff6f90db96dfe9038380e4177a10a32c37996122e8b3a6d32b9bc9e40c7cacad

    SHA512

    8eec605835676a8fb2b49f72bdd0ae5fc0f8418df58dd278511ab346c891d2cd0882176e9d8bafe9affda5b4fa83f379e75d898adcf6279d01abdbe5844fdcbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8edc0fc7d2d72ba55b769f813553696b

    SHA1

    c37bf6639de140a284eb1b746acc0acd0183920a

    SHA256

    9dcdceadb919a889aa53164f3d8f80d775a7543f68b90e8b22c6346de407fd04

    SHA512

    14212839b4bb26cb3f0c32756a1d81ab23876c790a366cad236566524d3a4089fd2891c30e2a1ba64b0415d576d29584cb65e976be2cf2e397ba2352e89c2995

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcd376bf37d24a47d2b60f49f9bf76de

    SHA1

    45cce50a92bdbc1e645e08386ca3faf688d7ef49

    SHA256

    b5f447ef4c56e947992a35eec3de3e3901c1a09e880dea208d5e7381815bafd1

    SHA512

    83572949d4e3df283407c415cd286fa82e1ddbc5ae6e08a22dfcb072add82b7c53db9a2fbe34eebf23e2a0f654c6793e403ae6f3c225d7abe7df4f7790635881

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f58f96f345b1edadd3a7a57bf9eaa65

    SHA1

    c68d60ec1be05ab57a1bffece054cd5fe2dfa6cb

    SHA256

    75e3003ee75362f3c7613ebe1428cff70a6f98b81a1721285fbda6e9dbf52214

    SHA512

    5478f37838ad7c41fb94b991f8c78274db7e901c3aaa5e136f84725ea04a58f5b246528863ceafb8ddc5f277ba5ba83de984244a4a15a484d376bcd13e6e32ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2f69c773ce2f46d6d7d905f8bb5f245

    SHA1

    a4813b41c269dbd46c0bb1aa3a1b5c96fa9364d0

    SHA256

    f150d29b6d3f6146c69ddb90df6ab40c5a29e008aa5c788ac9edf923339bba3c

    SHA512

    f63a6b37f25d02229dc2dc53d0dcb519acc8476c790c5d4fcc4a3d8db49f1ebdae9b0ec49e50b12aea811169df7b7e2ba4229e7eec7b5700839726cc52e5ee87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e5d49d719b31f90691702ecf34eb360

    SHA1

    3cd0f30137925a3421b3a8b9a3bd4efd32131c89

    SHA256

    adf2eb49a77030b07d302ea01cf553cf6c515dfd17fae9d1847d1b838be451a0

    SHA512

    76641dd54ebe08a7a06347458e033cb683997134e76a881636a45c55f30ff62b82847537f8696b5e4db93b8bf9df50101dc304f1157b560ce41a583c5e558b62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80e33870e6ccc0e45329f7abbd9f6d3f

    SHA1

    e710c3acf2bb7fa709180de05355a75016cc8672

    SHA256

    7ef9970158566ebb84d091ab11c55880bd29e61a11a6e819457776610413c75a

    SHA512

    a27007bf0535252ed582859ff8bda981bead2997c82b629a18c82f36af0d4689395f33fd1a09a6382330a71fb6a99e4f6a1a78383546a90626cecf62e9318217

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36443281b6b9ac2fdbf01e00f40cfb8d

    SHA1

    011772043f256f7647011c6c35a25a2d6d8c27ca

    SHA256

    015a0dc5fb09acee4883297084f999887988a255c1c7a0289281ec82b944d488

    SHA512

    4cb00eb563aaa95f12b7df233e71be7c95000983ab9ef856bfd34eb42d859f534681a34ea324e4f9c3d2df683cf4cbb360910eda49b5bcf575dd145cd1ceb6ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8a27d5193c508b9ca11a002a3db8988

    SHA1

    fd00b0a52253d7671c452b6387a4c4939a16d693

    SHA256

    6e5af6c53d39fcde7600f5a112f7b7f3b270885dc78be57651cc9bf09893d530

    SHA512

    3a38b1e7ea0ad0794780bf88d4d20030b219f8fdb73b0341743ccf19c69be38697feb73591ca9135a1d6f7673efee3df4ae5d70cf81ea7067a6ba6c84dfa6787

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab62B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6CA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1792-11-0x0000000140000000-0x0000000140AF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/1792-1-0x0000000076F80000-0x0000000076F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-3-0x0000000076F80000-0x0000000076F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-0-0x000000014022B000-0x0000000140562000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1792-10-0x0000000076FA0000-0x0000000076FA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-8-0x0000000076FA0000-0x0000000076FA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-6-0x0000000076FA0000-0x0000000076FA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-5-0x0000000076F80000-0x0000000076F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-15-0x0000000140000000-0x0000000140AF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/1792-36-0x000000014022B000-0x0000000140562000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1792-37-0x0000000140000000-0x0000000140AF3000-memory.dmp

    Filesize

    10.9MB

    Download