Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

HTTPDebuggerPro.msi

windows10-2004-x64

8

HTTPDebuggerPro.msi

windows11-21h2-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    24s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/08/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HTTPDebuggerPro.msi

  • Size

    10.4MB

  • MD5

    da7e08ef168ee4662ff1878202303a36

  • SHA1

    df3bc617162a0f5f5e854403f5dc1e00e093e498

  • SHA256

    ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69

  • SHA512

    bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974

  • SSDEEP

    196608:I0juQ6vXkAs3lJiZvWFsd0EMdPfR9kngqVepxvwyd+wNQ3jOPw8pJN6sR:I0jT6vXj2I+FifM5Bqcvvu3jgJN6sR

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 24 IoCs
  • Drops file in Windows directory 15 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 10 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 7 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\HTTPDebuggerPro.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4808
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DC3AEE1DF55A21568726D2738EFD5CAA C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
        "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:420
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2152
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding A3FBBA32E0DF05B95E7330CFC2D071D5
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2996
      • C:\Windows\syswow64\MsiExec.exe
        "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll"
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:3528
      • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
        "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe" /install
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4196
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4732
    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
      "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe"
      1⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57e60b.rbs
      Filesize

      13KB

      MD5

      cb00ca4a47752348f2ef239beb870028

      SHA1

      40cc28a3ff90405701e31bd9af8a2f93f26c6976

      SHA256

      a47c14e0ca557e1c488c5083612c4e825a455d92e1c5d8adc12910d8b26d56af

      SHA512

      10b15ad383d92ab81582920f5b4c5a6a5c1fdfb461548a01fb32c309822cfc662210f102ef4f7d6e4238aa21d0df143b34167a8474659d69e3584ba29ca225c1

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll
      Filesize

      575KB

      MD5

      4facbaab17f633d153a7b53fb483b22f

      SHA1

      9e0e7bfbe927b1a77133380a2f76531b9416962a

      SHA256

      c557b766a00fd4ba6950c08c6133c20e4dd800139a19d271d46d6feb31ebf870

      SHA512

      86cccef12998201c28c257204cdcfdd339ac5e65c5d6627ffa6e5d88f57bdd94812dd7f657bbd3b01b88679abe92343496be775f2d7ac1f3d59573a0b696d832

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
      Filesize

      1.5MB

      MD5

      5b3c641fd1b48108810cc12b1971ffc2

      SHA1

      0d38bdd2d0654391b4737db591f2f1e19a9d8a3f

      SHA256

      f6c8009319b95d3d94c8858d831563b2568f98dda478b6a784ba5a828374e7fb

      SHA512

      4c2888ad3632bcb9efe06fc15c65c7a0ff9f5382e272ff7402f00a701a8aa3a4d9e467630085dc47fb9735ded898e995af1e6259472f0f4954d77b55f2f8944a

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
      Filesize

      8.1MB

      MD5

      d6ab0e25b4f76ca11acb71eb290938d5

      SHA1

      0269f40ec4936edf9eed2b1065a631dd895776e4

      SHA256

      555b66eabf40ca228d6a285862e622b662a528ffb68aa01a3bb27b4132188de0

      SHA512

      5417a45ef64accfc7fc5b282c089b2046677f74249436ab4112ff5626cd6ffe5e9524012f093faf13eb108199a0c281ed5f5f7feef6a7db38ed1408d10e6039d

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll
      Filesize

      3.9MB

      MD5

      591dde57b17d9fcbdbc892cf1a7d3610

      SHA1

      1c2c32d101010165c471c6d5b01ef67c3224f6ff

      SHA256

      7d7d55ab604078e69070e2d162d77ee286e2faf748a52401a64f79824cb3b59d

      SHA512

      fc4bb5858a2b568c344a9b419176ed6e239e468c4eec9e76eba5a35c8bc97b5947bf1f7055544c5fd5b4d67d11e1ade5496057168b0fcf53afffc4595fb67bc6

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\cximagecrt.dll
      Filesize

      1023KB

      MD5

      a2fe19b6b766a12017c8be442ad0cef2

      SHA1

      9e5bed747e57e7c7141fabe3d9cb12c863d4b2f5

      SHA256

      35b71d192854edc95248f77deb824f034e903447319459aaf454269650fd51d3

      SHA512

      9969acf85432029810cd1eb2f7a65a3bc19d603749ecdcd2301645ad342bfc29d977c067a081a395afea4f9a5d199c982c4374d2fe6a2cedd9ff659af2101c7e

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sys
      Filesize

      97KB

      MD5

      947c624c4bd48f8c66fcd00fc0f947d4

      SHA1

      5266036308e0d0eb837cc3126dba5a0b6ec270fc

      SHA256

      2e89606775ed719b9d950ae9d37e819a2567426fbe5c3e0aad8d86fec693b67b

      SHA512

      2fd940253eb2c4f9da9ceb9516b811f28bd8187fb3d819a86f0ec37f98c30d0a9b510652b0f615fe15cdcec1bfeff435da7b42407bb29faf2b1d58ce13508fc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
      Filesize

      765B

      MD5

      01065a09c71d25c6c7602f826b45f3da

      SHA1

      4fb03bf1ca148a3717c108f00b40a7a9456a0216

      SHA256

      ad27a1045d9cf5a5fbf5dd3257c22eba09b13acfe3e59e9785e76fac904bdbb5

      SHA512

      fe5ca37a416965b28573cf7cba1d37aabee715c8d0f00fe4345191471c27f7831134be20e5dfa662005e2ed53c69052cdba812a82752684fa1dbc8655564a384

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
      Filesize

      638B

      MD5

      8a024a9e772de6cd991ee0ec49f70d87

      SHA1

      bcafcecf42175dd2f70f89e68d8fb42f8da6b10e

      SHA256

      9291d3ed7d1436ced91df4373b9cc1accc02f869d1bed24780f0ff8e8017659a

      SHA512

      8a1a5bb139dd94280024ed32478049230c3d92a342c070985cbcf7c7a061d2c6491a01fc370f2a31367200f2bd3be1ca575fb5605cc06a3e3b6d6811c5655285

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
      Filesize

      1KB

      MD5

      c118ce3b46def8ae281049aa1bdce687

      SHA1

      03a2ddd41d9cf5637f388970d995eefaf6e2b2a2

      SHA256

      f480be175b0c2b894f609dbf9d4defc789dd56bb81673d7168bb97e91396cf71

      SHA512

      51279b72b2f38950239218972fdd7549e9bc66325bf0aebb85feec909a01dafa2cf9c5ce789eaa9fbaf979b5f4a77899d41eafe4cd7166ec8d05bbf5c4fe73d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
      Filesize

      484B

      MD5

      d685ee3b2a9e2c9f4e7f7b65032e920c

      SHA1

      f30ee0720a78b92cd4b7276ef2c12937f043482e

      SHA256

      a7c72f1649fce848cb345a7b83f8e9b2c60ff5ad5d5090993f9e94d629f604f4

      SHA512

      02abd113f7077e2a0a61b23029c48544fbdef0383f6c6c887482b98bec361e50a394deee88bb9d8b15256da464a8d25a20acd49b899ab6dd4efa72dae433bf7e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
      Filesize

      496B

      MD5

      9d886d02d66d788f63deb608220acf18

      SHA1

      b152198c787ac2c8f4a48c0a8b9dc507a191ae88

      SHA256

      7e8f4374f10aca18fca32d159f58cdbd1bd5e86711ff886bf9d3f0eee4d7f270

      SHA512

      699be013a978d1feb86c48a66ab0deb9402b08c7894ee5f6473e0fa74ff98b28284482e04c9effafe04932af029ea6cfa14f3539b9f54b6706758cd0a478d50e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
      Filesize

      482B

      MD5

      268ec11dd8552a486b097df2a61b4111

      SHA1

      f6430ed03059c9793edf6c70c23600cebde18e52

      SHA256

      dd5a1d169d207d3db62a07304b7649adc6b654b3d707c0ef7150fd827392c831

      SHA512

      473b56aecea9ae73c2d5744e624df1844ef9f0bbd38a0d2e560df16d41372c208490df0dd00121220011e2b6883ef7a8c028ce44fda6b488348237f4d7aa19a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIAE51.tmp
      Filesize

      90KB

      MD5

      6a9c36332255fca66c688c75aa68e1de

      SHA1

      2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1

      SHA256

      7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170

      SHA512

      a638c48026f2a0b565b34d7d0dfacfec4f582e698f88234521a6fcff1ed90c134f39aa3311cca2a67e401de01f81cac01d9f792f189127e0f87a345076827627

      Download Submit

    • C:\Windows\Installer\e57e60a.msi
      Filesize

      10.4MB

      MD5

      da7e08ef168ee4662ff1878202303a36

      SHA1

      df3bc617162a0f5f5e854403f5dc1e00e093e498

      SHA256

      ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69

      SHA512

      bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      12.8MB

      MD5

      fa33d66feb147e2b78f0c0332c054622

      SHA1

      59b357b98b307c9f0de0d3972bd98c2c2dd62e95

      SHA256

      2111ae90771f38a54b87f4c9e9bc0500adeabeaf9b9df7e2ffa5f3cf9335ed07

      SHA512

      f6266368dd3c76304c3ec3b5f168572d0c3f5a3c646ddc5ccc3c529e1fbcd5e61eb4ecf36597af3f296295864d64441bd7345ea391d75f3fe5d46a48e1fe2137

      Download Submit

    • \??\Volume{6e183fb6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6ac28c79-d287-4cfe-a4fb-2ae464d7113c}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      3c88e1805f8ef0e1bceac718c335cd8f

      SHA1

      cad1e070262c3166497116748a93dc2051b8025e

      SHA256

      6b856b68c4236e9a1fe0c58e5f40c5cd6a5cd2bf92d92d4653c4798d03ca5d29

      SHA512

      9acd56a9cfdd9f1e82a3e1f761abd3b4bc01b5dc09ca42de616c31b2db5a6620d8bd6841ebe4548c568b3abfa4f27d406e91cf01174165ef92388e59459985e3

      Download Submit