Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

8d0ebca00f...f7.exe

windows7-x64

8

8d0ebca00f...f7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7.exe

  • Size

    10.0MB

  • MD5

    4b73f53d55a36d518162fc139c2893c2

  • SHA1

    6262f740dd1ce1bf2db221631aa03885cb1cdb19

  • SHA256

    8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7

  • SHA512

    e6a49b9ef265530e85ee7d2e632711ae312daaccf3d162baba80d46f824bd75d1872e0880a2192aae3449e4551924974a560c93dbd233693497bfceef3b59fa9

  • SSDEEP

    196608:pNXzAJV7gJUmDuwANtUA+NVRDPImrRz2k/IRrhBSEp3h2WfXAL2bBsj+E:TX7xyXp+NVmmrRSk/erSEpRVfwLAeSE

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7.exe
    "C:\Users\Admin\AppData\Local\Temp\8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://down.360safe.com/setupbeta.exe
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b35cb0d230d846c1b740dca3130fa680

    SHA1

    a71c79cd0b00947ea1b3d40677fc1b6c55b22e8f

    SHA256

    27a83d447bdae2e536de4581f0a2915ca4cfe07c2bff88cfbb14730eaa366ff4

    SHA512

    6ae5ae370985794402523954c026e4b0410c60f0812becc53b90564813d9b19315f7c38c14b65a710dbe46e357da009a5b7f8f4388ddec594b39e739dcd37ce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e459e751c55949c020030f99f72f87f1

    SHA1

    1e0a81ad9fae11ddf0f578114c9da6233bef3ffa

    SHA256

    63707667b7890d6b547087c315dbb7487c45bc4b5171e3afaa17e8352cbe692b

    SHA512

    0a48c07621f6e9244be35106bb3e8f4945ac8a11684c15a97b44f192e1abfcf9ccb81572f588ea439c4cfe37408cde2350b3c45e3b46fad465c1e9c07c1e25e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5d385434d01768a93e7ec07e7f08b8a

    SHA1

    a042bac083c38ad4877cf88013b330da2cff2e76

    SHA256

    1799c8e7a9fc0d90a332b1c58d149de7378ba0fc74dea4b3a4571be81815ab7a

    SHA512

    13bfaf2a8b04678ecfb10c9dfb7149ccf46702fb2ddd6664dabf25b9c50ac80a97cf04612fe5540a66a79fb33d144711f638542fe00175c51453393e09e2b251

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02d3a428894e03bc53a158b362ca9c0a

    SHA1

    be802d5af8036a9708ad548fd86a40bdcbb5b644

    SHA256

    61dc4e212177d1d28018969d33dd850aecea25ba09befa0bafcdf155ed6b5991

    SHA512

    18ccd7e0f95fe3d3919c16c1301f752071202683ef221451e97c7ff25e02c3a37e999e02cf4e1608c06468985641478b0f9f32efbc214e9faf90ad6da4f9b0a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9caa5a78b81a0a70f55e50f1137b1ea

    SHA1

    d835530449f39530c2dc5148909b2666aec57dc8

    SHA256

    4aa65e55b8627aa2d335cd936d4ca3fff21f8a401237108f3b1c7710c9de0526

    SHA512

    a63a99d866fafd23d1e6a57e065b2aa038d39db1cdc73a7c06ab3cdaef0abdf6e51a50864ece5b00ccc5d0f206b3ca84c9fd6113efbbeca0437383b290cc4944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80c616c21f2c302bc72b60d9b0451ba3

    SHA1

    81801b6c995293a142e978b0edda346b57799bb9

    SHA256

    3455b15e06e7dd376e6770a7d8d2e162a9443e26d799f5198ae03fcb0e3fee90

    SHA512

    21aaa528156d50c33b3ea8cdc54e231ca99fcd589d49330659193941a819212e0fbb4774b55ccf2cbb07e66ce6fe6edcaa1a679f03b6d317a9a19315107ad61b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3e6d5746805d9b15ce8db93e98dbe01

    SHA1

    cf3ea9c7111d94422852b36af4748d8ae5fcca01

    SHA256

    05d09d3c5ab15cad7a3322e67e2982c152f23b942435130138dd973f727026c6

    SHA512

    13e587cb3067f5e72841450738510b1b0caf6bbcb835fff8cd576998d4dca554fe8f48fb9c85f8e90b7749192e17dfdc2b8013d9eef9cc05d2dcc8d20f06587b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    822620ca8117996476e5b32e8168164a

    SHA1

    9355eee17e9aa36e1aa14bbf707945909ed174d4

    SHA256

    96840e4d8d4d515fd6eb788395f495aede4bd267dcbcbbf1f247560d6fb3ea17

    SHA512

    3f0bc9b530b21cb88ac054a4490e8fa76095226fd4302d35fb1fdb15b31cb632cb2bc20ab5cc7e9f1b35543153c964b872a51e07e707ff6e81c2ebde5de97921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9b93fcd5dcf336b21dbe4b9eee032aa

    SHA1

    0d6cddaed1eb3699573a3ca12aee987f461435d3

    SHA256

    f7c61f363b120c0272c2aa946263e98a912f931a3fcddad02dd7bcf13b145c64

    SHA512

    6bc426cf2b761195aef2b817baad1d0bac818e56227baa6d28cb131ff9235588efb60923585d51cff254e7a844b680652a4005a6bc3245c21acf766463fd6805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdbf0ad23db0c86cf97508cd7b56cfbc

    SHA1

    fc56e4ae4d67ffb353125ad9fdf7981457f05ad7

    SHA256

    a2773dc4008a3eaad394649bd80c58e4bb8f2efa3dc781e0ae0b2cea7fa6acd9

    SHA512

    2cbda35fa4c668d22be572159b507405438039177dcdc356f0edec592e16827780e6e3dc5d6eb6022f7cdb383f432fdfda96d6ab00915b284c04f97288c6a19c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59c68c26a77b52024d87e0e128dda93b

    SHA1

    1e8a899f66149ad91a901eb1b7f39a943ab709e8

    SHA256

    a53c9120335844c530b9a40f9bff95fbe3724f8771976d489ec00949d7715262

    SHA512

    5429042aa81595aaf04a2f89b27006c14fe292eb88e675f90af72d3ac7bb0e933486dc6b48f155acdf3173bc6f8d24d239de9096f711c05e19723c6c272c7dd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74607fdc471bfe6cc4c1f3611922994a

    SHA1

    610f2df24b75ef11204ffdbe35ceecfdf56f4553

    SHA256

    4164d83047bc1bf64aac6f1c674c52cbfc5096420cff3d2c6dcaba205eb41aae

    SHA512

    f6c86a9d3881bc69dc069b52c1a976e2ea83803bef39279cbdabf0632dc9200098a1d61e97eed2387dee731ebeea4e01fe96614c529317bf3d8f9e2dd620d2e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed0f3e6453ba129585dc8f58bb6b927e

    SHA1

    f903fed06f71878d74df21bd3739eb26fe874a75

    SHA256

    de71d2bb51d639f3ea7ceb6e4df03bb95e0b05e436272d54feb7e9755fca6260

    SHA512

    759681b75671bdc4fbf88b707756b0768fbd8991a20270a9823c996fcc6bcf2fa93ea7619e97c607643632e8afab9a0f9aedb5d48d8e1e738afcf04d043d12f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab80.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar130.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2204-2-0x0000000000A30000-0x0000000000A31000-memory.dmp

    Filesize

    4KB

    Download