Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

krampus.exe

windows7-x64

7

krampus.exe

windows10-2004-x64

7

krampus.exe

macos-10.15-amd64

4

Analysis

  • max time kernel
    128s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    krampus.exe

  • Size

    5.6MB

  • MD5

    e3f7cfc15aecea1f817fd9e1c91b2b33

  • SHA1

    4427bc42173e964762c4f003628502ec601d45c0

  • SHA256

    64706688105210a3c3d265aceb11475e38bc1f35ffcd72a8d38bacc0806653eb

  • SHA512

    ed233e15a3d3947feb95c388355d7a8b05a06b2c74997b80dba331facf991f57ae252976a2465bec74c13075d06fa5cdc1930ee8e87da830e6bd1821f8eb2733

  • SSDEEP

    98304:R4UGDPt5D8brm4+Bo4M4du9I0y1ZKnnyZhK9iYRiBSqXGijc/Elh:R4/PD8m4IAOsI0fyiwS/iYsh

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\krampus.exe
    "C:\Users\Admin\AppData\Local\Temp\krampus.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start https://krampus-three.vercel.app/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://krampus-three.vercel.app/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1096
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1404
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:1192967 /prefetch:2
          4⤵
            PID:1828
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1800
        • C:\Windows\system32\taskkill.exe
          taskkill /f /im HTTPDebuggerUI.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2944
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1216,i,9949926175785511248,12360656452513600799,131072 /prefetch:8
      1⤵
        PID:2464
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:2504

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5778fe9a8a61348d14474d20617a022b

          SHA1

          57ccc7b70c85664ab5eefb36035fa005367cbdba

          SHA256

          a90e591f9523b5c1af3b0eb9f9662bb01060428c623b3222b581ba3fe81fdac3

          SHA512

          e5ef53777970e121ced1af273e5cfdc9d5d34ca28b3333dc15633000f21c457675ee94df9d839aa66514007c67af9286dac540d64fb24c55842d570e13c1ae46

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          31aacc91c6c5dcca1b7d86e8b6441dd1

          SHA1

          91ac3fbc911f9a6a63ffb75260581491877769a0

          SHA256

          df28b8f4665f9a93d6cdb72e6e66e567997af2d656114ddf9473a1d7e555e636

          SHA512

          ef93578faa51581df6062b216a0c739e67d10cd9cc92a0626655fb1efef9e86b5ca143a5b0c1e388b17e4a22b7539ae50f9ad58be077115ee294d42c63fea407

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fd8bf2170d00285225ec43d3839254ba

          SHA1

          89938afef3f2f02bdb144d567dc1c89229c6c711

          SHA256

          81e3d8823fe3ba6e24e731626d22c397b8faad17c8b30ad7d76678067575db39

          SHA512

          e104228e766ff6975bf876a95b0e1fbca388baae84a5f22636b9d2722c57a3425b1bad7deaa3633d65ca73b04a096fc2f2a3384173af6cf13eb5fd521cb53fa4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          72dc7e69d5554e448b120960f0a41b99

          SHA1

          88703153607d87da370c647a35277f708aee3470

          SHA256

          30431be0f95c8e6d78ec6ff0cb77ace56dceafbe4991540346153704dc99e44c

          SHA512

          057ce5620ea5cb3bda61258a0df55656adb8c0f52a66fbae6928ee93676c1d553ec8a0f6874dcd4a45c7ccef87d6a65febce2855612f2626c39f3a8e81db6ee7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          608d737b4268c8e477713363d25ed7b5

          SHA1

          eaf525e28b6ad0ae1757d31660749a4213d79a61

          SHA256

          f5e34b1dfe27aeebc0cd36dd4efd2523e4789d7d05a61d5e934b56d2e0e81008

          SHA512

          2156ed3aeac22b07e9bf07a3c26dadef79d3cc7f615cc9f91269e47e67db7be604d05a6c4bd8815d8e9a61f9c12df8f13f2dd09ebb539f8dacd7efc387aae28c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8990af8b7d4bb4d9bab482eb1c60e258

          SHA1

          c156da08248f93ccd1b86bfaded503e5eedb2b6e

          SHA256

          4d4f5186eb0763a2bcb00ac980f25f0cf44d1932af5aab152ae65f71427c2e2f

          SHA512

          0553a47b48ff71f47ee0c21a83a95ce8324f242cce91cbc8d1dc05a69d8b3e50ee43ac13c10cd0d362bf1ee5e9cfe8af813cacaaed5d8f2b2233a245d85d4581

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9f98cc0151f641bb297cf8d22f5aac06

          SHA1

          a46f15f0f4708058c45a9a568389a2e8be48ae3e

          SHA256

          8c0f16a8c7d6da37358d53e97866188677d91c52788ed45016ef673bb66a1d6d

          SHA512

          048614b9644d77e3086f3c4fcb80354bb1e02b6b97ed036a8fa5bcf85a23a62e482d13f6d555a4a989d194c5333e8ec51c7863d4a233d68f0a71187a2f9f3d93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cd8c90c99255de07981d88dc2030e3d1

          SHA1

          8e5a3c5e6669d8d0c9c5080c6aaeb2c9fd06344d

          SHA256

          31dad5ae7597ab55e7d7f81162c4552412bb5baea5a877ecf884641282d8c57a

          SHA512

          a80c068db62a139ddb731b6d7d32239180460055005c22e0f5959445eb8ed34cfb4c35c6c956b5c385d14ec9edf8263acd3edfb2dff353bbdcfe48354bcb0c9d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          093c37a545f784bb1c84e62a000c19ed

          SHA1

          8e244ab28fd265221ede728a4b4ef1a9a62a84b6

          SHA256

          7c3f42331b08e47bfd2d50763169f694c8e07d2ea8721c65035e9caf775f7da2

          SHA512

          32468c7ae647b981ba32dd06b12f8e21f9343ff0f8079d5a043bc3ea82d5a4bd48be3d5864111d466a36538a19ae08443b68abb8be4094fec0cf0cf63ae2fcc7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab84DB.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar85B9.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~DF9D16C1E59C66F0F2.TMP
          Filesize

          16KB

          MD5

          75c508375283e9049b9105a0d9d6cf7f

          SHA1

          9ddfaf24369994718f87d4b78fa83f62f11975f8

          SHA256

          76fbd4021285eca82b4a36a2eed21d57e3327ade081bd5c9a8e98ca1e4a4c71d

          SHA512

          444adff7ac9f18d05e776e48e4a1db6b20f2d7113ade15100c20ef380afd2ae05ba56516cde608c80f6226e4dd0b00b5f3e8aee77e0149cbc13de4cf0e8cf125

          Download Submit

        • memory/108-15-0x0000000140000000-0x0000000140AF3000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/108-0-0x000000014022B000-0x0000000140562000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/108-39-0x000000014022B000-0x0000000140562000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/108-1-0x0000000077890000-0x0000000077892000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-3-0x0000000077890000-0x0000000077892000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-5-0x0000000077890000-0x0000000077892000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-6-0x00000000778A0000-0x00000000778A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-8-0x00000000778A0000-0x00000000778A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-10-0x00000000778A0000-0x00000000778A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/108-40-0x0000000140000000-0x0000000140AF3000-memory.dmp

          Filesize

          10.9MB

          Download

        • memory/2228-36-0x0000000001E70000-0x0000000001F70000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2228-37-0x0000000001E70000-0x0000000001F70000-memory.dmp

          Filesize

          1024KB

          Download