Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
17/08/2024, 23:45
General
-
Target
633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e5.exe
-
Size
3.8MB
-
MD5
a6626b71acfb1b02c3701ff6d9488150
-
SHA1
470c0846b790506728c9dc4c5616e3cc79e7103d
-
SHA256
633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e5
-
SHA512
60d5ca672277bf55a648059fd6bdf75fd4c5f29b19795befc7ff7495dac1bdf0694b04c36c4adbdc1190b7bef9cf7734da803599829c890f035ab6a8bac8e735
-
SSDEEP
49152:1fs6Ds61AsNHyva6SRw62VBzCGPJ+kOWIFa2XWI1q+GUWI1q+GdWIbqqDpWIba2s:FswsUHysR+VB2GPJ+k6R+VB2GPJM
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e5.exe"C:\Users\Admin\AppData\Local\Temp\633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e5.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e52⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\msng.exe"C:\Windows\system32\msng.exe" fuckystart2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.OpenClose.ir3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.openclose.ir/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5b0854cf78bf1cf70c118963f3bad2d60
SHA1b66038b682956db59cda49020b12d74a7ab284de
SHA2567c770e1f253d29ad0463069e5b7d32c02087e6fce617a4be810ba65eaf6fa3c4
SHA512ac9fe0a3940865db4d8d610c92ab243507dcf1e92ea0150d745f49b4398e5a59ff6ef6a0d4a9c4e843d74c9e9a7d704974b84d2b5387efa073f7bc30964a933f
-
Filesize
342B
MD5fc4896368d88c788862149285bc24e40
SHA14ac6aaba27df817cdb1e13af6ce04bc03dfa9edd
SHA2561c9e0bfeb758ce0fb5b3c11295c6507695b12a6e4944c3793f0f2b5ca609114f
SHA5125afb494c3f2ae8e1c4e6807c5a40528f8a4189961be9c13d68a111aebeaca41821fbf1ba9b0db8d9a2688a9ef630ff67a1f91219b3442dfeca1d015198641ba6
-
Filesize
342B
MD59ad3927c95a63f8a7d3ffedb9bfef9f3
SHA17d46bedd308ff144fff691732cdf130df28466ea
SHA256669f8208e401525fa762305aceaf66d842612f4ec66e3f35a61a7d8904fe0578
SHA5127b0d51287bb1c7c301669eb41eab1a345205e0d3aa53072f8f7363c1f11ff95d6c6aadc985fe87a1ac3bda3d8297f4a3b0d7970c1c985e81bf6018f0003480cb
-
Filesize
342B
MD571e8d857dbbb6950c74031818a3cbd6f
SHA1c26de8624eb46a7aadf0582cdcb0532a174ee890
SHA2568776b448a3620ff5220a138cb5f51f3bd8e59227164cc799c11acf03c19a9af9
SHA5120609be0ea1abeb7a58bf0cfae6715ab253da51536a48deef1a61a3955fb743b6e12e4c93d046cb3d6b98a265117cb795c4f4a010f7c40acf10327d6711a3e6c6
-
Filesize
342B
MD57b87e67a4d65b3c3085f846b42d55836
SHA181bd5e3bd47dd076d6e5a40664c8a4a72a8d0448
SHA2560f1f5936fe0bb3abcd2e50dcbf031fa56266086b5292aa639aefbdd576a9d1c4
SHA512088ea83f79e8792a9cc06307f0bc7c5ab046b2f16eb574a84e77947596920b02b18c775d9964f070e58c70d3381a4f207f73a0a9a2ba251d17995a371cbc9375
-
Filesize
342B
MD58c1dce9ab9883fb423cff823102cfa00
SHA129424c54816ec4d5c01eacd33aaee70b6aab88c3
SHA25696e6e774dd7d001e30eb1f90dc401d6765b0010a09dc45103504534ee76b6c26
SHA512e93d5a283f66f85ad134b75356d95280b66688e883fa9e38f80b2b27653c5f9321a7da10a41a1535f0ec923d9899a1a924848521caa18c594f9d65ac7a52ad1f
-
Filesize
342B
MD58be90b8a9ad6e4b57a05da9ecf4ea8d6
SHA116692120fd1bf2b53b950925455304e5e68f251a
SHA2560c4f8dbf61454e1b0eedc055d3e7f6f9febbd045b51d286ab37c92fe17981849
SHA512d924d81b5d8906e90391d0e7ecfbea2fb896c57379e5af8526d005b6be55403d299c1455b7801da5ceeb51d08f7142a3a5e3f21e48c8428e5112994975385b75
-
Filesize
342B
MD574f6bedca95c9e17a286f429998b2ab1
SHA152da78454295e5a848a2ab0539d64593e1908bc1
SHA25688ef66d8c4969c2a1c5f4d3d8439c2b7315b85638256ce3bfbe255d0b6fd4f68
SHA51271e1620a042612f6d79e5b6b1e3c298bd232a57a6286682016b7a05462ab28a4fb2a75673e7d61a46034b18419aef0a30c73c52442df55397447bbf32d0251e0
-
Filesize
342B
MD5b53c942632cecc08c950e7ef5141a329
SHA1e9f3cff30b0666dd37738366d713484ec1a2e777
SHA2569f1738b59cdb71b8a3a5027da47db07639287273ccba44cf34203cf170af8671
SHA512aeec06646619138fe0842be65abc471a849cf62afb4ee1cdcb2eb0c5520f7e8e2ee0f3442957d1e4ee24e460e4b418f9e50898f26d526f227630914426ea7998
-
Filesize
342B
MD51a6de6bc86178534c8ad2ccbd8356619
SHA1a527bbde70e2abf018d70ddd9bdb6be194166c81
SHA256fd2d0c4d9ffbb633fec82d09fbaf8f5e0000ccd9816410633e28afaec100e14b
SHA5120d14446ad72b8d1b2d48fce6f2f4d459e3298722b39f609e6462d04ed720e1ae2486972230e34814f66bbfd86de567acf62d89aa6420a31395858c291cde10f1
-
Filesize
342B
MD5f58e218e9ee83af843c39708f284ed09
SHA1715526bbaa56d465bcc1dc36911911a2f47eda5a
SHA2569ea29a76d284fa85833dd8eb2887b747d62769366ddba187346a528599e62cb1
SHA5129f9a390525049124f057414e0ed40cb62443cb2eef49e7d36a18ac2990d51809da398db9aecca99eb63e6ca0a396dc89b8185779d35487a653e486cc1db37fbe
-
Filesize
342B
MD5d6d34d3f14bc62758871120d9cf754f2
SHA1658764df08f59118990a3e21c831bd579c7fdee5
SHA256263dcbe0c65c19e53e57f9ad4825705e3a6aaeef2e72b2da0a94855987ee22d7
SHA512c1233d5163801c968af6f433356fe7ed44c8a009f191f6da2a21b9ad9a22892b4fc41cbf050d44088c307a362d948efdf0f9c4b377b48d86409fe68963ebfa80
-
Filesize
342B
MD5935f1eb0cd427c9dfdbe0affc6d5a96a
SHA1475956e89a1ebd5db2d406d0ada38aeb996c5250
SHA256733b20b4f08a01ce09ca86f9f5b4b010b8f1b7bdcab20ad8fe18b31f093b9025
SHA512304b50a092b3df7bc5296b8be5be070d51edbd2d783bc34c38619638812d8f08e87b72948e3ff9b17fe94911daab1124df31b1d4358a97e59bbdb2cb6c44ae01
-
Filesize
342B
MD5c5a64d01f256115f664e226e011f3320
SHA13a917b14c5d19d57b008c8ade30f7fe03057f063
SHA256a2913b43593e2fcf1393ab2f92e176c96524b65014d5632b09c1507935e8b5c4
SHA51229ed25fb40b5c03721f88093fcc42c837212dc353fa72c9b1527a2dfbe9ec6b16aa356a45530a068e434343cac2cff5ad43a50809615890640b394d478bb7fd9
-
Filesize
342B
MD57a752508f187f040138f1544a8218504
SHA1de7c9b5feca77eda8638784fd10d6229c67b5d87
SHA256d067adb774701f09a617e5ac4ac053fa42499fb352b9e35b334f20e917bc8bc5
SHA512e49a092b32ffec111217997eab04b57bac69938ac1e6c231a09af314754bc4459407ae0829d2d99fc80342601aef05b26c35bde6063ca2f22334f230f10508c9
-
Filesize
342B
MD53ac8548a8ef1a9b709c3e501dc20c361
SHA110450a708200d975d48445c8e52ce48ad8fa96cc
SHA256fa702519ab345baa8984e9b558bf2982a6ae37f9b20e130d18f3d5f45caa3b56
SHA5128b41100ff924bec5bdddf6f55e1d008ef690c8e62fcefcab93d982c757676604b4df61dbada42fcfa01cf15297d2b5cdfd8bfeac9790ac06551b9bfce5a780c3
-
Filesize
342B
MD544f5c91f4430f9223ac3a237679e8ce2
SHA1585d27064cc92c5052cebfb59f425bf8a95baeda
SHA2560ef70876ccc7739114c28d43a90ff49f89c4cd92ed3eefced70f42665e8f9475
SHA512067244d23b78ea6ff69fec0a3ad31cec5a0548ddfb4fba1cc4fee85c37b8fba966804661b4485846c121f92b120048b3cad9880701f7680682edfcd4afbda38f
-
Filesize
342B
MD5d18e2b2eefa7b554a73eda14ac380d9e
SHA1df38c4740779eac927ff9b28be1ebef99654e39f
SHA25613a79035c9b433aaf64ee5ab911e56dff7873ca5b981b16c95b51661064ffa3b
SHA5128e90abec803fe7d476619c220ee9c4e014041e308612633d6f5f962209de54c95375fd9e63197b12f94c5a06f77df0a2f00465c2de3ac90a9ee8cf225450fe77
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3.8MB
MD5a6626b71acfb1b02c3701ff6d9488150
SHA1470c0846b790506728c9dc4c5616e3cc79e7103d
SHA256633a1bbf4b13bec3b54b3e838b14b75cd2b978bf44dc08567637d3d081e274e5
SHA51260d5ca672277bf55a648059fd6bdf75fd4c5f29b19795befc7ff7495dac1bdf0694b04c36c4adbdc1190b7bef9cf7734da803599829c890f035ab6a8bac8e735
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
100B
MD5e53f1a809fb6ae99b7620b7aa15d6ea6
SHA14424f8e6667ab0101a6ff5e2ff5c7243101b64f4
SHA25628a6e26ff1f6ea51e8f382bb2c9dc3982f1b56ea67f448e6d160979726481c8b
SHA5125ccf8e9074ca893e8e38adb4670afc88cbb720f9b9a3dc1ab4777e7fb4eedb2f6559d68ee9d8d47a692f2ecb42ea67139773649b24c54a4d62e50fee164d7974
-
Filesize
3.9MB
-
Filesize
3.9MB
-
Filesize
3.9MB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
3.9MB