Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8d1dc96d8c...0N.exe

windows7-x64

7

8d1dc96d8c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d1dc96d8cfd8cff1c77455385109700N.exe

  • Size

    110KB

  • MD5

    8d1dc96d8cfd8cff1c77455385109700

  • SHA1

    143278d86536b009931e85949bec941e6b0ff227

  • SHA256

    8d80ea96d391c3e8b4a805c2c1f763aae182f6f3c68b72c1e1bd485265b4a136

  • SHA512

    0aed2ec4f8c7d6e2966d9aaa432ad1f3ce2b90bd4405171261253b519dc9c19f164fb2f1e200987bcdbb71e33e87d65c7821108e530d187603f3419ab074cf9a

  • SSDEEP

    3072:kMKau0t1+JXl6MGnDu60HOZqQwVyt0d+5Ov1c:kMyk6XIMGnDu/QEytwaOvW

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1192
      • C:\Users\Admin\AppData\Local\Temp\8d1dc96d8cfd8cff1c77455385109700N.exe
        "C:\Users\Admin\AppData\Local\Temp\8d1dc96d8cfd8cff1c77455385109700N.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1488
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2488
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2128
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2804
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\ALUD4DC.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2896
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 124
          3⤵
          • Program crash
          PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f70a457f17ce8ff348557d40bf4875be

      SHA1

      5d9be01811ef096adf077e005a0b091d5c5c3e49

      SHA256

      3541ecc76f5f1f8489731da956d7606d31c0f25fa9d0e8a98602aa101e246395

      SHA512

      3a74f11d20fa8d131b8e8d74868ab425a1e78898b89db1215ec82d47f527f4c7dbbef0379312ab392aef68ce79fb4484e7c6d1e55b3d47e77b42c19616e041f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93badbb9fc38a1304e584c5cb8755f68

      SHA1

      9c1ebd390a99d22f4b34338a1efe7fea8bc99fc5

      SHA256

      7cbdca6e509eb1d2c8b90816deda1147e1fd4028392eccf951a8df6104b411dd

      SHA512

      1421c437f40f88c3e9b65dcbe5d9f89c442bb0ef9445c50f55441942b2c6204eddff9433bbbf53944a62021388085a55cc8c8c7e2ee2d7a1a0ffb98de54e7bf4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      53c0264fc9d222f66a2f2f9028b44d7e

      SHA1

      b47f901b43da5b3b01de082e5e64f7100ffbef83

      SHA256

      6aa2d3e348336e3bd05f44f1d7bd4e04619154a55b42bfa0d46772ca2f93f9d7

      SHA512

      d0eed3cd39db29612f6190a42c22cd7e0ac04bb4dfdc6a93c7bdbff717c409f5e5f2b2a79431a803199e2adca0cb77ad71db4343388c72f8baec3f2ce4ad0407

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f8b8ffaf2b6c499aba7adda25b148256

      SHA1

      b0f3a95df75cc410efd32501052a029b3f4fa92f

      SHA256

      c7fb291261e9fd4d8c3f6585eff60872c19ddea05cdf2d0814f22bb49ba02f1a

      SHA512

      2e4643bcf46fcf03f1d190806c2767c61c0fece020b14836068beb4df160bbe6a6f724180018a9d7dc1113913fd5cb91abe5bc69576ce1da0db7c861a85ae49a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c1d3ac3772a72c44402b866ece6fea05

      SHA1

      b23d318726e669375b13ee00b12deafd4c5cdf55

      SHA256

      2970d15eb9393ea854934077f517dca42b09e0c13c22be9da64ec5933c57a4bf

      SHA512

      34f92a7bcb4039bef48179c31e1aaf61f62255b13b6c4189c630543dda6a4b308c7694e42482cd8856e0f82cc58f02f890fc4e72991df47c08e6322ffca0d602

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3ebdf465d8e40e6fb862907d1977ab7b

      SHA1

      2a3ebf968ea7729791f195668a560ce0e60df551

      SHA256

      b2765ef64e9b9319473977e5d0a12b426093a9f8ac4d8d109e31fa5d6549de62

      SHA512

      3da3fd6e8c333ba13faa163d30ab958f81f367cac799e061de6a133e63cd7939663029247f02f87ee074ffcf582bbaa950d215f2551a47c95b19b8d7e762ecc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ca9836f3fd7c3ec626c2c05b43810fb3

      SHA1

      43a363131429a4da9ca140491b8fc574733530cd

      SHA256

      5d4a7be278e9cb517a75b162ad8f7a3e4673761a686bcc4b7c90e494963a62c6

      SHA512

      648f7b741c89270616df981f2220aa744ada88132a784816071959a213afe960f5f5e60f131d4dc34849bf8481a33f10bd07240acef86d21f3aa9ef9a77d9358

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e76a851de678e03badc998fa69800e8

      SHA1

      afb1a968f4baa95235a0b7dc2d5b1b2cc9f234b9

      SHA256

      718ce6d5beea14698dc23d30b94973bb230064e94c3665100177fd58721c00a1

      SHA512

      8b266d70536d54169b00aa42b6f9fe603114a31afac883f1367434e9b065a876b6c4d5a3424782ee90c2f7aa8aa17cc0dff3d1abc1f2cbe665a27b47aa47d4c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb0683a0e0dc84b8512446e73f8cf5f9

      SHA1

      3a311a266fd1e40153100d5a9b0e98b05059ecad

      SHA256

      461241853de789a839d54ac07e73c9d55df61a818f60417c0b629b26d16e4d76

      SHA512

      bfc213c65af791d721e76a29bcd55ad616e8627725a340948885f1ff65d60c8fdc750f5eb3cafb8f0c568e2bfa9fe67fa2672c364298664accc306ee3cb318d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ALUD4DC.bat
      Filesize

      188B

      MD5

      330e4de3b2c87408ef0683b1cad8ab83

      SHA1

      c699ce2c2799a1ac425c697e681991f4d49d165e

      SHA256

      e01e53a77c55031c3d0c1c1a90907d5ef5a512118eb6d454ba09d4a06c3f3f9c

      SHA512

      0a8acc473ca6d0e1c2f6ad24bbe9ff8d4a334ba2e8a71782388ec26faa27fde1296c21557642b5fbf9b902a1ec31f0b7dc524dcd48953196f298d165b56e2b72

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabDF0B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarDFD9.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\SysWOW64\winjce32.rom
      Filesize

      62KB

      MD5

      909506f7b15b1153eccfccd063a5a26a

      SHA1

      fd4d2bd55c28b83be2a2da05c3e5d83d39aea614

      SHA256

      21b6351f2f1407315b223fad789088fd79cfc4aa6425ebbc9a0f010e4596596a

      SHA512

      e830d0330d9d585f78f16f152b5a9e0d25c38d319950dd3ca1dd3e4e5fe083f0d5736802d117b75910b3967388d92010a329e1d79f01b73c8a7fb4346b5aecd9

      Download Submit

    • memory/1192-25-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1192-22-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download