Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

afrsu.exe

windows7-x64

7

afrsu.exe

windows10-2004-x64

7

asf.exe

windows7-x64

7

asf.exe

windows10-2004-x64

7

asu.exe

windows7-x64

7

asu.exe

windows10-2004-x64

7

asuf.exe

windows7-x64

7

asuf.exe

windows10-2004-x64

7

frsu.exe

windows7-x64

7

frsu.exe

windows10-2004-x64

7

sf.exe

windows7-x64

7

sf.exe

windows10-2004-x64

7

su.exe

windows7-x64

7

su.exe

windows10-2004-x64

7

suf.exe

windows7-x64

7

suf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    su.exe

  • Size

    13KB

  • MD5

    a7baddaf16a50c6e47c61e7e887afee3

  • SHA1

    d52a9a92518fb839ba03d0ca9191ff4caab727c0

  • SHA256

    505bd330d28b2fb6235419c75effe296eb6531b888b9e33bc2200a04f4249a0b

  • SHA512

    e61703c2891dc6cad92ab947cb3854e1b46c8cf5bff5bc633a2792f82736caea1f852d6749e760a921504ed3b6b7b84786be32eaa6aac65961a0a12fd07788cf

  • SSDEEP

    192:LFV9doAxILsUHz3EyvypDa/en27LD/npmalr9ZCspE+TMwrRmK+vhOrXG0l:1+AxILTHz09Ar7H/peeM4mcBl

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\su.exe
    "C:\Users\Admin\AppData\Local\Temp\su.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin//advert/getads?did=433
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c452d74d4d2488347d340cfdeda394b

    SHA1

    07c7ed3edf9aec81eb69440c665c5f19e3ed8029

    SHA256

    2780e83fd29ca05f88a9fa8caca5ad654959f8e5b6970731259f715958e59699

    SHA512

    3b62eec0701d8bde1ced797940f66f182c7bfab2ba8e40e999c96b03ef04ae638ec4e9dd09d3ee7a777fc599905cf7a4ced85765045bff4bb8897f64a1e4468e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ba88d6afea9ba65c039db672cf537f1

    SHA1

    d1f34c126a81b07d6e39c0f80a6947b20f583f84

    SHA256

    0ea5da20f32efd5a739d78f48bb41230b9a4e371d8973aa78e952c0d828636e7

    SHA512

    152fda45009d40044788c45998e77a244bf8209b9f795a57ae6ce31d83e8145af779250d0bffb686fee2aac668a6e4d94b201728c90c75cbcf408da935de6b00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0280bc1613fbf7957cf2b5f5991b95a7

    SHA1

    b4e8ab0fdcb56a5ad6db8f67c467d3c8cbd7425d

    SHA256

    10689652e6c33afb0fac0205da48433eaa7fe8f4635512ad27e84a8a5837aaf4

    SHA512

    8ae4e0608b385ac663ceac36cd2717bb06ffff7fe024339cd578045e5edf8a8df6d86857dcc4bf4e9ea8e1d649a9baffc18e766ca3843ea97003c10b6ca29ef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba31e0e8e88069344f725174861757a0

    SHA1

    eb231dfa10cf7ca611c2b311f7c7659f3db76e9b

    SHA256

    5c8e6ba8125d73cd2d3ed1268371639276829e5062c1c049950fa1b7b5659277

    SHA512

    4e535dc713d26855ebc4fd586f5cba3d9a4b4d90dad867928f59b096ec18ca0a1b87c37ef35707af79eac3d1e9f06fc9c7a7b23a2adc92648dd61c6eac2c3ab6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25c94d8d81ef652a777b34f3842260cd

    SHA1

    aaf2af02dd87d3479f81caf51df4c105946b3302

    SHA256

    e9d5bb847496d1d111f8cdcceab9afe06258f5ab73a7a264bf143c53ace01417

    SHA512

    68fe91f20de259cf038f6d6ace1cf5d0e0618a6411dcb5bad3e66e5947fcac9c442a47c814a9cc0195c55fd6ea695754ce93e2e6d1d5845b6144f53f83543bb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    528fc943e41b8ba4ddd26b1895b457f7

    SHA1

    1a16123d18aeee5a66445dcec75d08574dac5981

    SHA256

    556352d096ef6f90b4680be54cee2ee58fa6a37a6f6e9827c50cf71729fdfd27

    SHA512

    c1a7d08ee9e15b803580ba03debd3a640a7cc854dbbb0923b9c9319078139d5be453b212d80b739d144c0bd7ede9f28eb499da69a10d5946fba09c3967ad7221

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46da64c06a49168bfabe41e1208ec767

    SHA1

    7dbde094f748dc7887b10d7202699307f48d66f2

    SHA256

    5d3bf7522b7f3e2f3832d6dec38fd7fe40fdfac523a4c72250170fb32af35c8c

    SHA512

    cdc08cf9e70603583a80f0e3d9dc6c8454dfd149d6d7f89271519062c786ac7f598a04676b4fe773c3e99b8261cee21b2f047e75dedc0fdd5b2e512a9d839e46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ba92b0e06a5cc58452112db8ddad166

    SHA1

    b0f890ec4ab14f9ec91d8969e5c8afd088aef6bb

    SHA256

    e16ed87f2e42204d0b95c1781d70eaebf5f84cdd720d1a968e52c021008b5be2

    SHA512

    6cf48d6e2b9fbabab5df61d0fa480d411f17123e69c93f5d0efc9503c91c10f83570dc90e1c960ea99ac001a16b4e26b231cfbb73d36ad246a9e30c825c2d92c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    071d50dbc9eff3638212cf9196000f61

    SHA1

    0e2d622810934726f074943bfdf3938ecd6fc4c0

    SHA256

    3f5ee0f1e11b15395e5568021acdbcee849790fe1878e875732581b7a1688ebf

    SHA512

    dbbbf6ed6f9e930ee3bfc6ca4a115a146d462d9bb62148ac782e6faca5f0159bb22a07d5fe649a357670888dd9544950cd328fc6a010a3ad979cb7ee5b9dfcb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc4b73a3bf5815ace09cebda21e81c4b

    SHA1

    2144dec1864c6a2fdaa6dea434497975b7424324

    SHA256

    81969ba700d0f7cc22b1d0378ef6c55b7689c2c123272a65a824621296dfdefd

    SHA512

    654cd816f5f7873e73363f60ad04a5c57ef2631c166b281d155caf1f986933e4833a7210f211cf38710565dbee0a39b379027d398fc5926f9186da91c1e01b5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20b9d51db62434896fa5ed1f1faeff7d

    SHA1

    68b9bae1dbe7aa7fed1ed091efbac452335b269c

    SHA256

    4a9b61db209cfe91cced1be8e0dbf568441f9ad8e1f24f9cbcd97e6a8dacb00a

    SHA512

    2d8b56cecd59090e6ca982759cf269514aa3afb00a0406b34db5e18f3794e11a49e28d133e34a88e9815e1aee1115c0803e485c554e048fe195d255386f897ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c04849f98d5de0c7c7f41f57a35a2e6

    SHA1

    5a4f4110972a59a50533546ea7ece54765f320c5

    SHA256

    94797be1b66c2eaad3103a7d89ae345e61ca468d088f1b89a4f0232ce90a0b7b

    SHA512

    cbf06b19f64fcbb2955ab4e4c3f3f0010ad79d5d138752409e1425d6998df0f8baf891b2cc272469928b4f86d9f9d2eb7ed6ce7cd40d0e212c42a34996299fd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d34b4fbb53f84744b7371c27909d466d

    SHA1

    c3008b9b81c2632a07cce21d1611866387c748ad

    SHA256

    d310c1ccee8033bc0be5434046ea9fa62b03e573a40020e1ccc4a1591963aaf9

    SHA512

    b0bac547f14c39a393229dc9226c721bad713766ec97870d3b99cc396ff789c06387b67052093fbd8bc740911f6f8c8721e22d717547528873a9070ffdff34f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3b371b584302e8b9700a346ca261b46

    SHA1

    740810263c8a87dfd88c9b453dd1e7a03707f488

    SHA256

    3d14b7a8bfb97f69ed3ea67acd1e4b24882f3f96b35c4dab0542405b8e46005f

    SHA512

    914ec19ac56c8f41fa0eec0c0d52263616fc9932dc36881b35073c37b03a7b9d1bb691d80d1c1a82077e78e7333f3c4bb3b7968ab670b74afdd880274904d717

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f67cebe933326e16ddfa1b3306d34f02

    SHA1

    513971905715ced47841562678b6e05f140b1d7d

    SHA256

    52fc5fae89132338fa326d1bd1d8b68c6d3c19ec9fe9d57515ed279e01b56942

    SHA512

    32642834e8e15ca5e32f53b1119b2244b94442051cd2431d4423276d309da3a6051f65edcf76905b197c5cbac71403131588a62f510ee614f19bd98bb6d7e12e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    016ebb90a97778f20d3554c1ef8b16f8

    SHA1

    206114d79b7e51d7049c5838aecc9de094ed089c

    SHA256

    caf6600e2582cad2766d993356c8a51abd014df08eada4c2fa7d9818db64c2ab

    SHA512

    3de14c7cf1a5b621b76427ca5a0fde8df574d2c824a39ef123f49fdee1152e3f546a00bd6ef8b1433806cf37a4fa2cb37c2970e7eaa13186c5dba0365f06fdc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6e9524dcc6628b7639464b191471e1a

    SHA1

    66b219e15dee5c2fb1555393124f6c5b39d0013a

    SHA256

    19ac4d66166da37e9e7473fd63a8d61bb7cd46b664f3487b99f07743fdefbe22

    SHA512

    a6de482df622363c3f3868e15efdc0eafe1335714851a64ea7381e6ab4bf6567c2ba24c5473e63fdc7cb9fe7cf75d64b91abc11074c7198361fe35cfc59a497f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85c6bac9378fa703a1e1e63df1fa9488

    SHA1

    041182fa36f37f5fdeb2ce67461de343cbc02d94

    SHA256

    0d5bc8f29b0ee7fa672e8ef219f66c8b014a14b128b84cc6ddad5e3315c4b296

    SHA512

    2d2374a186adc27500a0c7063e39a41cb5427e99d929e4e9934648037c65118278d2ff926fd6e434690add46430e9e00c6d7a9f04f3141f3b86f16901cf42443

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cdfbb67354db61dc785a9aa574a040a

    SHA1

    fa64967bf9365f2d018f2e16795f127248498a62

    SHA256

    cc7b73056ffc35f8c9f3de449dae5f0a2dd6e7ed4cc7f6b97d6081453dd9a607

    SHA512

    5d61b13bbf2f3c3298fca74e8dfc1b320aa2dc3513aa6a51ca16366af9bcb1c6329955b0474f73f0ae23c7c2332a707b0f0a55c8837b153b151f58646cef4bb5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDBD1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDC80.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1088-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1088-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download