Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

0334f49586...0N.exe

windows7-x64

6

0334f49586...0N.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    110s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0334f495869f8326d7ca89a4ba66f880N.exe

  • Size

    146KB

  • MD5

    0334f495869f8326d7ca89a4ba66f880

  • SHA1

    353c5b8e947dd944ee84e48adde3f6d4060e8d03

  • SHA256

    150a8a99086e71a0c233f701250eb85f068577f23acaac89eda30e1cb7c45e68

  • SHA512

    232dfc07b818c455bac1bacc58e6fbfd6d448509293daa14a5cb73c44ea0fc960025fdcdf8c523ca0eb986d0f581f20d394e578e367e9b9957d7a2e8f347dd21

  • SSDEEP

    3072:XLxZTUaFPmgRMNlPTGQQm6ytwZEsrYkK49Bq+3G:D98gWNlPTGQQm6agrdD

Score
6/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0334f495869f8326d7ca89a4ba66f880N.exe
    "C:\Users\Admin\AppData\Local\Temp\0334f495869f8326d7ca89a4ba66f880N.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.toenjoy.cn/index.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.happywg.com/index.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.soujay.cn/index.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    437c47bcca8c41e0ad3dbadfc86f24a9

    SHA1

    26c9d34c052afd48cfe73fd8b5a059b8d7cd3266

    SHA256

    7eda2cd7ceb267dca1a947c57d7e5ac1710d5d270411e071e1b66222bea851f0

    SHA512

    d44714d404f590e27f93d8a0d9865b132afd7a9eb626e601101fc2bf93b6add05ff19a096ddb7224befad9a49dd8db7ee92247f90e9aebbedfebd352479fcde5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3d1b7e55487ad8ccf247ab49299d8716

    SHA1

    f6e2bef20dd2e1ceab341bcd7604cef021f224d4

    SHA256

    11c19fbc93f126a0293d2bba7acd023e854da81c8dc23c9fc3d7ffb892d38cd3

    SHA512

    e28a4a0b41597554f59c46507d741ab7a3611620f8a2b25273c4b04c178ed9e084df38853bfc36c1cd5332d26f3896a8e4ba1ee2d70f57d30137aeca82e37940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1796d709fffdab706a5f010fc6db6386

    SHA1

    cc013f007bedd30afc95ba6a28b58dfaa7801d28

    SHA256

    1fd7518438d2d57fda087010d9612b7d58cd20b05a034bedb2365ff1e6d5e95b

    SHA512

    1c61417694997f7d39a3f2ee92a0ac3832cf473145f1a1879971b71900426368ce1ee28da3f160af15d0369a7cdfba315a805365bee32d6d4083bcd9fde29408

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a93b7cdc356ac1dd75820d3b4b5d7208

    SHA1

    d2b84a23eaa25f833a1582dc7b3f32809dcdf01e

    SHA256

    f08815a947ddd26e031c2bd8468090ca85c08a5a9fd530e2c8909c2ba0def652

    SHA512

    c324225a8208b70b3cbf15114c854127cb56b72b0970a8e0f67a8e2ba171fedacad85587482cd282a8c050b9714f550623d9e2b90ef64bdc874e16b3c447ed51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2b7dbc9f269f2412d24a6e0ea0446449

    SHA1

    949da3410c1186def2aeb9b6c9d96caf43086e6a

    SHA256

    3836ebaf41e9965cc1fa46e22e2c7f3c08291ab8c2ff5bd922d554cae85f3780

    SHA512

    c09cfad69003d3daafc14d521d3a5a94a75458844145321181484ab44164c54b519435a3138a4be279338cf3384ecc26873d97cbf92f6f8d9736da43ff55ae8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a0e992e841ba1cfd5adab16a224a4c79

    SHA1

    5c3a0886c1f44d50c4a5094ee7fb53669ad07f67

    SHA256

    92dca7eabd05fe643893a7c337a5d708ace73c56c94a8e63cde598a6e851ed80

    SHA512

    e47b7d2fc122587faf410dd69f5b1446302e6b03b5589b7b2e039c357f9da4b37125d12a4140c9aa1735b0f88c52a11fcfef88a3882837ce0aa4cc49c1d9a480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0f7e38f28d1f6dc146779e183e8ce9f7

    SHA1

    f96a02cda198023f838cc189d261ac61734bc785

    SHA256

    b33dd41ddccd468de355aa3527cd7fe13add4b7ff24d6570066415e5b3bd5fe2

    SHA512

    58c3ef2b5129218c331eda1471e3153a0ffd3d5ae33a69525f392641d793f14da125e6ad0dfb8d2349d7665a3104b9d9e8937d2705285e78ab6d1e667c134343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    51cc6a65960bc5184dae2fc6d34f2d0c

    SHA1

    d07e35e69ea7c91eecbaac8ba1732e9daa165ab3

    SHA256

    4dc600eaeadb2cb407a40ac456a895c57e2947c817e4d3159572fa72a40cac71

    SHA512

    3a8de6de12d0e1f9e3b1dfb0042949c3d42f613020dc446f0d02c15d8913048c6c2a86ae96a78b3a3d15d2017b99cb6d3bd83736c37e0013ec164628d964cb99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5d59a0ad7fd175ae03f75c45748de046

    SHA1

    a4057aaabbe1a364aefd3776b29dbc8b435a938d

    SHA256

    2d23ddbaa3b4e35ce3dc64123729f832e3e0591361ac01c7ea09f790b2639217

    SHA512

    48aab5c6903d9fca68105cee6d7d981476a252fa9c6318aabd8fab6aaf1e8f2b75e5db4e607e6c86a04764848b408143b91948a6ba6ac75d79dacbc30768909b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a6d05c5d0ccc91276843f959fb196796

    SHA1

    c2dc776235b1fecefcaaac4267eb3c8b85086dbb

    SHA256

    2e7e2f14184092042753b9afe87cddacf51db835483acdabc2152613018fdcc8

    SHA512

    f1fe12b3e7f634737dd6fbe4e49fc5f142b612f9eee5928ae205089ef22dce870abe0585bb669e61ef9c040fbc9630db842e79ff02045df7616c9597a785277a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f106053d848839b308e6b6aee23067ba

    SHA1

    cd1297a538b3ef9a1eef626a838b682920feb0b1

    SHA256

    e53eeb185b931ff34153f46e937962d9d8f6bce5d6f24f934f38dfce27f5ddfd

    SHA512

    f048e7721a26d5c24d4191915f1022b0d8fe46cf38162507cbbc1404e1860cd803a7aae5f67b2305c7f1a100c56b485b6c52130e7910ddec0c6c0dfba4394b1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ac4ef037374f2d71b8c246dc245cf07b

    SHA1

    c2a9eac98199558a572e84b58847a0e6fd274000

    SHA256

    e690491fb792806200407346f50c76d676ea55f21f244c362a32eb848375a353

    SHA512

    6d0a835e449ea4a6f824e48a06aabb3dce959524670b21d21c0020dae9595923e2d02dffea70ab30cd5017ffe42501a9003542bc5a3e034e91ed212f2ea25eb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d00c94fe1492adaf0be6ac16213e73f3

    SHA1

    19e8d932d4b5c081a8a0ec14790ec90f4416215f

    SHA256

    e5b48b91fb227cce0f2de71b70ca6bc0550b264640f064672f8a0ae8d4d24960

    SHA512

    38f25e923a8e2bf2c313df2d9f48168d773227fd52af0de3884f574af28ca4ffdb7f17a1bbc69882e13f99accad6868d6ad9c06a92eebf545de75431bf4f50f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b9df1472fe36fc3a9e1674b266fbd74d

    SHA1

    c0f3888a964551970a2de984fb323a6a7bee4ead

    SHA256

    7cd1f1aa3ba05c934dbadc795da97e5a5b7e6b418f7db4aca29d8448145add2c

    SHA512

    fe0280f0ff349d40d16e809eeddb47be08e932e469d023b3cf6e9d3799e0b72157d1e0e39a2769df152690c39961ae94c501bed91b3b4a4fa648a8263a57603e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    bbfa7ebd1935335448dc1dc3c8798cd8

    SHA1

    a2e974d87e874ba0e1760b3a091caef85d53cd50

    SHA256

    e6b11e343647ba58d4a4351fdc5a0ef05fc4d4034e623030ce7b86086e62dd7a

    SHA512

    5087e863acdf277af6293ea853ab463c104f44d6967bbf428a63ff172b482f30ee1cae9052aec2922ca51e94eba9d2fbd317fcd3c09eb0029e7e7233dbe03abf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6da11b7f9ddf72774b111da11d52352f

    SHA1

    9d4f10a4b73e68189801c779889e36e9043ff45f

    SHA256

    cbf673176ae890c71d5c525f5750a5a123b129fb43e2d1171ec42986549d16b5

    SHA512

    32648f5f3e4ad4a590cc86ed6bb6a8a6e14dbd7c3ec508eb0d3d71309199063afcf823d161c0b50dc63fa0889f6a6ecc858a52c155d4ec9f68f271031981e9e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25B9D041-602D-11EF-AD79-76B5B9884319}.dat
    Filesize

    5KB

    MD5

    f2db4fc94422aed7463fdad462d57381

    SHA1

    2d33e86827e7fc1fc81445ed2bd91b6d5e0c3c86

    SHA256

    9e227630fbf67926dbaa56e8694812b6ae4d25484919235aca5619e74a875f0b

    SHA512

    8110e16b1e3d6bec91ec2700343300147e8d7f1aacfe4d13868167c3228b7965f46c0a9b0bcec7bafb07d6f843a4652b5239d205b136a05e553aa63b8c1918bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25BC31A1-602D-11EF-AD79-76B5B9884319}.dat
    Filesize

    4KB

    MD5

    1afa302c8611443d9de2a5d2f7300e04

    SHA1

    81c0cf104653f035c3cb7582a063d7af052df347

    SHA256

    4928b5679b0d48abefe6e7b6ae05182801e473136eac5661d5680b68b93441b3

    SHA512

    f10e921867e48376b1da37fa9d1fca03ab1618da900b2a8fcf497139d6dfb124392731774ba3d11f0f20c294d3945335fb7d47e6ebe54b215b157f7aad0eb5e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5A8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF667.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2468-2-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-31-0x0000000000320000-0x0000000000363000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2468-30-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2468-19-0x0000000000440000-0x0000000000441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-14-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-15-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-16-0x0000000000470000-0x0000000000471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-17-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-18-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-13-0x0000000002000000-0x0000000002010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2468-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2468-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-4-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-5-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-6-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-8-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-9-0x0000000000490000-0x0000000000491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-10-0x0000000000480000-0x0000000000481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-7-0x0000000000430000-0x0000000000432000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2468-1-0x0000000000320000-0x0000000000363000-memory.dmp

    Filesize

    268KB

    Download