Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b6d427ca1a...0N.exe

windows7-x64

7

b6d427ca1a...0N.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    106s
  • max time network
    109s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6d427ca1afe65bc5297e94472d4fbd0N.exe

  • Size

    631KB

  • MD5

    b6d427ca1afe65bc5297e94472d4fbd0

  • SHA1

    fde3d76ba046ba59c2651bad2db297052f8e2cae

  • SHA256

    43466a679f2ba7c27eb97d19988969f941eaf31388f894a8c195fad4d91587ef

  • SHA512

    5be4df4fc54615f3f9185c4206887a247b1dc5d8807ad1cdb200b387e6833d101bb154f0c5842cf421a3f6a3555199500a0103aef6e85a775b2bec86c9837ed4

  • SSDEEP

    6144:1mSUslh44d5nngQFZpX3gP7vB9ap0txtu7oRM7MzIaXPAkfEIC+FDnxpEQ7oIr9c:1mLsla4bgWXA3KK0s+ygQi14BeY+FH

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 10 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6d427ca1afe65bc5297e94472d4fbd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6d427ca1afe65bc5297e94472d4fbd0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1064
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2748
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1164
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2444
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2812
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:799749 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\259510642.dat
    Filesize

    4B

    MD5

    4352d88a78aa39750bf70cd6f27bcaa5

    SHA1

    3c585604e87f855973731fea83e21fab9392d2fc

    SHA256

    67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450

    SHA512

    edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    634KB

    MD5

    0475644559bf4b8f254576522b6df0cc

    SHA1

    4cd78e36d5143a82ee585ee8f7b6c34a6008dabd

    SHA256

    becee78749e967efd283d2237359cdee566f809816fdc216f5ebb8cc0b2a5fe2

    SHA512

    f49df2d4ae49b8e8ee7f4adfcc6440d02c8ba9b0aa8a21b7a9afa2d423f9d0335e6eb5f2a50708148ed2faef1f7fcfcdb101485d4a4b062205780bd7febe1693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58c87ded5ff9c17791f20e8cfad4c938

    SHA1

    a2699fd02b3b0515c85f711be2d3d4bf76b04b0f

    SHA256

    c569296a197e9e6f8fab78f9aac214738714139505a47372ba190f771450ef32

    SHA512

    ec80d255e9ae136faa4eb8f4ec41dd754927452caa38cbcf81ce5cba8543dd64d37205c0b78c231b4fffd84de9db6ffa95c2e1d7368ba46ddf0fc3650de69fe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77ae44e8dbcc9f5e63df2693f6a299c4

    SHA1

    ec299bcf10bac6427a2de4555d6a044574480ea1

    SHA256

    a152cdc30c60c5806da71c20321471d2def58748b874cf44ce454c31bd2165b2

    SHA512

    b04440eaf36a234dab295b43492c55653d655ba08218d737b15ac85eb765b8fc13016d24a82550387b7d34011277f813d6d93c0522528c14debb6accd6459de8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5b2c32b331829a8c881ebd02b7766c0

    SHA1

    79fd0e8e13a6b1ccbd62b9510d773f7215e14ba0

    SHA256

    94b765f869632c2a3a0f8d828e1ae50e85178f424368975a81146c528ad4fa77

    SHA512

    551ca6ac71c89802108b5540a9351d5f67fae555d5e66e8159967d20ff60ef85f218be48d11694ad2c0c737c4763d3dd5f03e86a145b75e4cb131c98b26f16a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42546b1263f870086fcf9acfc9b8b723

    SHA1

    f6698532eab98b019d0dbe4769830a5df7536d92

    SHA256

    5cd83c6d4d36a3f8125dbd7a6d09622b453adb6dea523a414af249df7bc42a7c

    SHA512

    35959060b39c59df909771a186ffa752ce665b247b63fce9b770513b20ae48edfb8d294fc86f7091495e0c749b1b5642c62d2f04e74b41dde5ccfc7f16cec370

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ed1239aaa84c26c7e20dc90ac06c5cc

    SHA1

    9ad5d1efd37ff0a891c67a2622b85ab7231483b4

    SHA256

    c50d5539f06f47105eec2170be0c55d4be98aa58aae7ecc2752c2700a7ab525b

    SHA512

    07a13c960ba0dd076528b6e3328659fd59c967f8fb336ef468b7bf06929389f95c907e67fe05369d436daf193ceee697a3d357d9e80803d7d73b1937907c32d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b144ff2be1754b6af307f117fd0ad1f

    SHA1

    6c3bf2bf8f426c38bd3c6917c9d8e87b7b818a7f

    SHA256

    5b249f7b501e760312a26eb93af2e8c066c07f320fcce58e628d9d13a2838a0a

    SHA512

    667c66785e0d077ac9db7f9b117544b5787dd13defdba8a498e9b0c2634f930bd518501bd524e2ffd7c2462b6838f0aa830572fe04ecb56a23b54224e48a2b99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e97d45f8183c4cd4c2650f1ae984a3ca

    SHA1

    24986eeaaa51b73c301d1475da825af4a6a6b44f

    SHA256

    0855ca34d74c0b0489a554ed8ff09fbee1ef1de39a8d54a2f024197784bd48df

    SHA512

    a2921f570b145bdad5ace2cd6b6d104eeffb3f5a52525b012f08030a8680415dba0dd998441b55a45ccc5e8a8941e7202d96d33e0fa519028cc68d5916784c96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee28f905cb6a6c8936e570680a8d0144

    SHA1

    c45ce19230ff8a6726eda481d2eff0ac70ce6efb

    SHA256

    15e5335f498db1635ad38b2d33e7b72cb92510956549f259e5568600398a7f05

    SHA512

    d76c9bfc64c45eff5b3c3bdf241ace12b32a78c04833f175b9835f9141a2c06d292f9b60fc3f10ac5fce75f482f2d95c0215ce732131afccf0c09b8623b7315a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1717423785dc49d214673157e3ae549

    SHA1

    97bfbc7dea0136ffb66ffb23c5c1159e2e2f4ba3

    SHA256

    e8bcba4f0cf8b8f7b0a00440d2f8fedadeb56b30b954c689eb3f8e2c6103420b

    SHA512

    90c2acfaf4a6d4bc4c468df992a93a5c9de8b6a6d01b2ed69a6ab402f9f5e80c2a462df9ead7752514a598fe9017207d6d80f6612e0aa2aa47255c195ba3ba4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a59c19de5cf6d05ccc7d9b532193c4f

    SHA1

    839fa281b919960427b7d4b0d610bb875746aba9

    SHA256

    73e4a9aae173edbe66cec45960f28ce10c7656d0f9996d5547e9b1468bc71a84

    SHA512

    e33044979bc124502e62d021f31d0f686b1a7ad6c9c521c54f2ec5d3baaccd0d0efbf933bed94fbefd39b5f3e3fc14e479009ac283d2bd9bc9ee616fb6584ece

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c45417a065d351cf9eaddc2de06c517

    SHA1

    cc618635a918d2a316d3a87b9417c6f765eeb432

    SHA256

    d15d276aee7607d8d3e9f4b3e9f50bb8852429baf2fce063c2c026d676fa9e66

    SHA512

    cc140865fb6960a3ceb36d562e240bd2df2ed37d63491672e78299596362a867e6d4e0678acd3ece33a7ca39d7c31587e1d5fc4d37c119005216a9ac9b5fef3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab3e774f8acc5aacc45ab0a49df83378

    SHA1

    e47cab166593b757eb27948dbac4023f9493c0bf

    SHA256

    28d22332d968f0b992e531898dcc967a9d2da8c30cb2b44aa098d4583ad34f9f

    SHA512

    8b107026f26d52955631a95b2d1a6de8ea775ba517a88121bc9a0b06d805917fd3739c78b82906daf91f8974e72f2a37760142ba20331800daa3149238757930

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06b1cf27ca48b6e0a81e4dbd0412abea

    SHA1

    9122147a1e5771a35072818008b7f8f746c7f766

    SHA256

    7a8d1ad9adeef43e7130acd737460b42337514f6f4734233fc94c35579b48648

    SHA512

    4319ee634d73e4c73fdd1f83f2dd27a39f8f80c54b60fcddf484725db203916d0fc679b4a986992c9d7f5f2905ca449f75f76e939e2626a281be72697bd63b6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6ce71474274df9fac04c294463f1b4d

    SHA1

    bba2e741d7fbda425dbfad6382d82fbaababcf8f

    SHA256

    dbad3f4c1d3474ebcf9f95d295f4b86d5848effe8cf91bf5b9bc1cb4e9ec1e5b

    SHA512

    ad6b6465fb2ff4909f5262c254dd7a9b4d9540ec2d20a05474484f18a13d35f2f9b9dc79b5bf9948b0b9a8ecdbd2ec204eab924a923024e5894fde3b7e8a5058

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05af2c59003a104df6b3b9ce189054a8

    SHA1

    f8bcfc8162333baf2d87c0b5329a6a9f1fe6e630

    SHA256

    0407f7776f939db5516aaf5c49a25074990a118ea4a6a36b94bde13e33f628ab

    SHA512

    7260bb8b9b64e6fd2964b5625e600cc2f6eabfe56ea9913b802b92a70b3741f3bfa22fd4a7906e163beceb30f11cf22f2951f9de268897b1f1534aba26cc34ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57c609c29e9ba4b5727cd2b2dae87627

    SHA1

    2467250344a81b4cf8118bad8d02b38d5056a6ca

    SHA256

    f48386f17a190c5225e911b45d6b1c00a22635f7831e8bbce78247a7df5a3fd3

    SHA512

    d4c81d0ffb9e1b3f4b2b9f5a164f0695a93e99fb67fed3ffaf9dcdc6cc51877d3b58178595f527aabcc2dcf18fc700d7ce3b11ba3d76dc963533d33f0713b08e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bb36ccfb76075e7ce8897e7d882cec5

    SHA1

    345e935d2e446813486522f1b6814ce2ce06c3a7

    SHA256

    622a6ca57ebef54e9cd787505c345cdf5952366f79d4c1dfcd4485825b405be5

    SHA512

    72523775c56ae32b28cb55b8320b858a83c3f09dbd4f7550d298642409302714854b05c2657b34230782c8a1932a2c5da5bff7ae5468d0d3c0e0a8be3a20eac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10ac1152c1847fa69a9f0cc54555a387

    SHA1

    5c6f531e3837a3fbd4423b9c351223c16e836b92

    SHA256

    2cbcc8abb2b2942f7b8ed2b08ae6785bc6a8ee3c4d7078fcdc2b0b5fcbe5338d

    SHA512

    f0579515f8a9fc5711ca4097f972bc478d713496cff73d0d432a955a7929a6a3137b07860a9eb146dc38be6ac22c740c73ef3b8a76853eef5abb968d0f0a9f67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA90.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB10.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
    Filesize

    646KB

    MD5

    4b6ff9c2d900183511f4ce3f6e0b5380

    SHA1

    5aef403916177678ae52a4ac960e5a5ffee60cab

    SHA256

    60e6d8623739e3a215c2ed114d7e7de13df217ac786b480125ebd3e7eb710628

    SHA512

    a4c7cf098b8e433cba946616831b77fac9ea2a34c762fba8b947d52af74d24f558af7c4ba3b15e07050b33f85e098b6435db6342d2f6a443db0af6ac6a4040f0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N37E3904.txt
    Filesize

    107B

    MD5

    b78e8e03ae96b56cdc4265a39c668760

    SHA1

    ca871eedea95ea566ac3509e413c858e0aec07de

    SHA256

    01b7f3929852c98e27cd554b04eb56241d0d94bf12b2398ec37d3ac28ce8e9aa

    SHA512

    f51869ac080592ae4d63753c7a1708361536948a6f88a5f82e172a45bf25d40e587eab46198e05324b5ff32b65900ecfa0f97d6531bcd36a1fd0afcddee09fc5

    Download Submit

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
    Filesize

    640KB

    MD5

    7f2818beeef0067359ef5cc8ab8e4358

    SHA1

    166169d3dd7cb3061102eeaf400e41bdf61d9b92

    SHA256

    1c662eb5fa634be5795e8c567d1c1014393da77138901ea69303fc570635b988

    SHA512

    0da6a83569359ea60294622fa67d432df202ed1ec1b1a8a858f7dc66fc561d52b5fd97afd25d188cc15e1d7f9873b4d67ecd98eb5ae844ec518b6dadda6c4522

    Download Submit

  • memory/1064-1-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2748-47-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2812-22-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2812-32-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download