Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

cf0c251764...d4.exe

windows7-x64

8

cf0c251764...d4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4.exe

  • Size

    2.6MB

  • MD5

    fdd33110bdfc28bf3ebbba69b739b5c4

  • SHA1

    bedb76dcea5ebd1257dd985ec6ae23175f013bf4

  • SHA256

    cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4

  • SHA512

    289618e4814f7b13995c6c157d74d45a3409c9d6846362ac3b49efe591b2f8f0b2ca7b4952d4d4f40b73471c10cfa5a538d88e0b80c5c4ed860ec94e9a23df89

  • SSDEEP

    24576:+A8vyrepIND/0bfSPdaY0RFo3UR+h+8fEvdDrGnrdEROGHOhnLegMZt4zEyje0sF:+A81IJP4qnEvdDqnroHOZL2h0JHHO

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4.exe
    "C:\Users\Admin\AppData\Local\Temp\cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4.exe
      "C:\Users\Admin\AppData\Local\Temp\cf0c251764262cede0746890cbd47aaddbd1933e024d9c75e915bd8c7e1d7dd4.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdc478fddb08500f842d7cbd3af82d6d

    SHA1

    6902496e678f3a54bd0f35128da0d5b81843faf6

    SHA256

    533797fe29f51d0e49ad5ccd8bcd8e3652db0b717ea07c8c557635d5fe97d842

    SHA512

    87b6d96943442a802058548f4b0760b1f4853fd2ca92e46e5e80e247d4006082c2416f3a7587bf9fb0d38bd7b60aacd3ba5590061bd6c2190e6a1233e6b95c8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11548b25c1adbb6599c311c5a6bd22c3

    SHA1

    899507cda359f6c16ee5f6c39572415dfa72455f

    SHA256

    e6e711f34a2e10fb8e2cf240c33260a75649bf4a8814176b965b4eaca852d073

    SHA512

    2cf6a6877ff1dd34eb12a3a42e7ab27ea4509a5009760f971e7a1e717bda23956416ce41bf1bfba546eb160a7655e22c6894003533d1c74679e9cca583a979ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    069392e403f769681d9c39ea48e4e107

    SHA1

    178907ee2127e2e5ee6e10a4ff329afec9631ee8

    SHA256

    0f980b617115cf5e5826bcaff5ab7e4871126cbb7d122ca72602fe9007c86eda

    SHA512

    f0fb56df82a8ad69140ca30535f1e8fcdc322aecb71a94f11608d364c8a71b1953b8981e38c6fceb90600ae954d85cc220e13e0266562ee99452b8dcd49372d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f20063579ebb241d202e0cd5940b42a

    SHA1

    c042a28ce47c748143b9df15c7a955996e90c262

    SHA256

    ae1635d319c1255d559c06aedf0e35f5539138a32a14fca1a6aa0d9de0e8eb10

    SHA512

    57c9c423278597e6fe05607b1ccc92141c9b5652dfe1413b99c108432c6120720b7dd817d2e4a3bde6f2d64a0ba8c529613482efca8126cada78ed262cd87323

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac3b6ba5f81ba64d8dc3db61b1c7b950

    SHA1

    0e63c35653cd8dcc4b75a8f3af6c9264dc728ff6

    SHA256

    506843ad51dc24537f9e1062897fe45a0bb6612a6c825287884300643893e03e

    SHA512

    79e5039fbc4014b654220f9990ae5e5876a53223eeeba95ae3613f8122a73a892e2a316f8c23e61c1d41ccd7e240fad41357d022a4ed2f9bdf55f5a7fec00b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ff0ab352fdda39c79a29ec38beebea8

    SHA1

    b3cb07bfbd84a66a16fdb6beed30d5bdddaa4996

    SHA256

    2067aeb4f27860abbb448b0923131efee2f487ec2da3191089a86aeba68a1ba3

    SHA512

    fdd0d2d9b915616a6bc55799c678c2c344a8c44e362684dbe353fec5a95066fb0ddb58be65b4b311b778c6a16fbbbb5362cf763e8bce0fe12ea45b0d5f4c2ed3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    539d607516b0e8399afd20911e6a1d76

    SHA1

    8d365730739dc8fb21032b15d13096a099ae9ec3

    SHA256

    032581326d6bd4e365b9847960eee9ea40a9005cd327fc6dd46424a62cd8b764

    SHA512

    2839bab661f4c0ccd11e29ff3155d1db2509f08b50d3ffa368dbcd5c8dacb4d8e7031081dc1d3ff53a039d2eea32a2d0af4caba53aa7421fc2b1f1ef5585598e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1868418b28bbc3ac461e12de70c89548

    SHA1

    53d1e87f721a6f75a2e4851e40fcaeb14090eb5d

    SHA256

    3864e314290820f39f6324cd19c91265ddeb9b4b1d0c1981fc06f83f689b7768

    SHA512

    5f7476190a316da48c0e21447676662e0a77a5009e3cd2adf8b5ba78c728bda107c89a93bebe54ed2a0c4e2560682f14fb3e6d04211acf2568bf3e81a079aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a50e42f11e740bab0e95aba75b223d9d

    SHA1

    f83f70b5ef9180e2de6bf13c5763498427842dd8

    SHA256

    aa9af11ff30fe943b1df936c01100dd715f8fafe8397adc2e847442ced5aaf68

    SHA512

    d0c3e07d1711fe7daf4878d89cc95c445dd709d3e83a8a0f5baa640a3324c593006751d686e425e9fb7798ad5c3e9dd23f7b46ca0a1f5435b75f9757efbb4b4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74296ff5645d48f6fbf2bca6157abc4a

    SHA1

    20bf0400cda0ae216909eb55da276b94e93c7532

    SHA256

    ac2eb9777094f3b441f83578fac6fe47fe08b03916a5524469bef6e1a0e7e9ae

    SHA512

    fbe446e1056d96a27bb38c7276d9b3d7077abaf3071b47b93a922d4e97344c72d6af08976c066488b5d31711585a95df69fd194035cda33bc18656c806371a1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed5a79d33759bb0c89a0113e3049af0d

    SHA1

    0ff0c3550694be9b38904ef877fc7dba0ec7645f

    SHA256

    4309e5d805457b5479790fa1f54bfce55db908ba7b538fba1f688f959eb51bcf

    SHA512

    b2327e8d1280558d6fedf0385b45739d40d1f0b086df8436c5d392e79e14553e479f76a56a1cbe4774298b1222aea76b5accba055cc3a812e65f76172f9727d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c7b6921b90f2b250abfca573c2e2671

    SHA1

    b8fd2089fc946a774383e5ad5c0804cb1c53210c

    SHA256

    33c20a499fd690ac3b134a47833083d7feaeb4c253acc7ef4b82a1548138bd02

    SHA512

    cebe18ab46ea75e08d7f50aabf5c19e336039e42f54c9ee3a490b39e25364446662d7e4ccd3a33f5fbc07c9c7f36e5687a8879ae25dd8eb5a082c4f6bd4bdab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69eda17861c56b93c721e6c06b521db3

    SHA1

    9eacb94d95221707217dc50606c04b2844c16ffb

    SHA256

    305009f5db5b9d63922a50d780d5aebe46f2de9431db11a8aaba86fd96c44123

    SHA512

    9a7d64810038b82e690af1e0ad795ae81299d303442f9b65bcd2e188fa828ab31875897a8f1fd76024921846b7ec2c5dc10a9bd1adfdf48c864a38662667b0d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ad79dcad67596ec15accda21cc4fee5

    SHA1

    ee44d03dd6815972912479e48b728ce3f1ae35fd

    SHA256

    16fc83587dac1d00ef3246be58d0fb33b334d9751321e067d7c2570764f16147

    SHA512

    2c92c009adae13e7164e35bc09aece9d79e890033c0ad2cbfc1f489dced22e3a8578606acb863b87b24e33c46c4a63df9e33fd373d51da793013d042dc13153f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00a657515f947c821e7c28a810cb2985

    SHA1

    2fd5de8f4c6b2ece017337d2e48743b0463aa7a5

    SHA256

    2f9c0602be3e090c16c19f4d69087a70d2368f2c900a232da39508b283fd4515

    SHA512

    887bc51b91efbb02d3f01579b590cfcd6a330cb971ea042ee241688efd749afa764e4c171ed111bee24752f339f42224541e52cd443a02f0dfe3e21422d1324d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b8d005e3495e2c3a6c26f9a15cea4a2

    SHA1

    685afcd2fbae5e6cae7a061743efdf964ed339b6

    SHA256

    56feb3f824a11a548d91dde8ad0ed86b50899cc9ca2843a339757b104f7345a8

    SHA512

    96a86d29c33d64be656e7acb80007a050835d8210998b587be505f2d16ed030af08ea016548e4a17b96c3c5d94f62fa84f21d7494eeca7eac1cae8d93cb15593

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d5e2695a170d6de4548b57d8934597e

    SHA1

    ec0886f5b686f4b2112adfc89b1f76c801d78263

    SHA256

    a6f727db9ac2a55e6b7b4b4d78fba59eab217de4e58bb94d1793707ad0537c2f

    SHA512

    b657de56914cce37ab29b7786d079369310c2d6d71063ccb9873da47457e8f0fc3be97c56de081e0dbbc0011c36b799739ac5c518a426ad83442e030268fd635

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ae505bcf52d460a2d268097c468e929

    SHA1

    db261437380bbae354060bc2bbc1c90f709cb2f8

    SHA256

    26656e3813ba4de578b010b7b3eb88d8bef9d107f6dd0b6c2d32a33a5036f56a

    SHA512

    0f127a2268df66a779ff4c69546d727319e661fe545f0391a5b355b0e7e103bd812c1a3009bea99078c9ba5819c901d3a3d2c995821f4730dd94abd2a3762ba8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66f5a4b9baafb9c8fedefc775b473730

    SHA1

    07a636c00e0a966a1feb77eb296bb980ce9a2be7

    SHA256

    90d34a60ffea261acda4e90144c72e3157ace25422ee88860ec551ce2464c4bd

    SHA512

    632e916dd1513023959e6e5117930999e2470610ad8a47967b0dd10199b01849889fb73525b2df20155d7b2e5691ba0580e645cb55b8ac931f714a52ec95fe5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD4DF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD57E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2212-2-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2212-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2300-8-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2300-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2300-5-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download