Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

HorizonUpdated.exe

windows7-x64

9

HorizonUpdated.exe

windows10-2004-x64

9

Resubmissions

28/08/2024, 20:00

240828-yq42laverq 9

Analysis

  • max time kernel
    1558s
  • max time network
    1559s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 20:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HorizonUpdated.exe

  • Size

    6.2MB

  • MD5

    85d153363588cad0dd5c3ea1d26bddbb

  • SHA1

    c7a23d27cdebfc2417b270fa219e11cd84fdf22b

  • SHA256

    2c90f6122311e85fb93348cf3d204ed85f85e59730dce45dfd1761d7adf9d5d5

  • SHA512

    06c826fab50ff392e84de07d937024debb622882044cca7c1272820d682415d1eb7e8beeff66e95452396878f5e6c944adb2e62c46a4ecbff88a670b511a23ff

  • SSDEEP

    196608:9C6mXpAzaps4JqfzBCXj6z14oNcqYjLSySrn:9dmZbSHq+pDNAPe

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 6 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HorizonUpdated.exe
    "C:\Users\Admin\AppData\Local\Temp\HorizonUpdated.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://dash.usehorizon.net/auth/62dc4f69-4699-4b35-9f5c-cc69254f52a3
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    a666e36a643133ff5d89237d31763272

    SHA1

    37e565baf2aebd943673b1a48e95f8bef75f18d9

    SHA256

    e8a7f33b4a947eb71b6f535a99f8a6366739edd7be3dae043116c65aa8cee9cd

    SHA512

    34f18139aadd90a21c263556be2573cd65ec2e61ecd1ed0da0ca76abbbec1eee937faa134d2e263383cfea3ebff117896463cb88ce714eb03b2e75b148ffb0df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38d40734e72e49584ae8cc16b8f19eff

    SHA1

    93a13542036e87743fb9f32a092c06dbb8a03399

    SHA256

    f65d7fcd5360455aa17cd4481457a5977f89e4a3704fe5610e318e9d61b46bb0

    SHA512

    45f2248f959bdd8c80a40f491ff80f4869430947b851578b665ff1f890453f936c8e0793cb4ab40a6413c5f59c96cdab13fa052994e79db2a4aabecb7911bcac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ca3faa79befb18b6b3a22a5389918ed

    SHA1

    c2fca22a6816a87014379c30611f08b54001e223

    SHA256

    54fda780001aa44421ac0407eeb8fd156ade2f363715ba71b943f1e2be8dc2a2

    SHA512

    1bc03d8422b0c8fe6e0027d35082ccb4fa2ddcbfe186ba44102118a9f84901761bbbe0a0d378a6fbaabcb320dfc2ef0569160f113bfa1b21a2dc3ec0b7631773

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f53c0845f59c3d8b63a4cd715c2cbb47

    SHA1

    c445abe99899e78d2441886493684b8c32e6eb96

    SHA256

    c772c5bbcb5c24b41ee4d4e5186596e53df91e30911bfe0ac5fe3f49519dbdf1

    SHA512

    0d74d3e933c4a880c622a573c214f81a5835228c5a665b557c1ac1aa296db153855b488541785485494e342d338efbeacb19310d6b3dfd6c840ae15ec27c60d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52b1fa58bf6c298f8de8d06a19e421f7

    SHA1

    c6529edf3b6489f39780eba31ed29e814c904430

    SHA256

    318c7e5ddf3a38984b5dd8d98c8a5617da5da196429aa7caedb7962c5b225aca

    SHA512

    0e2383d9c6d534d010b955a1ff27bf909d897a137b19920c5b30c1b93eace39d0bfeb17493490549e02e52806e1f316c5aeaae57bbce07c6a9e1401335f8e4dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77ef824f681fa7ad4a814ace12184d70

    SHA1

    3f234efe30192afeee185118ff8b8a2a9518ffea

    SHA256

    0b08fd1bdf33f5e9bf5db2236f64af82606c76a9a32e3a005985892821927eb5

    SHA512

    4b63f12b1597270b1a6ffed0630691e6811ada9e889295a030076f22a9f74f016a0d95c9846349c7c760f6ef6419b2554922cd7987b4d91978c8f76e316df548

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6044b5c1f3ac6d0aa2710957bcd6b234

    SHA1

    590027cb05eeaf3f57d9d47917f806fb6aa0c96f

    SHA256

    27c6d2d9da83293f481ce679827697c30b9f92041dfd9da6f559ee7923c4113e

    SHA512

    d60b1af4c6bbc9e62351634d4fd43a735f71506c93d7442b2d26ba26ba4d6d3d82b309cdc48030c2a347b46eae91c295a10fd29c0062b19b67fc126fbc73769e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53c84076aebf9796c5f5bc88ef66b0e3

    SHA1

    9f354147ee97f0adca55ffb47cc13c3885866ab4

    SHA256

    cd0a493360dc8c3bcbca2aa79f651959862c13dff11f6f7a8a67e17c7b6dcaa7

    SHA512

    74569ff8c8ccc10acbce758e94511421693b307ca09dafce4b5f8d1d9efd5fc1f644e11eb4a896e0405dd1d97af6666462b1437c5eba1b15903bc59ebb9ddaf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    179395f7b033ee1c9ab67d722c962f5a

    SHA1

    b8010a6c961a5d0bac99bbaf8314b5447c45762f

    SHA256

    1894faee55a5ddb5b80a3e01a23f0ddde81079759c6534e4baeb07804924b66e

    SHA512

    ce7ecf81eb8ae197f0ea4fcb03fc44ed0b30e9491633b80a3e0d7b8a88e2027ca67c8a3ff937c99af02b1f18f5ea73cb1734476b52a3122b59fd337b8edc4c45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e0d9cf391976862fe796b7b04a88bd3

    SHA1

    8631090a3af275c980dd4904dc44b625920fbf32

    SHA256

    7768d9578970b3f2d3653724a6bf5b2159f434f4d327905786e7268161cd6f36

    SHA512

    2a3c5abf9d6092ffe266d3d6e193ae0bc88f09028429dca578dee928e56a7ceb1ea5348e3641e446aa710941569ac468aef51f7255da87b037d9c518d583cbeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd64a3a6968e98bca3bb39cdf34c31db

    SHA1

    9cf0ba773957aa0c09dc131a7acc5e7d90a04c66

    SHA256

    861101b7a33e6c626a37f4cd182a1f7db600d5a2041b4de54faf929d0412344d

    SHA512

    3d20088cddd2222d4839d06aeb0e18c186a86e24a8ea135e583e82bb043723c62acde9a6cd7a2d4149fbbab725130294f44332819a360cf6babea37b2b47c2bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8867d007c49296d34a366be9c8aba188

    SHA1

    cec4a990d269e78b2fc6093b99c83a668cca123b

    SHA256

    7828c09c01b915e9697036b78f12eacdc2f0bfcb2a0b07df78304779443689cc

    SHA512

    9930c1664ddf1d3b67621fef56134363521b43f84c987cc0d5ee6b2dffee789f72eb51b732d34bc6da38c9ee38a5d89bfd0c86874204757414295f60f24ca72a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e626c22b83771a039003a11ec63e739

    SHA1

    5eaebbe1e4f1358c6f5cbe3202cc3b124fa18389

    SHA256

    8714fc1a18cd74ad98479348868c1908b8d33b23c2524a879570aff2b7923184

    SHA512

    6b01fb8e3bfb4c4d92628fdf104314ac562022a8bb5ec20d80d32b6120049e6ac2c38f6959fc23762ae0b65a97fa8fda73091cb9b8a601f0caed9f9160e9f6ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cb5f7356709825a434223f871b1221c

    SHA1

    515ca3f9dbbf683417588f499841d8564e5af1ab

    SHA256

    12564d771ed7df820827734f845990dcf6910fbdab201a6f2f8992aa8804c307

    SHA512

    1f73701bb49e42ecfb868cccfd07129cf2901971c8cc0f3f50f5ea01e6b7712be51586cddc3eb031fb27e92b31f21b6100eed1ed11a8629c677d61f8f6888b80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f181b4f058f128685bbed5c67dc0092b

    SHA1

    199bda9b219e2fe4f2a43d8eeebd4e765a5d1944

    SHA256

    ca769c96e3e4a660e8d3413f1299f3915e2ab0322a56113b6e3012da81167bc8

    SHA512

    6422e19700ff9bb316ae4f944746156a5267c3eb2d63c3d503c462a16b4e31f55c88075c48650b96f1110da2220ec0fd23335e77df08e955e2829e1da8101615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b36a922e460bdafe8b0bcf60beb7553e

    SHA1

    f0f0a350e12ddf45450130ce54081764034e29c8

    SHA256

    e874892c1224ba7666da2b2db79feca22b88a5eecd50b91979e36a9c4c3ae40e

    SHA512

    787f0f9147c258bb2aa0bda588a2cc618919efc98547ffb74e6590b60f51e8578983e5b811ebbad7e11add4d9297d19603c32773f47d961890be221fcbb975c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a7fc7dd3f048007d885932bbdc5a796

    SHA1

    220aa2d294b2f298287f6478b4bf41cb45a00d6b

    SHA256

    2a2e671c3d6cb42c728301d5a6d11d93dbb0e6714bc08f353d9421e7aef7ecf6

    SHA512

    572be9d7839989e8d7591c215b4533e522a5fe61f51f61094346970feb12496b868633426e11c9e5c27599c8ea59f0f1ccf97ee422ba4274b42a1afed648306f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2b24c7193b06b06b6477a9829aa6c35

    SHA1

    e2fdb10d62af6db8d4119e82ff0132e1dc52199a

    SHA256

    667277f1aab9035b31dd24b2cf29473360ee9c7bbb04f27384354b1280230e2d

    SHA512

    878008c96caaf174810a8a4782dfb14012c119ec2c217967f1ac6b5344af50c1106d11c8e3e1f31de690f7d79227ca54b9c21ef27d5e72f5cb69f85df50bbb14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5aef7e5d0da11b7247abc58d8386f616

    SHA1

    413f5d9378fd8403afd61b2560f93faac33a00ef

    SHA256

    fc445f186802a85695f301e04067b12eb3d2d5c31850d2920e2264950cf9a378

    SHA512

    66d2c87f67b334b7dba7d2c4f29365e25440daa091dc21781db5e2ad65814e5eba4246d1b83b9c8930e0b1db1bc4f84d1564e3da2a729603ffa9b745310354e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    647140811367a61a13b4b036a7997afa

    SHA1

    df8b7bcc1d0d10dd75a2fbdf1201b4600d5f958c

    SHA256

    469fcddc09f9ba0d2e64057adcd955e2ca530bc545cccf90ef201c798b4bf846

    SHA512

    3bfa9e550d9c995e1831f65f5339abb6a106a397c09c3a853a917a997404f383fe0b6f749723dbe33f8d7d75f5d6e5a922898d473e5c2561df0090712316b1ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a1a99946da9111dc7dd0f02ade19acb

    SHA1

    e16eb3aa5798894298f526d788bec2b19baacac1

    SHA256

    7f9f5a2301f077f9b190a7469adedcb6df74168fbe9e2159b588ad1d871875a3

    SHA512

    82a6c273084f1344e741757d395810c6a7a10a4a6e529e7178fc89cd625d73e424c51b6ea42bc913af72b462ee41045c54b056d7a05f6d58aa6d4b5b7af46ae4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a3af2d0309eb31365bba37e82a04b41

    SHA1

    b2efbbfe549df39b37b3c4873ca053a9c0fc3820

    SHA256

    bdc4a4ceb2873fd7a5871ca9574f60f8c3173983d2fa7e58c1121d3cf02aa15c

    SHA512

    d1934047c8a9cbf5ec020b5fe2dd7f1be8a14fdd35ebf0aa6940d47bcef41afdc223a73c1987da6d89741e690a4a71266691196822794615ac2db0e7abaa8d15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    d52f33aae2b1c893ffd9593f211b72d2

    SHA1

    c4fb5f2e83966c638927b08694403ce5a9af0665

    SHA256

    ddf1ae6b4c5d118905b964030afd90fba9d7b576bf2f4751be0b3619c92718e7

    SHA512

    9c6cd90b44b3cfcb13ee4425019c836d66946b6fa0f3d7d554c4b8f0e83cd1c15af5f788b4cac5b764a35c47860e9a313235a510caf1f98c93bef929b04417c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat
    Filesize

    33KB

    MD5

    20a1a6990c173ea82610b61f0e600bef

    SHA1

    817b16a152ab199a744b0c4a93978fe46a637cb2

    SHA256

    d38acdfd538d014f3f8854b5243b5eab9c0901d3ad3b4c21ddc3a79b968b8f02

    SHA512

    75bdf4943c9ff46950287158f7bc75ed01d716aa39592702570431e077fb86cd2bdf7b0323d928dc78007d15c45c114ae8ad0350ff1703b1762c2d43564d5ade

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\download[1].png
    Filesize

    32KB

    MD5

    da9bd572db8fa80df121ec328b421e5a

    SHA1

    e0c0b2a832d0fe3250d9f10814190e70a889113f

    SHA256

    6979097c3f08a030213bdc66aedf70a1da4a452e74e21b8df77ffa9241e20e16

    SHA512

    c0d7f92272a54b809279437ebcbe2b0ec40d45e9a97866ef6268fef7ff819d21e54e6a0f4d8c3d1e14abed03900841660b63007c24f942b0d5a504c9e0722e18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab468.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar467.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2276-0-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2276-3-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2276-2-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2276-1-0x0000000077440000-0x0000000077442000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2276-4-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2276-5-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2276-7-0x0000000140000000-0x0000000140FF4000-memory.dmp

    Filesize

    16.0MB

    Download