Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

f7e0658010...0N.exe

windows7-x64

8

f7e0658010...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 04:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7e0658010d2ff3571e886ef239d74e0N.exe

  • Size

    232KB

  • MD5

    f7e0658010d2ff3571e886ef239d74e0

  • SHA1

    47b2968adf6341194b796f4eae8415253e8ce33a

  • SHA256

    61685319b4db7140248c50361720c29abaffcce9131f035d2ed7f9666aa73aef

  • SHA512

    e7af72f586d44ad8d14414001f6c0c05a4afcd9756e5441780b8653d41bcf8ad4de79e8fdf293c4e8b47b80214dff1b5efa98794bc54525be7183afcacd2eb1f

  • SSDEEP

    3072:d1i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1Vne1i/NU82OMYcYU:/i/NjO5xbg/CSUFLTwMjs6wi/N+O7

Score
8/10
defense_evasiondiscoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Hide Artifacts: Hidden Files and Directories 1 TTPs 7 IoCs
    defense_evasion
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 7 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7e0658010d2ff3571e886ef239d74e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f7e0658010d2ff3571e886ef239d74e0N.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ymtuku.com/xg/?tan
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2616
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\All Users\桌面\Internet Explorer.lnk"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\Documents and Settings\All Users\桌面\Internet Explorer.lnk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2664
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\桌面\Internet Explorer.lnk"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\Documents and Settings\Admin\桌面\Internet Explorer.lnk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2244
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:1028
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1608
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2916
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\Documents and Settings\Admin\「开始」菜单\程序\Internet Explorer.lnk"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\Documents and Settings\Admin\「开始」菜单\程序\Internet Explorer.lnk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2228
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "C:\WINDOWS\windows.exe"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "C:\WINDOWS\windows.exe"
        3⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2076
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c attrib +h "c:\system.exe"
      2⤵
      • Hide Artifacts: Hidden Files and Directories
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Windows\SysWOW64\attrib.exe
        attrib +h "c:\system.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5dd9b74d9acd7c068c15abf60db893f3

    SHA1

    9d5a89369cb228c3dc686e74f60746f8b6d24b1b

    SHA256

    0e05e5ca79e2ff239f0d5554d73cc2f3b2e2ce1532d1d0c6b97dda7ed75ba716

    SHA512

    44943607c0f4161733082bf3bc77daad73f34a87ff77699e280af6da68d10966c4c16ff2fe551398541c630b7930a7bb65d15ff25df32b831ce9d63a2e1f2cb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eabe2de5b92a76ea31776941fdcebc54

    SHA1

    d51985f837566064b845420da90321e6ca449cdf

    SHA256

    4bebd41827284123317b19dd5f02fe550b0389574c059f753fec7ba10b99a345

    SHA512

    61219676341c772d1a9d353648f490d28e2d0ec9def3944380e1b8d123f7a3f1373899d37b80b1531669dfd06e5b5abd4ee74535068ed604590fd56926f8412d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6e2944cb777d1824adc3c6e7efa1dd5

    SHA1

    c0b6ca61163e33f65d31f8fc6c9a5519dedb347c

    SHA256

    77af29a757fdf046f0e190018d7b5adc8913143ab400b756170fba7e3cd67e68

    SHA512

    af30072ee04caba8ea5ed6eef13e17bd764aabb4f6c903e54e04ee4bde02fb9b07ae360f88d9e94b7e393498853cb027347d2a3119748775a8ad8443cb211b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44077c282b0f847af40fbdeaaefc0f5f

    SHA1

    4d15ef1ca67d28a4b44da88b40ca9e04455faf55

    SHA256

    af59a60ee7810207184825593296c131e5ffad5c821f91c2f4fc3f2067d39383

    SHA512

    b7713981580b5ddae453f8adb8c9301b47efec9f05a6124f06e79fdb4b4788b9e1b4c0196c7f5c0d6c145ab881b3e2cdad4ea1dbda5f5ffd68dd48dc2e727231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3d302bb189919665f7168633e95a400

    SHA1

    d85262bb2bfa83326717912dd0e762b978f6fe3d

    SHA256

    93073b2a34b1512f9e2a3b3de6249b5934c7075c43a26356cfd4c14a230920b1

    SHA512

    635e91b4f976d0b57cdf12b9f3472bd5d73f29adb06ba781150d658494985d4eb339657713870d2db03ba2e51424c2cf72ea3405da85ebefc68f85799640fc2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51e609937ba85cd768867d39181bba99

    SHA1

    477fdd010f286dba8923187262c825ec0ee449a9

    SHA256

    d8173f1f9aedbe96ef05e5f165806341a221e94897247077246d1e13781e769d

    SHA512

    74d21d7f6ed2331928423ee1f3980e0772b1ed20fc5249e004b6c1abacc4fc637f99e6e83010887b34317d4cd0688107fed0ce2ee55185ad247cf12a40731686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7c7e9a853db0362d676075a1c56273e

    SHA1

    c5c53cac16bf6dd645f26b6ca6e0ef1201093ea9

    SHA256

    0ef6a2662721fccf9937bc5128d613c105fd0ff0abe684ec11e3c6699f3ced7e

    SHA512

    79afc0eb3cb2fe99d5191458bcc41b8481460439a294a5659da2f2d674764ce3ccc5df313cd37a004d446c16670fa0c3ec918d53169a2e091e97545ee51880b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d52951655039b720d2064344e1f3a8f

    SHA1

    81a71795e437009c8f50dfd28fa564c2fc1aa0cd

    SHA256

    72a79aa32743ffe65dfaf3d56c7829e3035057e99378ba2d5e3c2b070cdd0903

    SHA512

    d49721210f7d9e93df81a6ef88f5af4f9c4ba0f841180b94eeee0d72d9cf60c47a80ec46d73e3f23de945fcf5eaa50b91dd26c15f7e09c8075d77517a79b9c88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11a208b95545aa530f4aef4f01174c7d

    SHA1

    997aa0a104fee5b5a4d65371ac6a778351fa46bf

    SHA256

    973af673132439ad0ed58c956d088e91aa55f84cd72ebfcd8c26e755f97733a0

    SHA512

    01ef4158776b70f045b2cb2eab2e9161ca4b512d68268e24af19e86ecb05d61d4b7e10fd4e7fdc708227e831143c8a79519266ce17618d522fdcab5ee5b20cc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    537781c228c2a03282d1a431b6482ad8

    SHA1

    c7e0cd5a5689509263f65bcb07f8d30843c79a8f

    SHA256

    67aac674508cebb70afb773a58cfdf9c941e5f0b803ed2d7588f882f9d876a69

    SHA512

    a80fd093ce2e60ae9937ebd83747729cac34d2819b72b27cedaee625f312501824e7af751727873e7b1bfecf199f8c905d678fc856b4e43c27b47d3ce860e9a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05820d2ef44d3cc427bb4c26e67a34f2

    SHA1

    5fdc4489e583c4fac2805b4773bbbdb8bcbaa747

    SHA256

    d33e78161230ffcd1342dfe282376137a4e6ec4e531065624eabf356cae7468e

    SHA512

    88d1891897f83c58616ffd57349dfc9aaf7a1a2eabe2952dff8168bc4f382915232bc5b8c13d4364051a998ed92ca9c2e91d1f10bbec5779c1f4d820c6790e83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01f0fffeee8ca0e43efc5462f231a614

    SHA1

    ded362b0023fd4ec48d23ce524c470a9f02911b0

    SHA256

    154937eb6ad0355fa96f574d6fc65444a4c44e27069762b212e78c875f088933

    SHA512

    4307c1c2f41b0c778cf5ff4d9ba6f51d2092667af1ae962ebc7f30e67ff0a61753e8f8cc6c6075b8a626bc84972572caaae0e1acb3ea16c863f68fe872437775

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0292271219d039e7d5cc88d7aa58d51

    SHA1

    402629aab8ba3a99680d4fac3d6f336650c97b2f

    SHA256

    fca35cde25a69c78de5bcca29464c9a1ef95b3215765c3a9db8cf80838f8ed00

    SHA512

    386740c7001c033a8589116bcf1a67939fdfab5fc9420093c061271bc6e8736916248584f6edcdf000b83f77a4c802477853593a4d7d1679aa683012f12a07e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af9727665f8679a938b287ea1608e77e

    SHA1

    2f9f3c3e1174c6a691e9c4ca1421da06487e3bea

    SHA256

    f81f891aa157c5411cc6205d109a27aa3125bc34a0f311461a58cebb491c80d2

    SHA512

    5b5bc93c11d26ff8a103af4669b7d48c96cbf2c64d6c72a3f9a50626d5a074a0d0fddf4ec556012f181b8e6278a8e28d874b6c37138122302b64009f63b3327f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94a71061582b91b4806995afbc9b0ff8

    SHA1

    2ce0a5256482c1630ae8964fa35c0c4b4e7fd25a

    SHA256

    3e4f29a823e77fe51f98e4e9dc6d8521065993dabace78afa05339deea81af82

    SHA512

    78d44d4248167423b50814cc5fea1db0193545b08acf0d7b94cd38648d01dd76b23b441abe166628cf4c6765a0e66c720abc2a4fcbf886bf4fe3f16ad0ac3f52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    302dbb57543983409a2a97e21b573b6b

    SHA1

    e4b959aeb303ea178bdc28303b59ec231430abc6

    SHA256

    556505fa02ab4f4685a65aa787c0896b789bb3724706ead1e806f5c9f5dd5e68

    SHA512

    b3f4ef87699bc2e08cc60211d4a3087d2d077c574c193d37d5feac572473ca157aac484afd8c9105a9d3c17c7adb976c40b23dd0b9cfa4a225da6f90f446584f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    968bab06b051953e5146b1c6d150f2d5

    SHA1

    0707399508b1b178a13f531dcc7b8d4216f19267

    SHA256

    b19b1d95fc35d20c0b8ad36e0b93d33c1466b851827a13f97308e0ef79b9e857

    SHA512

    bd5c8a06da392efd99d7f443f1b236729dc5c875b6bf6e1e69641b67348fe872a98b4775e3e7d1af52a746a6d12e7921f424621b4537eaed323fd7af55745d9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb48a6e7b4a2af005e6622a4cacc7138

    SHA1

    c04695bf45d3a11b4f4de3f01b01f877f9bcb1d7

    SHA256

    2096f4f5a7b70969584db25235b5815d4e1e24a2497343d13d20ae608be6fae8

    SHA512

    726bdfb1e86e0d16d5e1754d5bbdbbcaf4eaa5f6d99673ccdb973f3020eb292ddb61501e6acf3249e1a49c606eefe5b1b28e9b883efda949ed24a90f2c2e5a33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7e591f94c97c4fa047a99db22471a30

    SHA1

    7447a37ab38452b24a6fe8a985364a2f512cf33d

    SHA256

    b9d5e346b4f4ebe3521257ba533cfcb5112ae727fe00073c6ea4d0ab6b507971

    SHA512

    45429715b1cd051d3a3e73fc27ae8a92dc80d842f8e3b471494c050719b5fa4b9da64bc45ae2c75ff8a2e4bbf115be702ff6850dd76bc085bee54a0b6fcb1c5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9ACB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9B8A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\WINDOWS\windows.exe
    Filesize

    232KB

    MD5

    b596b8d78cbcf5e38e1c6ffb17735ca0

    SHA1

    be0ce27f74a0f1634059ec81d9470464374b584a

    SHA256

    a10c49dbcb967d3c9c84fad02209d2064678a2c2ea45c7ed27119b96c0db2b85

    SHA512

    eb61782ff4cc4cfd1ebca417ead770b3e67adf81a29158c837cb4589ea9dbc28a36ddd75afcaf019f41bc30ba3cd7bfcb7911e7853b20465747277aeaee7af27

    Download Submit

  • C:\system.exe
    Filesize

    232KB

    MD5

    0948f05ff725d050609534078bf2247e

    SHA1

    851989290411339570326238d32e25bea2b147be

    SHA256

    59de2f4f4596be54fb94b656804386d759020df09c655cc3cd694d69c90faa39

    SHA512

    0faf2c4a7afa3411c5b922711165421e9ecee35174d25210e97352e160a1d15b69d1250820e49ac395e38ad3d068efeaf52f17b341cd1908ddf84e9958bc54d4

    Download Submit

  • memory/2732-16-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2732-0-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download