Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

eb3b28c3e7...18.exe

windows7-x64

3

eb3b28c3e7...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/msearch.exe

windows7-x64

7

$TEMP/msearch.exe

windows10-2004-x64

7

Monkey3.exe

windows7-x64

Monkey3.exe

windows10-2004-x64

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/msearch.exe

  • Size

    58KB

  • MD5

    b7e8059927e84385fdf6bc7d73a072e0

  • SHA1

    387b5bd41d1833119b7a936781f561de2bcf9ef8

  • SHA256

    bd46c539a3bacd4f40171bc441f0baa9aea1821d539e5b94212efae69931a316

  • SHA512

    3335e7c4e9497b4bd5f6cecd114aa62b11d8ea4fd0fcbfdc013b1af8c5872a5a77c917f7b28891fd6d0c6b789b7677060d14badf1f9794580a2a2969cb68202e

  • SSDEEP

    1536:vUkhxvEP3fMYqM3WPVjyviqoXqtjqENd/avWX9ws3ic:MWM/fMYr3gVwi0tuC/auX9s

Score
7/10
adwarediscoverypersistencestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 46 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\msearch.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\msearch.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files (x86)\MSearch\MSearch.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:4780
    • C:\Program Files (x86)\MSearch\MSearch.exe
      "C:\Program Files (x86)\MSearch\MSearch.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\MSearch\Install.ini
    Filesize

    226B

    MD5

    0866c83ffb0212ef77bd389ec86ca958

    SHA1

    071d60f432034a7d7864ba4359702938caa18553

    SHA256

    ed5e8047f64a56808d514c4b31a6c45f406bbc85333f51435fa6745bebe66ea2

    SHA512

    552135a035af04b413fb53d6a2ef5a495511b187d493b9c30a9766b75c98572fff578d5467c8aee72662ca3c72a3498b5af19a4825b1f0e8ccc89efa6d213c7b

    Download Submit

  • C:\Program Files (x86)\MSearch\MSearch.dll
    Filesize

    96KB

    MD5

    4ae1045306b38a95b715c4694e5e66d7

    SHA1

    0d606473c952c49f32e94e1fda07a38752fb4c14

    SHA256

    b92152c350d06dc7206af5d20c224e1a46a23cec2da29b4f48b2431a8724a086

    SHA512

    b495f16c1a34aeb6bf26a4f3d16cda8b9b5545247b1d92b776f515ab238b14bbbd118f047f453cfc079f30b921ec790ecbeeba5384874a354fd3656dbdd54d33

    Download Submit

  • C:\Program Files (x86)\MSearch\MSearch.exe
    Filesize

    24KB

    MD5

    b418c9d9eedc7c77a2d6d7dd8649126e

    SHA1

    a9c34a4c268624c243c51f839a382ec62138990e

    SHA256

    7ee8b73f90c1eb4c0c061bb7f9051ab043fa66fc69b9069fa71039d3bd278a6b

    SHA512

    b32cb45d6f3ba80d6275e93a5f836a722858159a184a68e1027a8bb3fefcf62ba004b9814292aa8145f8bec3bbca7844553b6602526fa55ea7da994d6163fe9d

    Download Submit

  • memory/2336-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2336-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download