Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

ab7cc1c49e...4N.exe

windows7-x64

5

ab7cc1c49e...4N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab7cc1c49e3739d82bcb0519536c762a2d775afc6d809adfd6cc993506ec7dd4N.exe

  • Size

    13KB

  • MD5

    f3cd8c95f733200bfd9d5dcacb838f30

  • SHA1

    431d865fcbcbc5bade51bd0e88c8df65282b7cac

  • SHA256

    ab7cc1c49e3739d82bcb0519536c762a2d775afc6d809adfd6cc993506ec7dd4

  • SHA512

    97a49ca386bf5929405b2a9078cd08857fb834e6a6bef0cec355a0feeb4ffc168a18269e3e1e490026ce4f06fa6dc52ab668e4547176c4fde1782c4f11ff4b9b

  • SSDEEP

    192:LUL9dBH9j/sAacntGaaQen27LDpgi+S1rAr9ZCspE+TMwrRmK+vhOru:mzacntDr7HMAReM4m/

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab7cc1c49e3739d82bcb0519536c762a2d775afc6d809adfd6cc993506ec7dd4N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab7cc1c49e3739d82bcb0519536c762a2d775afc6d809adfd6cc993506ec7dd4N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.alpha00001.com/cgi-bin/advert/getads?did=43
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f295ffd78d95e0052b8b2ed878db7fa9

    SHA1

    e43f55341f3a322d21b58d528ada5322ce5e3f1c

    SHA256

    cb554443d5876b471e3f63782a51afbb468e26bda15d3c802dec03f47cf7261a

    SHA512

    1fb87b2ad2251241b7b7321da366433657bbd4632796f8db11970ecbb7db562ae9a1b14719164856f44dd1e4eee64e62a1e85f9f332b03b19b1ba94187116e0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94176ed8136b4ba98f0e248cb41804f9

    SHA1

    5c1ec5b0c9837d997f395ffc5d46c8391d5da3c7

    SHA256

    6d1870172ce9faadf556b5650a6159a8a5ceb61582117ec8127d6cadc65de06d

    SHA512

    05e3322025c9e6ce7c799a09a5b5e616add67ac159cc442bf963006beb78a76c8f07461fa6486ced6d65527fef8a6d6a097146451252fe4781061119955cfba1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8834c0857b6e593b22ac7f92aa1a955

    SHA1

    2a98be0b50357b0c6bf0fb2988091e2eccafb224

    SHA256

    98f3ecc8b8283dabec8f03ec12e599b5e2f9a6049d3f71d03f5d349b62663486

    SHA512

    67e50a1133deb3a08bc0b3087d0a373152ae6ac90c3fa3e2108f3c4aab58e860e59460c04a00705ab6f42d13e88ed537fb97b66a07804c871df7612a86ffbcf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ad246d8f370c248f2030b37438bb97b

    SHA1

    ac19c25c1b01bc6b4a3d26c1bbe5d884dc627811

    SHA256

    9113b386851b817864178c3de0d8370537ea181e156a969568802003d5637d37

    SHA512

    fa24b57137816fd67dd84dd710f5df2f160e4040997c8884f3384c28384a36ea3e0cedc4a093483ba32b17365dda8608872b41c521ebaac49d9a18276520cfc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8edd009bee342aa2ecd4c1cb2137b5dd

    SHA1

    f7228a202eafaf85c2d15234065bd9cfe3c0bc70

    SHA256

    7b0eee7bf32731a961129aa97669bf332ec6c518f031e19b5fbd71fd941b85b2

    SHA512

    7852f8b42210311080b520f48ed9772c31d2a41334c3959b2b583c32290ba7853125b980b803ca7b9d9b53506ca63538c8bc74299f0bc22602b13b309f652b66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    536931dac168edc6557d6920789903d3

    SHA1

    2ee3e4e73b4745183152527024c75b72b677d974

    SHA256

    b6e42685787ca8dbacc87735d3e916e58ab82a94ce5c80eb24417c9aa61c5f8e

    SHA512

    53fb06dc0322920b2763787e5fd574788cf1c957082669ca989e478317f524f79e1c858e26571d7cd852c1c81573e885d476be1f0c615b9d42577c1b44121a14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c1dcb573fbcc08f0eec7e534fb615fb

    SHA1

    f4237bda00b933beb81e870d66bce0a8c9d0c8de

    SHA256

    ee225e5082769c0c8f6d122c1d09bf38e580685ab25571e3e77811f8fd696889

    SHA512

    df050f573ec5d91f017b43d6729525380288263d9eb695276a4267b6e8731999d1d9078c8bba92c41fdbf9f35505c027ef4091df40c3061ad14f805c7e6c353a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c18581fabe13829414de5a22eebb1be

    SHA1

    5a8627a966e6f93b2b72a51059e4fd35a4135574

    SHA256

    6295dd3b66422758f931bf7c7f732ea1540ac59f5244d9d60b989b763f444a5f

    SHA512

    6968fb756b0466bd7e1dae45425a0cb1f18e98539eeee2c73deaf08e88fac36ffa530db32592064834e383012d65f803906379050ac976d7b91eefb8709dc809

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fc87f53fd1af98b50441a07569c00be

    SHA1

    d8c68a396448d757dd7b03ef29ee6230e6d2ab84

    SHA256

    ec593da5f2093d1a3f0f9f7fcb70290fa4e08e7cb315a0c4b913b40fdd81d62d

    SHA512

    911c4dae4dd2df7ec86bd5d40590372e64a62f2333a2414b64a37262f2f20e50936bb71b97504aa15ea2cca06889b9b5299148a3f11703b74099237e0502ba66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fc0f9fde461d1548bdfc0df42b05abe

    SHA1

    6677a3407e7682315456ffb2609af6e4621894c9

    SHA256

    f6b266ca77b4484dfdf568ece86e3866b779d54761cd710933e9beb74ca1e960

    SHA512

    a8aed722a421d9ce7e9d2bf8ce6a11c7d16955c8ceeb263842571d50935f9c21826a4b7072af16a651eaecdf60896cb271973dd5ffa364b9584fde58e660896b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    870ed9c32074cf0f37770be496d73333

    SHA1

    d0ebb1ff582856c31fbcc8bb061ad08e74c1916f

    SHA256

    858be23a5d619d21fdf95a95ac7691bdf8f781a84bcf3dfe370430fbe90553d3

    SHA512

    37f7f8b8aafb71d415ab7b6a32e1d83d61427ac5879595aa2a6ff1d4a98ce0e7db280aa6ed6fa1a302a814383f436ff4ee8f5f70f616c5901f78982ab02349fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab20FB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar214C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2700-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2700-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download