Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

400fb4b2e2...56.exe

windows7-x64

3

400fb4b2e2...56.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe

  • Size

    4.5MB

  • MD5

    71d2a48b6ec0d4703eaaa9a88a271e8b

  • SHA1

    2007f1674028c5a7d67993ad90d6f5dd19cba328

  • SHA256

    400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256

  • SHA512

    ca27391eb5fedc7a134ba67e66284a530191e19c3549901bae7f408e926a9ff2c31ec4155cf8a4d30511d057d8a78922e9d7a23861e83a0e798753cc97cf52fd

  • SSDEEP

    98304:ecLf/XJJltae9TZ0i1/HwCEKIJS4PkigJ:ecLHZJ5308/cTSi

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe
    "C:\Users\Admin\AppData\Local\Temp\400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://telegram.me/PhoenixSecurityy/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec85675662f1d50a7051f822077d5279

    SHA1

    0b6339709c88ead4340daf5fe77dacfbbfe2c629

    SHA256

    ee35487cb2955db4c2fb6960d4f0c20404e655239839c43f9988b4b0e95d3af1

    SHA512

    bd23ed105380d678705077ea4e14e7e530462085e0a53e1283cfb6a681449e361d9bf50d5bfe99d1ba9e2372c6589b8806207047243efad5f24fda5e994637dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16845f68fb1af0d6f3ce722c7e642088

    SHA1

    317543d40425300700f9574b2f1f2760c773c909

    SHA256

    b433a01a1cc23346d57ce60761169b845cfd8ae34f50f32c20cf06d657497bf6

    SHA512

    065ae296ae1d5f6a5c052d8eb17abefe2ad39a546f17843cab7556d345f8560c8185ed08a061f3ec9c7377e236d27dc7377fd0c91f20cdb5b0c576b5b74f403b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68674a9579ebf0a212cb15e88d06b85b

    SHA1

    db945f155956deb86b3c221764eda9672481d6c5

    SHA256

    318c67b56036b947daed212a2305b78c1692e39690e78597d657c7da08013bbd

    SHA512

    02f685d6511e5c77c30739c58ed7776f0db9d6019c50a76cc4f5edf9018eebe36de93997f4032ae515c74479f42e5ad42636f6e4389c729582aaa74f5dc68e15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e2e5e46628a627b0ea258c57a6d894e

    SHA1

    0870cac0fbddc2cc24e3e416ae827d0ba44e0be4

    SHA256

    290722154d84906f0b9a918378b7e80e2709175803be89ed74ee104b8760d019

    SHA512

    e1140b9a5eb8782a4f27661fe9fc257450c24a1046ee53ab3abacbb94d1434fbbdf0b462402095fb2cb06966b7f96dcb774aa1d631ba5fe6ae47ca036ce9ffc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60057a9243ca06eef93ca7b0342011d6

    SHA1

    973f56ac61af94dce9dd37d4658b067044e81e33

    SHA256

    45e45da6b0fb6e2622eec065ac57e7cf7b4d9e5d0881c0f59c5d768b4d4367cf

    SHA512

    5cf281089bb8141f116f5890c9640d660ac298835df76f101fc169f1e2a250a6ae6da351d2ffc8f0f40a3164cb5a8063747150884339bf29472d8a5fa2b917e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6b122c39667db3697a82b36af753d65

    SHA1

    78ac7245dc7bba334ced1dd3022f4f47d36fe27b

    SHA256

    70b78e25a991bb96541de5eb856d2261d95921f33c2be99e246c4884cb745acf

    SHA512

    352bebbdc6655322bd135189115f1c476b99395f4b908bc4c9f43cc0f3403d92cc3d1fbb2b8e42b91fd2d97126de15c1bb3531e26a030a7118fce28522726079

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    999f4f2a8642b3564f4ad9dbe0513151

    SHA1

    db9400f06732b376ca1966589ba2f605dcacb1b2

    SHA256

    ffdfc49a0a5a4f136caaced387ca9b64ce589242dc8fc24d1fb8336a7d8305d5

    SHA512

    acb522b953a3f67c5f9539cbd1c91bd1a93ba5cb63dead3e97d806417b31acf6b65619077e018ddc7e2cb512d2bf621107faf123dece673b3bb1961ff2457c6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d4bfff8586d409463ac6fb256b6a0e8

    SHA1

    42dd017d8900812288e812ad3ec84514618dbef5

    SHA256

    b5b603dd21f730c5d0da218854b8aebb25e23d8ba3eed1d0486d5f3b46bd1e00

    SHA512

    360cf6ebad32f20ff19e23b973a3ef9904bf19fc8f606e780e0bc44ee2f61f7cfeb481a6e20f12afec3cf67fcc5eb04b2c7b4d19a304eff66199229ad232e9d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    931ea3f6aa2f66fe3cd6dd56e341292f

    SHA1

    d8f5f615c47c614828393c157d451ca86cb1de2c

    SHA256

    8c81886cb74e84b0d11cc19a9ff95ff2bdcb52483c57e3f4d0b9d4aacd34bbfd

    SHA512

    b0abdd60e8b99fa3c980b4e2c6808ea2e3cc098834255fff661a25c2f22b1dadf1b1bb86c788ec684b71ce64c7f91f419b3c4ad99af6d5dde815419c766e7852

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecf09657d3b19d237eecfa6329825365

    SHA1

    035b2c0f424fb997772a17507efc596ab28e45bf

    SHA256

    903da3848e8de2d7b3d018edf36a8a0ae78b287f406ab0276e91d490682318ea

    SHA512

    5a77382391f7cfa2eb94f97cb825a24455c80929eaed01773a0b5acdaeebd856e7c513cc140688a2984ad5841b30920bdf7a797f01c85a98a1f9b8171cd98a18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7c4c146e0d6741d6b1cae352afd4bd5

    SHA1

    3077633f2db458272d1ef6059b37867c84182922

    SHA256

    1a3e28adbb824f7350f35b69dbd98f3dc98f65caa610f8a5ecae1857b5c07749

    SHA512

    5fd9ddaae92b379e9564be187ecc55394d96ee63d7ba4e86c5d862f871d183a57980e7d49fd73c39b9fed240f042356672eae0453d3263637622ba66a81d2ff4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe61cbdc1b194902cea787d16e0dad0e

    SHA1

    469a0b41a8360a66ae3e4a999295e917afdc7319

    SHA256

    9cfeb3c4b1929c7e8fe3c7726200d6cc1c3a2b2a58c0c19cbdbc58a63cb56f4f

    SHA512

    af1ddecb077f4024f4b27b60192dc4468d4c47489adeccaec79a9cf695a5700f84c3519ea9017ec47e8d58485f9e3a1586a3f595c007632d2f142dc35dc7ec78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df69a0a60e604cab38ca7e0f5755f50b

    SHA1

    5bf501d257e952bff7a4664b2ac432ca432c87f7

    SHA256

    1d38974b8a24908d6e30d81da12b38da49d43dd300d232022a0e3c2d5a8e4b1a

    SHA512

    4b3eee9ad4e29f9c52d588d0640702d47cc1141adbb0b69aa5907771a8cfde16fbc3bd24ce7ae86f08cbaaaf7d16cdc1bee34f8078421479492e8cc4e9469779

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dea6e87550cde8bef04672e6bf5faa2a

    SHA1

    0ce2872e759163a68b1638284bebcd96931aa9b6

    SHA256

    a80fa8c766673bfc3b6e1f0cc4ce7f8455f790794d502a9737ced754bc739718

    SHA512

    f2bd1f3a14f72714d896ff8e0757e89b4c64ad9107932627afbde4b1097689dfa364a5a4a81d79abff435cadd21e0141c59a65cbd8b793b5974e3381adf3f894

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    641bfd61be274cb750efff5c7530bd9b

    SHA1

    2b7f1b70717927f03891f76b714500cfa9503a8f

    SHA256

    d6c2cc7e2c0cf7ad38324504b4d3741224edd9932bb7c5e434500ada5a90c8fd

    SHA512

    55e5ab40299b3f888ff06c9e6579311b33e9544e931f1fd7b2c01a75d152ad34c31452d79fc8ffbda05a0a0494a4d74ab0b8bd4dfe250ddadef4947daea937a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    332596feedebe286ff0ab48f2783457b

    SHA1

    8d90b8194d511d52b0f9272d4d6c6bf9a2482271

    SHA256

    8b6039d15728f320915b99410b21f0d939a4bcf4e20cd0e7d293b2bbe5db1777

    SHA512

    355d4f1539e0220a1b6472fde0a43019dbb6cc3015ed43e07f3784f4019c37b5e5a42c6089fd2a14954503922f41eb44be7024ba11aae771b024da5cd74fee5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar63E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2404-438-0x00000000742A0000-0x000000007498E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2404-0-0x00000000742AE000-0x00000000742AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-1-0x00000000005F0000-0x0000000000A78000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2404-2-0x00000000742A0000-0x000000007498E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2404-437-0x00000000742AE000-0x00000000742AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-3-0x00000000742A0000-0x000000007498E000-memory.dmp

    Filesize

    6.9MB

    Download