Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3c56cb3062...70.exe

windows7-x64

7

3c56cb3062...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2024, 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c56cb30624e9ca394ca44f0288d5d6052b15b3003d16535048b3fc7e0ecc870.exe

  • Size

    4.0MB

  • MD5

    3c4510f89e7cefa5316dd0170809a5af

  • SHA1

    3cff629e390af8a37ab0e82af2babab9ad6615d3

  • SHA256

    3c56cb30624e9ca394ca44f0288d5d6052b15b3003d16535048b3fc7e0ecc870

  • SHA512

    e5ec479ef6f3f7fb3e43e9c499930956e6fce136246ff0ef2ee563fbe54dc3052743c820c6df1ee5500aa96e011b3e6fb4f3e8f454cc6a282c599cc4e5cab2a8

  • SSDEEP

    49152:rVxwJxin6ea59xUQoBkHcYJs993X+s8KuqGaX0ToIBAUZLYep:jKxinS9oBk8YJs92JBAUZL7

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • UPX packed file 39 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 16 IoCs
  • Modifies system certificate store 2 TTPs 7 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c56cb30624e9ca394ca44f0288d5d6052b15b3003d16535048b3fc7e0ecc870.exe
    "C:\Users\Admin\AppData\Local\Temp\3c56cb30624e9ca394ca44f0288d5d6052b15b3003d16535048b3fc7e0ecc870.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1332
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3720
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8 WinX:0 WinY:0 IEFrame:00000000
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:3424
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
    1⤵
      PID:3680

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\FiddlerCore4.dll
      Filesize

      505KB

      MD5

      79fe5228b7ccdc88cf7ddba2893ea71f

      SHA1

      4313028e5354d66be81fd2103a16b16e1ad1a6f3

      SHA256

      5850d403352d76e7f7ebda93a7bff5ab1ea57c91a54a2f6c2cfaf1c9d356d55f

      SHA512

      f46380ccd2fcb8246206f176f17c1931d57c3bc1312c95e059cf9feab4bc392ad31fa6ffc6a1dac3b0bd70c5393ab1c2cf21729e357cb7c523d487dd92aacac3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tmp109.tmp
      Filesize

      2KB

      MD5

      a85644e124f5b897053b7a4dab70b7e6

      SHA1

      e8f0fe7bd62a03bfb18a7f680a4fab3b503715a6

      SHA256

      5fe44f8198a4e1726d3aff26750fd44120bde200125cada7def41be752bb3a8e

      SHA512

      e761e9d77196939ad115c500e49fabbfa7538ab800f4ebd547011e4c45a0b4d81641842ccf701b5b112183b62c4e366c0ef9de99b42baf21e2121ae7e2e7d501

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tmp978D.tmp
      Filesize

      2KB

      MD5

      76e5147b104d18da369a6bb5b6f49d63

      SHA1

      f872419ddcc0c213e13e952a52744ad76d47b565

      SHA256

      32f2970b753d82233916aa0c846f24a81b338a2c621b3d6d6ce1096d79fde958

      SHA512

      776f52a752ac13ab7815b3739032756e85e02ed3486da9d6b6df8aa0faf8ba1c0de06554f2296d7ec33217fc45594e5287dc198a117cceb1fa475ae9f077f010

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tmp9A9C.tmp
      Filesize

      2KB

      MD5

      f3634adb7524232d5babf6234b0504e7

      SHA1

      8fe1c4f95cded13e49728d2a6aa971f7f37a42f1

      SHA256

      7d5a43f6656bb1f7123e00a815952a851428f26c80de603487c33717c0f8823e

      SHA512

      1c8790554b76544d556ee0997df6456572664b0da93d23ef71c0eb2efd009de35e0af71b49ca583eab2c9cfc713d4746c45d9b83df9e0d4272138f799961dc50

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\efd.dll
      Filesize

      38KB

      MD5

      82aff43dea5b7e114cb75f1a9c625b9a

      SHA1

      744f47a54429f23f49a36b45f7bd376d78110f36

      SHA256

      d5bcdb257b09fcf88e616206a17c9d65864ec1bcbf81b79ffcfd971fbd6f0f19

      SHA512

      8860c4fa405bd921d65241959218ba840a6ca8ec3fc9f3cd222bfd14edda073591f7323ae6e69c19a1e2d3beb39a9e1f3b52f19160f269dfa7ff78e7f600c65c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2437139445-1151884604-3026847218-1000\096fd12a852e642e869c264e594e5567_4304acb9-c3f6-452a-9860-eb4e85d38d4e
      Filesize

      2KB

      MD5

      2a56242930f1c74f3fae0264824db75f

      SHA1

      6bba8b04d4574652179538d435b48ee153cf4742

      SHA256

      3f446ec653eac8b7b94855b31413abc88a717cc80e949b4b98a8e248e40987d7

      SHA512

      be98c9e1cc2bc539126b19e1217b9cc3981fedcb689005abfcd9f1c21a44e8e0149904cf668c97816930bd302730e902669beaa0031d9116e0ebf5612f78d2e2

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2437139445-1151884604-3026847218-1000\854d64d1545d4733c2345910d16fd957_4304acb9-c3f6-452a-9860-eb4e85d38d4e
      Filesize

      2KB

      MD5

      fed39f05bf1b171aede9de05a1d0d3f6

      SHA1

      a90e4f0cfbee24c559796ba6b1ddcea780b294a0

      SHA256

      a2737732cbed12ff9d6564640bcc083e97e47193dd242b4888b6b3c48a9568dd

      SHA512

      cf8f1f2f42aae3518bd8bdf50953b139943dc77a5806ef6543534db193480f84e9c9a43c49929ad95a98d677de92a0f2c9d989c1d3a8854c07051aa70cbe9e7f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\7E1013A7CC4A44921A57D124B3603ADC2127CEDC
      Filesize

      1KB

      MD5

      d8d27672b4f5b40040ed68bc11319950

      SHA1

      de9bc3d422bf4beea838f3591bdf56643d76b8ec

      SHA256

      d942658283dfdfd4f141339e02729ea45116c67787e8a5f0fcd1122479bed827

      SHA512

      906170b158d774e69c194be80f386f032806eef8d63945f9da95f9bdc962031980abf4bfdcd66300c10939e1b5c8e6163ff4d26878b97e984d95baffbf4516af

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\D9999380ACB4E455F453A493301730B7E835B733
      Filesize

      1KB

      MD5

      5a3827ffedd268f1188401c44e6a237b

      SHA1

      0532c9f77b55a51c79c043a78bdf2ed5e012f52b

      SHA256

      f74b455d3ebf19eaa64dae6f79f66e7eec2b8f0efa3555f3ad6d88eda5d11ba2

      SHA512

      88f8bbf8d9c51758c6b0d486a62677521962fee5ec16d7a1fbb37fda9cea797fec78dccd1ca7509f87139b67458691f6f50ce16bcda980b31165ccbe5342804c

      Download Submit

    • memory/1332-71-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-45-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-98-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-96-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-94-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-92-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-90-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-88-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-86-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-84-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-82-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-81-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-80-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-79-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-78-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-75-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-73-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-100-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-70-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-67-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-61-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-57-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-55-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-123-0x00000000036D0000-0x000000000370E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-43-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-65-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-63-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-59-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-53-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-51-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-49-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-47-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-39-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-37-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-34-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-175-0x0000000002A30000-0x0000000002A40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1332-36-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-179-0x00000000060B0000-0x00000000060BE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1332-180-0x00000000748A0000-0x00000000748AE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1332-184-0x0000000008460000-0x00000000084E2000-memory.dmp

      Filesize

      520KB

      Download

    • memory/1332-185-0x0000000008500000-0x0000000008AA4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1332-270-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-271-0x0000000002A30000-0x0000000002A40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1332-41-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1332-35-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download