Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3743a44cc1...55.exe

windows7-x64

10

3743a44cc1...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/12/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455.exe

  • Size

    1.8MB

  • MD5

    ec507d3790a28583fef3aa88678477c7

  • SHA1

    600980c974810a2a1af97a67842a86347dd191d5

  • SHA256

    3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455

  • SHA512

    c33184c9911b873d67358d4a5f9a802c952e02071b51f28e10c07dece27286842f67cb539ee4de83f3fb27ade4a5ded1fcbdfd8112845ebf7b67ca958575d6a2

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09POGi9JbBodjwC/hR:/3d5ZQ1FxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455.exe
    "C:\Users\Admin\AppData\Local\Temp\3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Users\Admin\AppData\Local\Temp\3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455.exe
      "C:\Users\Admin\AppData\Local\Temp\3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62206c8b0980974ddd34583faf3ddb2c

    SHA1

    1eb0d2029601701268c77512bbaaa080eb44a0b1

    SHA256

    60574d48c888718968402a911127ef9e7313424b75488958b3ba3b0cec7e2feb

    SHA512

    34729c547f471c109aea17839aafc4883e8e23dfdc63a2ba562d8a50424e4cace33d6609b24839a945d8036ac3ca32b161afcdd79d760e1e168e66fb13372c1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    451e266138e01ab504046a5b9ed8990f

    SHA1

    dd941bd1ef000789f6b09165276744bc2096affc

    SHA256

    3dd130f057512e62972451eff4b458a5fc1e44f6135640d3073e760d9a762cd2

    SHA512

    4a8ec1821b0e3f57c3839e1a099792033b5c6e5b29e3095a1f6cc946a34861315eaf6373c5abd7b495a3decbe05862d249a65b41953616221f0adda87c973a44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cfa7d0c9e3dcc31b623d22c4b98591b

    SHA1

    fb245674ded872a7af8679a76484a9fd20c11349

    SHA256

    81192fa0f1c1061a1574299c03229f6c8c312352bf8f248e5a3d4b5c431d53e7

    SHA512

    701b34d2c9ee0414620a6eee9c1dbb19212fdf0bbab3fe5c50b287f9cd1fa21bf003a1b54ce4bf58d6b0865e0ef5210bb522b4ae3bb1a593d1228471100a7659

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c694be7e252dc70ac43ee9d6157610c

    SHA1

    d0f08100fd762338544e5f13a81ef2ac0666ebf6

    SHA256

    4e43a7b0691339c239c7f6bd148936db70f710924df0589376d02039501112bb

    SHA512

    0a0867ce1422519f2e63d869db21090a81e25d1dfe699a0a96c218238401bb041811b04ec1a6fd598b2c8da5980439726c51ad28cdbe023af64f963c79edef1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ea8245406c9438b3d5703b90f7f0c72

    SHA1

    1834d465ad24505fbcbf139787ff057dd943cf97

    SHA256

    cf965127f8256649b55a134fc6d64f658d30dcaf3808c7ace33e877b25d13ce3

    SHA512

    6db6a3cb90182f4a8bbe8b8a7f93491e8ec5a03031562e4f6b862398d81a41ecc18c6438c56523686f77edf41ef90bbb81955ee3c82b3c648bd32ff8f4ec934b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de1bffad1b24afd1ce13ad3eb749308

    SHA1

    7058efef1de689463e3a44603b2d36b5cb45702e

    SHA256

    9fe0f147e239594f0f6d245c04a2303aa9863488d3b949d0baf05b8b0618594c

    SHA512

    a697384331dfa3d898faff2e26d04f281170e6bfbad7a0910508f550e47d3851b5bb8422e82a56c4dbdbf6277da1a25e3fa8a1da03ce73a6f03e89a280163953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    187dae71c98cd8e6a1a116a8f5095ed0

    SHA1

    386ec925c728a9c2b46c1efed832449b7781dd5d

    SHA256

    32323678c7ba75633379e330474c10fc3167d874351098bc47fae6a0a429c05e

    SHA512

    601d607fe795f03283ed391dc9a152a5bafb3357856fe52bc5e4ae721d9d1ec9e0a6526e1faca1325b73d3abca8c50a01b97483cc0648ae89fe31f71b6e39e84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b76d30f3b3ea5d9a1f7d37903f6ff93

    SHA1

    493b95763cab9e7a907d2f38a67242f5867bd185

    SHA256

    66260b091f4305058436411059bd1c1bff555ded0f9647f34fdcb79d6a8c80a9

    SHA512

    3894256ca8d503441868c1829e8e3c8158e6033d10d2218d7c666f555ab5e2b83511807bf5ec8b697d9bb8b53c5ed33f23e3c33941bff338117aef7d842db247

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fc737dced06edbfa004871fd75b9b18

    SHA1

    4e1b44281780294145625b5c3fd8239f9cb35f0c

    SHA256

    1d5d85a28e67db570e9a55d74c8cfab7978468c3656ee7019b3b7568ba4d8577

    SHA512

    fc62534afa9dfac9e3de5c382ba61c9a49e12029305aed28cc4bcbc7aea568abba16de00748e58f40c91f4199d06384dccfd9e5f1485fefa26436712af3b2897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca62dd648e5bbd703a81084778b9dbdc

    SHA1

    3a8ef795a3a5c93f6fa2a2947cbf3474fd8ba67e

    SHA256

    d424e3f5209934082c306216e93e96b2b282ad723afff477d65e24d935ca0de3

    SHA512

    7afc933b5291edc8a8ed63b95a1830652fd8b7ed0efa28ffe9ccb22af483b7c97b5c28bff00898dccca7bc26d9b8fec3975725957870cf8f1c6738aac7add466

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    622b403129e4fbf42b50f1a1412e6dd3

    SHA1

    406d34e3f12dc2c36e91818a1891b6ccd64b765c

    SHA256

    668e4a2e05310ffdf896e8d1a3e08d79f0f01df17a92734dee5727b9fa9f0fad

    SHA512

    fe35504fde59ec9ec4da9b5d9466ca4a5ec2f37279bb5872428a0219b749447cdd131d108efd08cf7d1d04b0b5277d10ac36c69210a708a0c4acdad0067135c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec3d3973cd2da82360db05ec8bb9fdfb

    SHA1

    a43065cec5266c2280f67aec63ade9f6df1cc852

    SHA256

    a7ed96ec3803f9cc0ee10dbd8b6aedd7de6f751c914427085a09d709556413c9

    SHA512

    b6a98f2bd804fc4f499453474066ee65e964d2acba4c0e171fb479e896035e5bb267581f73068a25da948b651ac8f784d2501a435bd4916815f6e731ba584212

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3de53d7386a4d64db2882d45615c164

    SHA1

    c34066af4518d57199d02de842a17df1af6b2dfa

    SHA256

    91663a9fbfb8e95b5c8a8c460fae74455464965ffc4ff5bdbfddb1d9e8d52c00

    SHA512

    1835624661befdd0eada4875eb6932b1120fb9467b4b2eb4f5f763a703afaf8057220c8d684fbc5876b1828ac7df37b2d10555653fd60ca6727acc1e5fa3b881

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e8ffab8289f943cc27d4988651ad8df

    SHA1

    79134cc007d5f8481e1e0856df14edbf360ad05e

    SHA256

    a18ddb4904f156db9094646b40fcba208e700508d45a4e5e14719d65e967a722

    SHA512

    9b899574197b517566ddfd00af032c6c76d5a05cea4756065321eab438ffc14f3b1ebec1e9f0ef4d4bc511b2563931310be645e331688251f86779587253c588

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13b8a4476f13d7087d28450bb552424f

    SHA1

    f5f10218571ab4a1800cd9eac9629c45b95f47b7

    SHA256

    09a66b5974c9ba17614d6af2e8c1268b5b156b8e381c3e4e70f8e64e9fe2a303

    SHA512

    9f4dadd3ed47407491dbec1bb9da90c19d6715911f3cf0e044389040054101ab64d73c766cddd6f3cd7f00c917ca57f3ac04f7c71936232dfac57acf31515d78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cac54aea2c1caab91e12d7a493043518

    SHA1

    b1c165e1a9338b4cae11cd2e8de12239ca635fc8

    SHA256

    13d7731ade1b217c40df5e8bd74b8511cda1090d119e24e81014531beef56424

    SHA512

    15c48fe251d8f9cf0bad712a8efdbbf84a6345368e13ca12a29573890298351e95e779a6800824731bc2706222ad34719df89c99b75b6652e07663258b560a79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bfd5fa1ca6feb7c24d76a410d8cfdda

    SHA1

    17ab86cc301d4fddac93c2aeb9da28bd3ba76262

    SHA256

    ff2d2865981c85d61ae13670147957d75c41f4de8b7bc371d1c26ea9f00d8f49

    SHA512

    6152f6ec42a9c606b2e25d691f8cf1eb598a6c29e48d13451afeba6b38b65869358e040fc42074654f7262d6b387bf4608aae7b7cb52e2429e5b8d6ee251b46a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab1b33146f6a972c4be01dd8ca571afc

    SHA1

    c807b096d73063f7d425786c7d93742215989a74

    SHA256

    d67d985a8d93ab1018fb801093980302fcfa27ffb8dac1a800e8fc52accfd52e

    SHA512

    7eadf42f1f8d88f34d7973ae17d5e9c0be1d33f4b0bc10aa9be03438e1f6ea2fbb8e460b332f6bfe29fcf32b69b81118369c86050c9ca9418ff38c027ba7fe18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF911.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF9C0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2196-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2196-6-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-10-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2740-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2740-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download