Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

2662610dc5...80.exe

windows7-x64

10

2662610dc5...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/12/2024, 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe

  • Size

    692KB

  • MD5

    d32e64d77779eb9e1f6996e9918bf35a

  • SHA1

    a0e7075e2d13fdefa4d689ad51c9a6d3294f0766

  • SHA256

    2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480

  • SHA512

    82c0ebb69091e83e8bb99fcd0b41c4e583d9ea1b4b7b4eb14ffa78978c2f0630a251a29173f6699638f4c40168cfef60458b92d5ab25d2a05393aa92600b5c12

  • SSDEEP

    12288:q6f13oK/cDVrSs0SYnIhYqkoIgCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VT:q6ftojDBeSYnIqoCTywjGzh2

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe
    "C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe
      "C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54465b9f81aa8bd4467ab4e6a1522ab6

    SHA1

    2c4b045f73a9d0ebe935f68d8908aa6d8d04665a

    SHA256

    646d21007f40fcb7de7937d83de1d72bf2584a15e9673110eb6e2c0e2f273606

    SHA512

    01c08dda61677401c54af552fddb4921f019d3287599c391bd7969b4bcf4f0fc1237ea7316cfbdfacd2acc1f9f26a75c11f8e95b32ab98111ddc0bf2627f0a10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c12ee7644cbd2ca617664ba44a3a1e0

    SHA1

    5e2fd7dba05a7d6b6a9454ead89b0867b999e138

    SHA256

    66f30617754283f91841cfc465a93e3de2b2ef30165f8cdcba245a07077a31a2

    SHA512

    c1e0fb74ecef497d173e4af1750fd9e8a8445e7fa7cb53ac2ef29b1c653399476143ae3632092baebe31fbf361172bc03600d5d4bb5d95ff628d1d9796ec7d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe2250ea407ead0b3cbdc8cbdff46780

    SHA1

    65cbf0198932cacd36057711ff997dc5b99737f2

    SHA256

    35abdc2d43dcc4719b1a8de4262f4593733dc77e17ee202affc754cb7b94fed0

    SHA512

    c51d2e2f8e0bb7533a2a2feb0eaaedd218c0b76b400d588bc2d757c41d3017550deee989e029ad93f1a93ccd64998762e35452d4e257496403dd0762ebdd0573

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2606750ce635e53cbb1a81898b5ebcf

    SHA1

    9e3c59b5af0521e90ca95bbaca9ebf874ed2336b

    SHA256

    92bc9c02cec5d44ae9914baff9fd245e804a8304d034f76caf23b6537d80b08a

    SHA512

    25d417870f5a1b09e127b1ed62529a788af1cb4b71c34ce331d4f6e64bb1bd8adfac4230794c861f5864924fa290697414f309154b5aaad2cc7bba3285cdbc3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bb648b520fec76bc7cff92918cd5139

    SHA1

    62eb17b7caf5319efb37e3f229452596286e7d79

    SHA256

    0a0ecdf70e5a9751769082d5b5417e7c3acbcaee86f6bc999db5f4bc0ebcdaf2

    SHA512

    0ffe478b44dc86b3ddf114f4d57bbdaf986679685043ad504fe5736e1519b152a228b7fe3a1b9d0370634231378f5726c2a80356ccadd7b804514b3d669ded33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b88f66a1bfb50f6b6a879e11be2b3033

    SHA1

    8e6f2dfd962c993925ec259b0b1c7d3da6c95804

    SHA256

    e1e170788fddabcc408dbc8dc14df244c273ac82469700dd515eb38cea00d2b9

    SHA512

    ef548dbfa7a484a7ba2ce2a461d82e8fa03652cb3c764b0b2372f128fe61b17d486190d53fae3b1a8846431d55d2d8a100ba15c209d283711c2300e91d4c786e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5e16066514864fa9579aba94d90b308

    SHA1

    3925cb9312fb9950d10209ab607e2dab0b049d8b

    SHA256

    49d9b8443c0b387f3c00a71ff5f41358c650becdc31b8dd3eedd4d57b9a2369d

    SHA512

    980a178fd80aff2924941609dab69d3f149c40336ed157fb5a37e28f5b52c7f533514812b655a69f024ade31e13ddc794877f2fdbfe26ef7e6473df2149e1a88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5a37c9502fc302f27408eb3484845a4

    SHA1

    7949fc607961af73c573d659c52fd5c3444c521e

    SHA256

    9c808fc9a5d45e1586e8a73f4f0233c79916967db56af1080bca02bdde3b2889

    SHA512

    895b2b5c4edc4dfded997e7efaac3cf459fc25b7de050d19b591000469556310a4405dcf5e5c60d83513dfe8a241fee38a0985e7939f365381e0d09719134afc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e8e76b72ab224d0653cfcb273d279a6

    SHA1

    5586c5e2da939ff86053c97b771869852fb71509

    SHA256

    57bac93feef9ddd595e457fc42833c0a9136f0e07a3227e5900ae839c0bf3f5a

    SHA512

    061615fc2c42b40860799212a38a2c2cc9be3c9a46198f5f6105f43737e156c91e84ca0ffaa7ddc775a0f3c48ae1d5698b718482b159b26a7019b815a4b5261f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76efc5499cea875ffca6b793b4474e56

    SHA1

    48cda9b733237bea43330de63bab544dcf8480f3

    SHA256

    32f4c3857577c175cad21bfa0595645310c1b41d5d1a3c57d026a999f31a6e46

    SHA512

    43c4daae8de640f126a71611d3b1adbbfdee73688de98496a258ece24088b4483d7d7b5ea37fef55c93bd7d13042d5e6254f4433ede43990561fced247378305

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba8cb9223f32a4faa885830b6afd2a61

    SHA1

    f1ae99d773918a697d926cfe71f035312c3c8bdf

    SHA256

    70e1606d2b85cd72c821092df3263f503ea0b619565771d9b9f781e233fb0144

    SHA512

    d0e50775e2e7f513e7febabc9034c7775456ae33e3dba580741be229d74b9657ae13464a48277bfb26a7d167f0c97c6116ce5750159a6ed0ffa15a61cb5bbc1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b1883b9b8ac11ea476604c7533c935a

    SHA1

    296cb9e47b5888179540d1060f0a1a6b070c80ec

    SHA256

    562f1b7e515540ddb4ac44d35030afa5dbf9aadbe7d2844779f3308c8bb059b3

    SHA512

    6438d8a90a67e5e61ad45d123903f36f8fb9f7e1ea76444881de6260532eb061d91712e15e2b4bb4db10c11093fab5e1f6ba121d1a4fa7a5b76b3954dc3ac2fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78a645779f381954ac2309f588690e61

    SHA1

    372b034650d52dea9a9386286d2c1b8fbf313c8f

    SHA256

    d4efa0b53cebae19b6a2f924d9696e23f0226f24f0c27dc749f276173ad4d07b

    SHA512

    91ad0533be406d87ba11beec1647c449cd960276342cf25627d7fd18f441e4f30baed5c27d40ce80053c34792843ec4882d3aa748bb90fec2956645f1613caad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7f2362968652f28a521df1574c31f9a

    SHA1

    27341831ab2de47cff73b8a89762e32ea5cf9bf1

    SHA256

    b296c6cc94a55713f9213f187cf1218d7b4cdca3def31425678b4ccef9dd8b34

    SHA512

    aeb2c75f525b5879a816793c63a09077eacfd686e05f134ee846fe007f68469dd1774da99e0a12cbd65911475d7b1c2e47dee228c1de751e70d3e80865398301

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e2fd0297b2419407bdc2a66559d3232

    SHA1

    7acb7224fc0c4b25fb6a7dff461255a346f57219

    SHA256

    df71d443b1f711fcaeb6955ca43ba21084cce47408a0f6e4d810f9eeab79a1db

    SHA512

    5b114af3d991b786fcd33f32f1facefed4e3e263a3e73fd8310023ebd133382451e2c1bfd02c0f1faca342c15f563c84bf86b81f688549e5d51a64b29f8c4d8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aafe7659c1046dc4cf596fcfbefd17d

    SHA1

    18bea08f3d385e6ac2ca4b23e5c1efefab0bbed8

    SHA256

    6c446ea2f87661c447a3f21e14026a350e7686c0773d8b27ce087ccf1fb8171b

    SHA512

    e0dd090edb352cf5ab8d5fac0792684793beb6a997be8202b1273750080afc871a9f597cb5cfe72ca81dde528e6623020cb50cdabc223783d6afe6b864a211c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f737f1d24e5bc901babfc986d38e399c

    SHA1

    bbad28c3f7999747821c6479576556b1c4c78bec

    SHA256

    283eb4c78927765c56d3be2b88364ce25e54cdca112dbe0a687ba24ddd2e4895

    SHA512

    3f09453be3d1e9c73a3829fa4de781dbd87a5f4ed84cbca0b961960d3c3ab1d84ac8eb181037b0c1e861a993053f11ac3a478c0a0b4e09a2adbd68ea496f03cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    512009ca337f476ac5043c2106459722

    SHA1

    0f29e31221fb89a6f84fdfbbbcf910eaf7d5797c

    SHA256

    90ce46a4932d930110707e5cbc02d4ee989fbf6929678bbf2a308ae60681286b

    SHA512

    6a863fa5710565f31e47f1ac211f319b2b69657c3b10faabb16895062e71e630187909b047e5268ff826e3151d067084cd1e9488fdbd02fc6c254230224a19de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c297789ef10cbfc9dfe3420a40614cb

    SHA1

    3c32da2ed474f56f9713a5bcb74d06de70c1682a

    SHA256

    33943e7a340260f1946e37902b826043e2202f2971eddbc5f2b5a9436ffb23be

    SHA512

    5cf32457c71798aa53d187e6a2402dfe43f8c30f5f40c15847c278fe96b639dd3d395324db5d79dd274136d97a348aa98953850b037cd45605b79d9e53b5f724

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7246.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar72F5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2504-10-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-3-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-1-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-4-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-0-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-2-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2504-6-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-7-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-8-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2688-11-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-15-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-13-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-14-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-12-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-17-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2688-20-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-23-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download