Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

a4cf71001f...79.exe

windows7-x64

10

a4cf71001f...79.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    110s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4cf71001f11fcfef6e47f4447d63914aec506a94c777859522f22bce7c6f279.exe

  • Size

    3.6MB

  • MD5

    18989531139c93409dc60bb5256d5915

  • SHA1

    5dd4d702ce7c8178161b9bde7c3a5749b29b4c6f

  • SHA256

    a4cf71001f11fcfef6e47f4447d63914aec506a94c777859522f22bce7c6f279

  • SHA512

    c14ee8ad73727cd08900f2e54e676e2f3e9b8fa8eca753620f0a807ab464098168e4f2dd29671748065b1d7f8ce35adfb1537558a1f967b19406b9f3dd62c17b

  • SSDEEP

    98304:Yz1J+xiQdyJxiJqCUH47d47lrrXIHeZOU75lznopm13GjE4U:YC4BZ4Z23XGeflzz3ss

Score
10/10
jokerinfostealertrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4cf71001f11fcfef6e47f4447d63914aec506a94c777859522f22bce7c6f279.exe
    "C:\Users\Admin\AppData\Local\Temp\a4cf71001f11fcfef6e47f4447d63914aec506a94c777859522f22bce7c6f279.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Users\Admin\AppData\Local\Temp\CSOLСҹ-36.0.exe
      "C:\Users\Admin\AppData\Local\Temp\CSOLСҹ-36.0.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.92sk.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1100
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:956
    • C:\Users\Admin\AppData\Local\Temp\server.exe
      "C:\Users\Admin\AppData\Local\Temp\server.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 36
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:624

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    88161a9d92873983ae4d4e15bfcae476

    SHA1

    24fb83cfe41b6569e52866e8b916ed674ba5194e

    SHA256

    c6a07afcb38831780700316b76650f47a3b3458631c8bda5a70a7874972b7068

    SHA512

    5f964c22b42d3adb9367ff2b592d1bc5ca6a0396a723c8287d508e68aa74d21b8b1f4eb80ac81ee2aaebf10bbb72b85507a371fe7fa3a906b75ad95faa6bebd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    6KB

    MD5

    23704680d64886b4683058450fba4a67

    SHA1

    e62feddfe921afb3f2599fff4f71b1cf67c7b18d

    SHA256

    642f3e3c81b006169163219fab5b8c1f594332ab6862c5450b6b36bbb60482bc

    SHA512

    88c9d3560951f93805bf1db2ad9293e500ae32dceb948c0b9b783fd100bc09078a903563affc3c1b9c94b0b3c01726b3d31c3688d5814e0950e99dea7465bc59

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CSOLСҹ-36.0.exe
    Filesize

    3.4MB

    MD5

    a2eda3b79e687837e8fed33ce11c0694

    SHA1

    0e99d53481c5813dc23430bb890743daa0c886aa

    SHA256

    08605ba6c34738d1dbc9dac1dbca7a73c48df7cc96ae6ab5ab2518dc0e37c76e

    SHA512

    84e5fe080f6f11d66be2636fc80139b72b2df73b054c67725c6926abbd04ce4a9df263c90103e371aafe421cc34856eeb98a7303c7b0abf4668c87f27152dbbd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NGZM4S9Y.txt
    Filesize

    603B

    MD5

    3b4aac5af755b253f42470e477eb9dff

    SHA1

    cbfe44347a9a45001362416bb621b079aef44713

    SHA256

    cdc4fb0d457d426c89f9c24deca7edd720249ae443cb955c8aeca043eee2cf57

    SHA512

    8a28819c2049e843911ec27cd772bf3832dee5e3418109223898ca36a46ad77b63446accab53283600dd4e5dbf61cb41954181e1ac9e6ca7e06130c8995ce470

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CSOLСҹ-36.0.exe
    Filesize

    3.4MB

    MD5

    a2eda3b79e687837e8fed33ce11c0694

    SHA1

    0e99d53481c5813dc23430bb890743daa0c886aa

    SHA256

    08605ba6c34738d1dbc9dac1dbca7a73c48df7cc96ae6ab5ab2518dc0e37c76e

    SHA512

    84e5fe080f6f11d66be2636fc80139b72b2df73b054c67725c6926abbd04ce4a9df263c90103e371aafe421cc34856eeb98a7303c7b0abf4668c87f27152dbbd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CSOLСҹ-36.0.exe
    Filesize

    3.4MB

    MD5

    a2eda3b79e687837e8fed33ce11c0694

    SHA1

    0e99d53481c5813dc23430bb890743daa0c886aa

    SHA256

    08605ba6c34738d1dbc9dac1dbca7a73c48df7cc96ae6ab5ab2518dc0e37c76e

    SHA512

    84e5fe080f6f11d66be2636fc80139b72b2df73b054c67725c6926abbd04ce4a9df263c90103e371aafe421cc34856eeb98a7303c7b0abf4668c87f27152dbbd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    20KB

    MD5

    c10ffff4b4ebcd8ad73dbdb4ca21975e

    SHA1

    f1dc61b7cc11dc5134666f4e0a093fddea04bb28

    SHA256

    b0edeac938ce918571628e76ed329b6b85fef91ce9c0c50530897b35c979417e

    SHA512

    fabc626d53b6f60c3944b3a81d30267a5dcd0f0daeb00858b4bca31085281368567bb6a2fbd4a3370b60591b125a5c3804636887ee2414d098256812a4ca06df

    Download Submit

  • memory/240-65-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/240-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/240-55-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/1908-69-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download