Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 05:25

General

  • Target

    76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe

  • Size

    82KB

  • MD5

    1fa08df0bd4d31d285ba50fedf5f11a6

  • SHA1

    67ae27c49e411d6ca83d95811db46adf8ecf1e40

  • SHA256

    76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc

  • SHA512

    9e40d683dd9bd5aec0f645bdad36b3003125a07998b1b25ec69cc9fe392b8bf4db405c98aeec191271de63e809bb9aa6ac1a07884a544d64c2e315ad7595c360

  • SSDEEP

    1536:R6KDqIaiMHQC4DGjP5dEINWu7ajYEYGMe0mN+CkjvHjnyppguRQxg+HdU/cO0:R6KgiCQC4DGTDD5ajYErKmNo7nKpDitp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe
    "C:\Users\Admin\AppData\Local\Temp\76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:548 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1284
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1588
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\76FAE8~1.EXE
      2⤵
      • Deletes itself
      PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    6c6a24456559f305308cb1fb6c5486b3

    SHA1

    3273ac27d78572f16c3316732b9756ebc22cb6ed

    SHA256

    efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

    SHA512

    587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    adf2d21b9859437ebea72e782941abeb

    SHA1

    d0e7169243a0ef96a66707d01ba563acf9da63cc

    SHA256

    24f6305cfd41403a98c9c8c7295bc52dbd6617afa5fb0d0c690daca87d3089bf

    SHA512

    6fa0a2c6d08203cc2d8b69c6e1754897061380d0c34aa0c3e5cb1a80342c3571648760ab75a54d1147a1cf662662417b3b46d8603b9e6c69e7151d37ef25906e

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21BA8981-37FD-11ED-A94D-C6F54D7498C3}.dat

    Filesize

    5KB

    MD5

    085bf0fcda4a15136edb98cbb96b9f02

    SHA1

    79304e2cf6155589011d83172bba64157fea44a1

    SHA256

    b7b2d8a7320771e7099e74898f2688994185a6e0fc5f54e63759b1c1e64cb54b

    SHA512

    f9eeb1321badc9cd4df4e25f8cc20bab49493dec0d5c5bdb4879f9e2d929da7c11c1180694e3898ef0874ff6ec66fc17722dc1789aa80ff74d7a547bdda77b92

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U0SG6XGT.txt

    Filesize

    603B

    MD5

    c5341cc3aca86a9c730ea6a363dcb4ea

    SHA1

    b1db069ece0910b25ad52edaa70c8f55d3f63c83

    SHA256

    b2d6d4a03df6bcf680987749674d8c04f3e02c2bf1d78f28eefa3ca466423543

    SHA512

    bc209273035d9944e9a9a31fc4173ff79ee41954e0652e18bb2ef8bc901f1d0a297f4b84846b9be08cdd86275f512bd429eb4bcf7e1cd9d75ba5b38d33d10b91

  • memory/1048-56-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

  • memory/1048-58-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB