Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    96s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 05:25

General

  • Target

    76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe

  • Size

    82KB

  • MD5

    1fa08df0bd4d31d285ba50fedf5f11a6

  • SHA1

    67ae27c49e411d6ca83d95811db46adf8ecf1e40

  • SHA256

    76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc

  • SHA512

    9e40d683dd9bd5aec0f645bdad36b3003125a07998b1b25ec69cc9fe392b8bf4db405c98aeec191271de63e809bb9aa6ac1a07884a544d64c2e315ad7595c360

  • SSDEEP

    1536:R6KDqIaiMHQC4DGjP5dEINWu7ajYEYGMe0mN+CkjvHjnyppguRQxg+HdU/cO0:R6KgiCQC4DGTDD5ajYErKmNo7nKpDitp

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe
    "C:\Users\Admin\AppData\Local\Temp\76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4320
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3796
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      PID:1260
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\76FAE8~1.EXE
      2⤵
        PID:4600

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      471B

      MD5

      1520b1f0e8660cc8553264ce46871efd

      SHA1

      70c43f2c0b7599f782461590f8e1650a2df5dbfe

      SHA256

      8bb8dd5446da57093db31c10b4093a2378a9324f137d3eaa21ab0027e191c09e

      SHA512

      6ad8d5f620738988286981654070c9a4e2542f629f4e5245381143a2a88c98922145759ff8d90546e1a617639a7dd335ddca4aba5435fb216c01c705bc4f0be0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      404B

      MD5

      7e344aac8753b8d88ecc4ef453c5a627

      SHA1

      ecf2507e74e5ad36d0106f73bc25c57b25ec7738

      SHA256

      b92f4b0db8ff91f8d74e83eb19419a7e610f7dd64e0c86d2df5f01859beda583

      SHA512

      d5a4099febf69e9cf1869777401dfa82021301d25049fd8b3cf65699161f530f57bd49d85255d4765f237dadf23300042407742d77a1e6eba788b327252555b5

    • memory/4320-132-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

    • memory/4320-136-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB