Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 05:39

General

  • Target

    706e35f7084666251d9acb93c168b6ee3e1fba31412f7a8292752ef63ccd7a2d.exe

  • Size

    686KB

  • MD5

    af830d2376c528fba876e1578ca76b8c

  • SHA1

    54a552359cd339b79f174f13d57c7d341cbac968

  • SHA256

    706e35f7084666251d9acb93c168b6ee3e1fba31412f7a8292752ef63ccd7a2d

  • SHA512

    3acd30b66bff42640821f1f715be8b6f7cddf27be5c59938933c3b236235e0d51c3a6f0a6640c6b83ff6e4138d796ce811f7da40ee0572d7df71649e4cc2d057

  • SSDEEP

    12288:stlYXURbBg2Tfc3ilWZ0qECz2JV/fLylQwgmTIPd76nI4CtZPoqZNb2LaXaSX66D:szYXURG2fc3imzmV/jylQx76IfwqZN6i

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\706e35f7084666251d9acb93c168b6ee3e1fba31412f7a8292752ef63ccd7a2d.exe
    "C:\Users\Admin\AppData\Local\Temp\706e35f7084666251d9acb93c168b6ee3e1fba31412f7a8292752ef63ccd7a2d.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of SetWindowsHookEx
    PID:2248
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:2412
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4636
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1888

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat

      Filesize

      1KB

      MD5

      6cbf202e85a7bb6def63467d1081efeb

      SHA1

      e21d40df1b3c71efffe6b5205bf15dbfe8a45a4a

      SHA256

      a1755ae9036c5fddd058dbfd59891847892c40479107fd34911c06346770da1a

      SHA512

      03ea6a7a5c22aecb7fefc5429d6bced20d3a429a10e0423aeec4b996c39b0131e73966d46c9f4777bbb376983936e00c69dcfac84812f739c204ec37bd00f839