Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7b9ac14b26...94.exe

windows7-x64

7

7b9ac14b26...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe

  • Size

    45KB

  • MD5

    e0ddc5a92588944321f3511bf9604871

  • SHA1

    f79068d7347f89b63f1bf837fd6ecd7c3d527a94

  • SHA256

    7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194

  • SHA512

    732a54d0038e8c79230c38a14ab10247903a9298df518720f32e8f3a9546a411b8feeb3ccee37b15af66b46c9a9eee4831bf9a1de958da808ccf34a6f1599ae7

  • SSDEEP

    384:/TqAGvv+2smXWnECTiJgpS08tEnkphMFNbaX32llzT7E3RXYbNFCBpHD/4nKi8h2:/gR82gIQiSNbaX32llzT7gRcEdwY1ce

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe
      "C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe
        "C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1752
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://sharecash.org/download.php?file=1614514
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:980
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1780

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gNE1LG7MG8LAf6f.txt
    Filesize

    2KB

    MD5

    25a0e6a2590df6b5edefa0f51d214261

    SHA1

    8bbd2395db43b9838626eda00ca0acf6e822b94d

    SHA256

    3b979d97345639f940b7ac6231e25ae41cdaf7f6d851f482f3be4a6aeb8007d6

    SHA512

    c892cea34b5d68c293b8d8e71ad24d8a33094d0a7ca182c7931bc2f0a2c654c134269f3112e2902fa2f18b9c29e1d1288c141928944b0958e198bed941af8afb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RZK52FTU.txt
    Filesize

    598B

    MD5

    c7f980681891b12d8e26c45252a214c2

    SHA1

    eae0b06b66790f101557f8c4dfd0df7d5d7f6575

    SHA256

    021ee2a53a35b2afc5c9bc382c624adf38def9e012faa8e045ba60c21fdcd1bb

    SHA512

    ac0f995e53b2bb61625dee9a5d14dd6f99b2e3d1cb528dd7ae780c445cc5d2764f52ad2305ff978200859afde2285a0c145be0ea8339b8bcc7fbd0cf781dfbfa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gNE1LG7MG8LAf6f.txt
    Filesize

    2KB

    MD5

    25a0e6a2590df6b5edefa0f51d214261

    SHA1

    8bbd2395db43b9838626eda00ca0acf6e822b94d

    SHA256

    3b979d97345639f940b7ac6231e25ae41cdaf7f6d851f482f3be4a6aeb8007d6

    SHA512

    c892cea34b5d68c293b8d8e71ad24d8a33094d0a7ca182c7931bc2f0a2c654c134269f3112e2902fa2f18b9c29e1d1288c141928944b0958e198bed941af8afb

    Download Submit

  • memory/1752-66-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1752-69-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1752-76-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1752-75-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1752-67-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1752-68-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2012-61-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2012-72-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2012-58-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2012-60-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2012-64-0x00000000763F1000-0x00000000763F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2012-57-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download