Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

0bde70cdea...16.exe

windows7-x64

5

0bde70cdea...16.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316.exe

  • Size

    381KB

  • MD5

    026967df99c1e939598519cfc3dfb171

  • SHA1

    94810d1e09daa858b37bc21922c61ba1469979b2

  • SHA256

    0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316

  • SHA512

    8a0dc0e98aded5c069363d2cbba49b26a07c90beba06b2bb45d7431fb456e3709ccd05b2b6f0ddf29257ff67171c9381f254c0b297e0732b178114488c8d2729

  • SSDEEP

    6144:AIODqYV/MzkO8RxRltwvwv++euoRqnhmXjyZroNJQsdWdc+hdhQLV:AIO2gJl+q+TRDTyZMctCR

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316.exe
    "C:\Users\Admin\AppData\Local\Temp\0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3680
    • C:\Windows\SysWOW64\cmd.exe
      /c net stop MpsSvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\net.exe
        net stop MpsSvc
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1228
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop MpsSvc
          4⤵
            PID:1184
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2280
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:17410 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1932
      • C:\Users\Admin\AppData\Local\Temp\0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316.exe
        C:\Users\Admin\AppData\Local\Temp\0bde70cdea5b77fd8f0b234b0aa6cd2dbf0ce533f2e476665d6ed3bec1331316.exe
        2⤵
          PID:1220

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1220-137-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/1220-139-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/3680-135-0x0000000002380000-0x0000000002384000-memory.dmp

        Filesize

        16KB

        Download