Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

db5f71d6dd...7b.exe

windows7-x64

5

db5f71d6dd...7b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    111s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b.exe

  • Size

    192KB

  • MD5

    6b3520071c2bce8966480db5eb206250

  • SHA1

    63f8d183b3a863688746b94ec2ef442e47bf8270

  • SHA256

    db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b

  • SHA512

    ce8054d177fed61c5465ef23c0431a2aa5695b0b8b1c33d9584ead358302b2221461096d0b65ef27da4a4f686dd8388ece52d166eec1c3fd7a410ebc79393e62

  • SSDEEP

    3072:kXhEZlPc/EQv36BO7YfITv2xQi9Zl7IXMII4t4rKgBzDShnzRqC6UwFr+og:guPQ6O7YfQri9TIXoFBzehVmHFM

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b.exe
    "C:\Users\Admin\AppData\Local\Temp\db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Users\Admin\AppData\Local\Temp\db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b.exe
      "C:\Users\Admin\AppData\Local\Temp\db5f71d6ddbb8ae6620e92841f584c13dfd6b36185f23255d29860a81b19157b.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1904
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:552
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:552 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E0TDCHQC.txt
    Filesize

    608B

    MD5

    fe4237eae6542213e30be7040b7af023

    SHA1

    fe9a8f78b9ac16f92a2f3c3cb5704ec414d30d3d

    SHA256

    a5e173bd1b5f1aadb3ea3fd8039ad425506afe2c95b970466124785c2d49d7ce

    SHA512

    cdcb1ad1c828912c937e372f1b82b06add7c95ec9fe6c57d172cfb618cf4f173cb87b67284cb62ee0956e61283f6f61b3743723731897e0b6981b16442c294a9

    Download Submit

  • memory/620-65-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1708-84-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-92-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-61-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-63-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-94-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-67-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1708-68-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-69-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-72-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-74-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-76-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-78-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-80-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-82-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-86-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-55-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-88-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-59-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-90-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-57-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-96-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-98-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-100-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-102-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-104-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-106-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-108-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-110-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-112-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-115-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-117-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-119-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-121-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-133-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-134-0x00000000002E0000-0x000000000032E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-54-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download