Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    171s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 12:14

General

  • Target

    cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll

  • Size

    507KB

  • MD5

    67e9c80dc1bc31549fbde95e082ec522

  • SHA1

    589a0511a3fbdb2556d09941e2e3839a3ae1fef5

  • SHA256

    cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6

  • SHA512

    1ef0e9ea7be3e88e1a78e8afda3ee37c9011d433b669b26e42451173b94eff32017dcd2acc1df6e5c5236d2e97a9a478a6e0e43b29558bc02cfe765fc977841f

  • SSDEEP

    12288:0MwVOnc2oPKebOm9J1s3TzhxQBNDnh3lINEKWA2:G0c24haEs3BuBNDnZihr

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf10eda2ee900cfe8be82509ffd9be21c70fe31f63d7582f9ae433343eb877f6.dll,#1
      2⤵
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:912
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:275461 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:828

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2VUILV4P.txt

    Filesize

    608B

    MD5

    41b06186817219196dde08bc067291ad

    SHA1

    cf2dbf51ab04eed810adea637e2eb940421948f4

    SHA256

    baded2b7c82a1b992e89a5b24725789b074a10533b1c3aa5a62f12cc20e4befb

    SHA512

    2a0517dc3dc69f9c88a5944b491aedc92d7e6e657dbf89ea01186e85af934848219bfe6cfb49107e349081f916f27bb4841725a85bcca75d3f492168fc6354d5

  • memory/912-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

  • memory/912-56-0x0000000000690000-0x0000000000712000-memory.dmp

    Filesize

    520KB

  • memory/912-60-0x0000000000230000-0x000000000028F000-memory.dmp

    Filesize

    380KB