Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

772645517a...ca.exe

windows7-x64

8

772645517a...ca.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 20:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdca.exe

  • Size

    312KB

  • MD5

    3bf32adc801cc53d9514cd981acea15f

  • SHA1

    bf4466f30b4d4a4ea0b484704a6deb37a2113482

  • SHA256

    772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdca

  • SHA512

    35de859ffbc7eeda9b28358eb9f4ef7d39fe1d824c996663e97ec12eacff405af1f75728d1c61d6e1a99f2fb9ab4617151cb002849dbec6179bce9e26561396f

  • SSDEEP

    6144:zcIhoXH+MWDoLybih7heY0Av9SO/qAvQ0S:oIhyWDoLth7MYPv9r/VvnS

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies registry class 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdca.exe
    "C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdca.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
      C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:972
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:972 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1380
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98053DE1-42A9-11ED-AD72-5E7A81A7298C}.dat
    Filesize

    3KB

    MD5

    3ea734b9dd9989cee8765877f0b73020

    SHA1

    3d65c68a899bb5a15b04bf5464b393662fb76f10

    SHA256

    3de27cc47d0d174898d954dbbb7f15d3cd28bf21fe755323c177bb2a4b61b9b8

    SHA512

    434af8124479df91a1169c39c01cc40c297d016220c7df05f831287453de1c61143facd0a8b4850ee528ed72e0762acec3c3e3333cb31e360c0c64167079430b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9805DA21-42A9-11ED-AD72-5E7A81A7298C}.dat
    Filesize

    3KB

    MD5

    08999f7fd5799548330e982a59f14a34

    SHA1

    e70f47412765e0790f160b1c25d56120ec95cb29

    SHA256

    ebcdd79aa04fc443e032414c7a0913af0f0ed02e37dd121962ae2cc690b6258f

    SHA512

    f28a237a2c581ff3691175e50425363392bd36340b52fc3100e088567edeee4079052d35f11993521ddb5b74adc0c1b681ebda3e98ab3c30ed4fae4c6b1ce839

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UE89IUBP.txt
    Filesize

    603B

    MD5

    28e5c92e1340e18997ab0b02034b880f

    SHA1

    2d3f7cffb3b3463169162beab1be5c2d2abbabc8

    SHA256

    77c96adf727d9967e5811cb754ff42f8250c3c581a78329d837eba50a172451b

    SHA512

    4c18d9a36cbd1fc1f803c0acbfae2f197e37899c285603ea86faee1f3f5ec5a647e9bc44cbb0fa588b435754a4fd832cfd7672ceab638beb144f3c7aa6bc3586

    Download Submit

  • \Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\772645517a7cf06224b855da2a5e27273ef93c1e7b77073476c8637c11b8cdcamgr.exe
    Filesize

    160KB

    MD5

    def246ecc4f00381b6b1acf8463831fb

    SHA1

    864cb109f819a7929fb000490f7628a91d751b28

    SHA256

    b87b2ab451238dbe16ece999631a662c3efefd20ef9a5339d3f7955d768acb5c

    SHA512

    8770c4275911ba2537a635cccfbe66e8ea08051250c9837d2ea5bd49c22519a4fe72bc48261e687e60a34a08e8a08fe38f8ed7632bed9098a851fcd8f27b56bd

    Download Submit

  • memory/1056-64-0x0000000074CA1000-0x0000000074CA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1056-65-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1056-66-0x0000000000850000-0x00000000008A2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1056-67-0x0000000000850000-0x00000000008A2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1056-68-0x00000000007A0000-0x0000000000804000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1056-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1056-74-0x0000000000850000-0x00000000008A2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1080-69-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1080-72-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download