Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

2a8a207c0d...24.exe

windows7-x64

7

2a8a207c0d...24.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    170s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724.exe

  • Size

    160KB

  • MD5

    6e5b59ff245f9bef635cd1d8f17b3155

  • SHA1

    09547b3fb452546efca08575c252ade007937338

  • SHA256

    2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724

  • SHA512

    324a0137eaae40cd09a2ed0f70e5fc3e7c1483a50a70d571801f824bf8e106ec250b02cf24444c2f8023f64c480806ef39e57209a174ef662697684c1e1bacb4

  • SSDEEP

    3072:qm64Xco1T+HflHnMopK4meh6YVgvPq4ljI+elAxWiDUUWK:NoGqRMopKReJVgHHQlAxWTUWK

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724.exe
    "C:\Users\Admin\AppData\Local\Temp\2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724.exe
      "C:\Users\Admin\AppData\Local\Temp\2a8a207c0d4589d61845084821f6178c36af2e54dab2ea988ff25d8db7fb2724.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:204
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3256
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4792
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4792 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fd70739fca5345a28f924f9102ae10ee

    SHA1

    6ce3f92183544f3bf52cb76364591589cb940a19

    SHA256

    f238404cc643efddef8ff430f128cdc8ec1513969eaac24b5e5bce81248a91e7

    SHA512

    a787d3a2bceeaed2f2a29f357df6ae17d5b9f66a3c561550d5f83c308ad26a1ddf876488151ff5e51ce93bfb9d0c7b8ca812d595e8d3ebdda7d805707ac1b278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    3269f644828abc60a35f3d04f2cb19ab

    SHA1

    f1a86dbcc5bed0ba2b436575f9a060b9eddc3541

    SHA256

    6935f42067d07b5572b4033670e9455bba2ac2e9aee9251e9df7586109ff2723

    SHA512

    2379fd38cdeb312d3f25c5c4f889572f4d8424c00a93dbec788f7da43b1b7670917f95948705eb3f9cd48e5570ede90c8b14613bb731d090b89a8eba20a6a79e

    Download Submit

  • memory/204-134-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/204-137-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/204-138-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/204-139-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2224-132-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2224-135-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download