Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

764b03fa60...3d.exe

windows7-x64

8

764b03fa60...3d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    764b03fa60fb8ac3877aa53bd129846a65149b12f0dc537f5d6a34741522c43d.exe

  • Size

    156KB

  • MD5

    075957d919dd59ac12175be408415704

  • SHA1

    c94f130073125bd0f000152a3c99ebc1f9665206

  • SHA256

    764b03fa60fb8ac3877aa53bd129846a65149b12f0dc537f5d6a34741522c43d

  • SHA512

    5ed6a88c8fdc9159286bde86e2bd1c23d2a378f47d8fb12d45e373ad79f617944e98a542a021d1dbbc75284e7860334740606e3254c39d7a114e11a268d8a8df

  • SSDEEP

    3072:hnj9jtfU+INndIc0JL5iNghh2q8n/SIr4y8dRF/lE085Dz8BWPUQmd0t:hjbei2gv2Jn6I10RllEuel

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\764b03fa60fb8ac3877aa53bd129846a65149b12f0dc537f5d6a34741522c43d.exe
    "C:\Users\Admin\AppData\Local\Temp\764b03fa60fb8ac3877aa53bd129846a65149b12f0dc537f5d6a34741522c43d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3312
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\UNDELE~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\UNDELE~1.EXE
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Windows\;windows folder\azdjk.exe
        "C:\Windows\;windows folder\azdjk.exe"
        3⤵
        • Executes dropped EXE
        • Modifies Installed Components in the registry
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          4⤵
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4876
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\tmp.bat" "
        3⤵
          PID:4720

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\UNDELE~1.EXE
      Filesize

      224KB

      MD5

      824651e9ec6d946b5fb5e1d1480ba6a0

      SHA1

      ed697a24d84e44712b48a040d3a628c5b3c632ee

      SHA256

      27654f1ef039150c953fff42a73dc173bfcc48d36740f9c4864b5c86cf2cc050

      SHA512

      205b515839f594ecd142c39c5cdbab90bd944ce85385e31f3ae5e61c9f6d9a7106f939901ea887a9318fa3402f8a52bad405a207b482489f1b3064336197f85e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\UNDELE~1.EXE
      Filesize

      224KB

      MD5

      824651e9ec6d946b5fb5e1d1480ba6a0

      SHA1

      ed697a24d84e44712b48a040d3a628c5b3c632ee

      SHA256

      27654f1ef039150c953fff42a73dc173bfcc48d36740f9c4864b5c86cf2cc050

      SHA512

      205b515839f594ecd142c39c5cdbab90bd944ce85385e31f3ae5e61c9f6d9a7106f939901ea887a9318fa3402f8a52bad405a207b482489f1b3064336197f85e

      Download Submit

    • C:\Windows\;windows folder\azdjk.exe
      Filesize

      224KB

      MD5

      824651e9ec6d946b5fb5e1d1480ba6a0

      SHA1

      ed697a24d84e44712b48a040d3a628c5b3c632ee

      SHA256

      27654f1ef039150c953fff42a73dc173bfcc48d36740f9c4864b5c86cf2cc050

      SHA512

      205b515839f594ecd142c39c5cdbab90bd944ce85385e31f3ae5e61c9f6d9a7106f939901ea887a9318fa3402f8a52bad405a207b482489f1b3064336197f85e

      Download Submit

    • C:\Windows\;windows folder\azdjk.exe
      Filesize

      224KB

      MD5

      824651e9ec6d946b5fb5e1d1480ba6a0

      SHA1

      ed697a24d84e44712b48a040d3a628c5b3c632ee

      SHA256

      27654f1ef039150c953fff42a73dc173bfcc48d36740f9c4864b5c86cf2cc050

      SHA512

      205b515839f594ecd142c39c5cdbab90bd944ce85385e31f3ae5e61c9f6d9a7106f939901ea887a9318fa3402f8a52bad405a207b482489f1b3064336197f85e

      Download Submit

    • C:\Windows\;windows folder\ietech.dll
      Filesize

      194KB

      MD5

      b1a65d332c17484afe10c41738b9e109

      SHA1

      ac6774f85d4d65060391a49ca104dff5bd472a84

      SHA256

      1000f1a6f99e85bc8488e6d540ee7a44d954da3c5a89d0d596b4157662439e04

      SHA512

      c30620ee7b6ed5064cb8ad5cb14d75cbd252c76cb13ecf2f69a8a40630ea8cb43c407ed2be2f6f1eeccf7970ae7b079d7c2c5bb945110f90263252ba87f16bc5

      Download Submit

    • C:\Windows\;windows folder\ietech.dll
      Filesize

      194KB

      MD5

      b1a65d332c17484afe10c41738b9e109

      SHA1

      ac6774f85d4d65060391a49ca104dff5bd472a84

      SHA256

      1000f1a6f99e85bc8488e6d540ee7a44d954da3c5a89d0d596b4157662439e04

      SHA512

      c30620ee7b6ed5064cb8ad5cb14d75cbd252c76cb13ecf2f69a8a40630ea8cb43c407ed2be2f6f1eeccf7970ae7b079d7c2c5bb945110f90263252ba87f16bc5

      Download Submit

    • C:\Windows\;windows folder\ietech.dll
      Filesize

      194KB

      MD5

      b1a65d332c17484afe10c41738b9e109

      SHA1

      ac6774f85d4d65060391a49ca104dff5bd472a84

      SHA256

      1000f1a6f99e85bc8488e6d540ee7a44d954da3c5a89d0d596b4157662439e04

      SHA512

      c30620ee7b6ed5064cb8ad5cb14d75cbd252c76cb13ecf2f69a8a40630ea8cb43c407ed2be2f6f1eeccf7970ae7b079d7c2c5bb945110f90263252ba87f16bc5

      Download Submit

    • C:\tmp.bat
      Filesize

      203B

      MD5

      29e89d43f521660b9b2a14281bab6f35

      SHA1

      2bb76d2f03a3b5557269473789a2f4ea487d0f4e

      SHA256

      adc4f48f836c9bb3b8b4553aeddea1fe129e9fb83cc81d5c24681c406f6a32ff

      SHA512

      9ad7bc5a05b20a5bad5285b1caa8b514f37b25019b5d51d2dcb1438604beeff503abb28e2b9fe787bfe63973db0e9314948606b5e4694b17a5765d1043526ddb

      Download Submit