Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
07/10/2022, 20:34
General
-
Target
https://sharemods.com/kqnqfzlllk3h/Reisproject1.3.rar.html
Malware Config
Extracted
C:\Program Files\7-Zip\History.txt
Signatures
-
Executes dropped EXE 2 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Loads dropped DLL 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SetWindowsHookEx 37 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://sharemods.com/kqnqfzlllk3h/Reisproject1.3.rar.html1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:17418 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\47NRIJ2V\7z2201-x64.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\47NRIJ2V\7z2201-x64.exe"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x520 0x4481⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Reisproject1.3\" -spe -an -ai#7zMap22574:86:7zEvent3151⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5c3af132ea025d289ab4841fc00bb74af
SHA10a9973d5234cc55b8b97bbb82c722b910c71cbaf
SHA25656b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52
SHA512707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2
-
Filesize
1.7MB
MD5bbf51226a8670475f283a2d57460d46c
SHA16388883ced0ce14ede20c7798338673ff8d6204a
SHA25673578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e
SHA512f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9
-
Filesize
1.7MB
MD5bbf51226a8670475f283a2d57460d46c
SHA16388883ced0ce14ede20c7798338673ff8d6204a
SHA25673578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e
SHA512f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9
-
Filesize
668KB
MD55ab26ffd7b3c23a796138640b1737b48
SHA16dab8c3822a0cab5b621fd2b7f16aebb159bcb56
SHA256eb775b0e8cc349032187c2329fefcf64f5feed4d148034c060e227adf6d38500
SHA5122b40489f46e305f7e3455cac25e375711a6a1733861ee7bf1b800b86eaad2f40871c219924ddceb69b9748ae3cf9de59f0edffd7ed7b5e7f35d1239fe0333a78
-
Filesize
2KB
MD5dbd2ef00711b9e8a65a71435dac362a2
SHA1befb6f2c27daebeef7bcd7ed80c9dc50241bf5b6
SHA2565affc8e9407564299e0b7ce1953b921d33dab949c296198ce30781c952e6a047
SHA512500c02a21467c0f04337258c07a1e5f71da3dbbe2105e8e63881fe064bd4ebac7db8347e5a8e554b384237961e3df35513ff14bdc4a409862ac1eca5c35bf378
-
Filesize
717B
MD5ec8ff3b1ded0246437b1472c69dd1811
SHA1d813e874c2524e3a7da6c466c67854ad16800326
SHA256e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552
-
Filesize
1KB
MD52ff7625e84887471e8aa67e6ac11f735
SHA1cf9396de83f5822338529f1c0c51f41da5eee8d8
SHA25627e0b6144c294a9cefbba0145baea8e299a0fc3b1bd897bf9c3f6dc0109207e9
SHA5126fa10ff0000cd4ef9ee689e70adbb5f181019be9d74e0fa74276e3f1a045a2f735e4f705d3d0cd9acb2f1a7772bd56be2166a3bf64da9024bf0d9b3dbfdef556
-
Filesize
1KB
MD55b3a992af738a5113af1348306997e86
SHA182626876edbbbabf2fe95708972114343d6543e1
SHA2561ad09952f87db88ddfce64b46287ddb1784d861284385cc44cc23876cafc0c50
SHA512cd54392a56730726bb9477814324b7f839eee31323f807114aba61b56a22e4a4e480077d04eeb38af78d539d3b55ea4c92c43423884af6d09aad6d6999b2290e
-
Filesize
471B
MD550e10d0c1d47ed3dad34cfcd6a9d764c
SHA17ccc215400c6c89e794dcf3b8d7b7ed006e94fec
SHA2564e194f75beef2d97e3b4e3fdf4a49b5ce0b5f7f112097d3093b33d257b2912a3
SHA5127f67c1ac984e0f2de6cb3e12fe856a86a0e6f1d690ad668fa11c94932c5846f12008fc375187e0c93f40026613096184e36aa4804896f736aeb1bec27fb265aa
-
Filesize
1KB
MD54b17013381328e3e6c6496e128289829
SHA177e65de2b337899996a68241226fd97196d9a73d
SHA256c7cd9f2c74cb78237c3ed4e8f1a42ddc1c03c0f64a0ca70aad4a4af1f7182f71
SHA5123fed91eec2c1c6de1f646b8664859691e15a3f04f17df41033616d609ab166309bd821a1190146535c3976c00b687ea1ab6fe4aa1d235b516bf6a79a29887763
-
Filesize
471B
MD568939a4d17f82e56b48f4aea2f453c4b
SHA1acca33b18c897cc32cfa334605b470f645ea8f91
SHA25643714309b84438f4070816ff2772337e75f7fad87a0fd8825ba25a942cff1da1
SHA512f17add23ff96781baa963047194bc1189809f4a99e4203dd1ed5b2ea8b44263ee0a73b83181114ef525f93f3c4312c6243928ced6f0eac023d8dabcc306ea534
-
Filesize
488B
MD57df4ca66c85e8e2aa1d71f4f8ccd9b29
SHA132e03f9123b3947ecfdf966c72605b06c527ee0f
SHA2569322f112befca997f7ef4980bf8a304c9576034c05191c886e97085c952aea74
SHA51259d01f2a81561e9522882c915880ebcd40f15121584af70243cb2526f8e02263ca447ef4d53e17e6a61d7604bc7e61a27f5fbc5ec96520003511ce776aca9ea0
-
Filesize
192B
MD5fbb8c3986bd465c6f0205698f23ec201
SHA1bcb64305d5945a6abaf78e8875425da7e4d2cb39
SHA2562ad680182723d3cb2568637ac33dd4e1e5b4ad880673f5dc0fc40664fcb669c1
SHA512f4f5efb43e0f5f1140d5f625a1125c81802c3e389c3471fc9a10ac8baf770fe59333da11debd7f0908b9e17b5bed082d4bededac739ef735556c5309c4ab61d9
-
Filesize
416B
MD5b8f92df6ff3415a00e90f00e381cbb19
SHA15270d35b655513e1a38d651081173202a092f617
SHA256d5c3ed5478d8ce511f13c0d17f66451a38d6022cbe0d94590d8021df79312d1e
SHA512d11f3c4253da34f187873516ce8bd2c37cdd2eaa129a49ba221e2fe8943983727a66048e56230f947b817e0eaa7960a8074a517fcebb22811bf8916218d94219
-
Filesize
408B
MD5346802708f9eff522772fa7ffe69c777
SHA16d875ab0e951a09225cb8cd506446fe1d93f1d41
SHA256976b35fad54259d22dd1497a2180430c491f3ee0c2f2210a65e3eb19fd526af4
SHA512ac4425414f5780cd1f51beb3b969e23eab89bd57fd3203a0fe43876845507fd2e336e6f4f43c1f0e326829c7a5f5bad3f48224a0660d9eda954fc2481263104c
-
Filesize
404B
MD56b60859f4a569edfb0fa079123273e9a
SHA1f5d7171f2ffb8fd45cd2f6fa30791ad093bd6bd0
SHA2562166e4844248ca44e3314bf9c608d4cd8b62af18c5c9c674210642b0cdb506ba
SHA5120d5b73d59ce9bb938cdc6b92e81143abe4cfad2b061fecf4f135c15b13ae38f0916772dda0255cc71762876526f78b671366b40ade7cf5a457d5fac7837e744d
-
Filesize
482B
MD50d9742ae377389f77168d25bd32d882a
SHA15e983ece5b43e68c062350b4cee9fb895cd1a90f
SHA256102055cd282ca158efa4639a14702756a7185e0a2a43d1e0dfb8f318e1ed28c5
SHA512a1a47a9da0930ed7cf4443d7972b24c9ce5f07e249afc1a8c6fa0b696b63e5290a8565e5d13804a2979d768d55f3c8a4173bcbb46478227e41e1c7e2d5714da1
-
Filesize
400B
MD503ee739c10a15795d0da3be03db8da45
SHA15b7359fc62d119382ca32d5e0e8bde9765ff2841
SHA2562b55d4e58cea52bece5b5046686a384054f593fbe9ebe23cde4ed8aa48582326
SHA512c5c526e3218ed6f5602d5d9022e9b0fee893316488233a1bc0b66d3cbfba544eb86a9d6b5914dcda5a601fc4ef1973fb3ff214cb6ed47c9e0e9372a4e5385539
-
Filesize
1KB
MD587d03b0fa7818df9801eefbd5cd08288
SHA1340b7eb005ea019668e1a7936e9a13be8c921d47
SHA2569e6461bc71e5928bdb5e958eba78bba9a08a8a07019f48979da2432c676a003d
SHA512f3becec732e757771ec96184fa94f7136d42b3029c2618a8208cad277f1283bb7a534ad550837912cdb7accffb07236323efe36a58862cb391f1bf39627735cd
-
Filesize
35KB
MD5694b6d1ca2091fdb7f261fa7f19db4c8
SHA1fef4577c7c3b0cfeef613551a8528f9dbfe8cde7
SHA256a21b3285c2ace6672a422225f48d326aaca6c8cd68804060f8734bdf52318d42
SHA51264868e76cde42b401c7498b1b7661c0dbf22e2628266a76426fa4d77208c95b445049ace36690dbc1744d09495c4a34b1af75dc680eb3fc12ea864db622bf600
-
Filesize
40KB
MD57bed5a29f89475f0fa9897560531789a
SHA18d23e84f179458621885c593f5353bff7d2b0b63
SHA25663ed75644bc819ec33ad4a8bc8380232fdd3ae13775ce538613eb673f5036329
SHA5120a62a6f883cc6768a280387053034e2477f0f4d8160681f3b9fbe120f49c9e8ef101325b6ac2b03b362666dc068f0237ee8607499d4534759b4fb5dc09452809
-
Filesize
40KB
MD5d9f9cf32ea09dfe9f84e4b15391a153f
SHA1c8cfe5e52991534ed3fd7e2517f24572a9182607
SHA256de29d20f1cc496e49abb6f19bfd8106a12a59a629cfaf6934a22bb465ce4f49c
SHA5128d387b04bb361fd6840c3ef90171fdf0e6c262c51a4155e009c13b9eaec9ef5ff269f9cef64d38a2ccd9c7e80547e23fecc0e11d7282b487149fe8e556df06d7
-
Filesize
1.5MB
MD5a6a0f7c173094f8dafef996157751ecf
SHA1c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94
-
Filesize
1.5MB
MD5a6a0f7c173094f8dafef996157751ecf
SHA1c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94
-
Filesize
318B
MD5f77d1f20686a6bb34ccbe769d2b7e575
SHA17e8f45cedf6b9d96d3ff6bb5b7bd6541d83c37ea
SHA2567f3d039b2589636d6130b51007bf70a3d4f99c998bd6c1ab281735da2869b426
SHA5120d3b9707c905b6d803f12468c45c667fc21af5ec5d2899e2e364f4434123acbd4f4cb55300e47ae9d2f37be2ba73397baa94b2525aea28fdf7edbe91183cd162
-
Filesize
103.9MB
MD507e65b730d81e6db913bb46fc70a924d
SHA1466baa60d8251aae082a7e3f6918d934132d99e8
SHA256befcf46b2087510a5a161cad4e0fadebc50537bda206cc42eb07562b35c73d9d
SHA5120fe2a1d081edfe6644adfb3d9d0eb465f61f2e31edfe6181c36532640abc858ef3bef7a09e467341af5268f48da908a7a6026a5ee9cbb2c8e730ea005a27e974