Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    77s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2022, 16:52

General

  • Target

    lovel.exe

  • Size

    144KB

  • MD5

    2109c150c16eae3edd2b9936fcc6e8b4

  • SHA1

    f07fd6f5d8e6c447adf31c52ff99da00ae2a6a00

  • SHA256

    edb7525a53ad2a5cdc3551de4844bc40f04bbdf8bccaac72228fa167d6d034c7

  • SHA512

    06b9c5f3d89c4167b8187fd7d8b96f9c6d277d6ee1de6f03729613396fd894b9bea7b134377ab30b9ba1920d2dbb9fb032f1d97e9a96472eee81e2d6fa83e5a4

  • SSDEEP

    3072:wxyjMffJq5h4uMXTfSP89fA0J9W7cluztx:w8l4uMXTf0MU7cAzt

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lovel.exe
    "C:\Users\Admin\AppData\Local\Temp\lovel.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.7&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1372 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    d37338378465de84b04c628614d9a41a

    SHA1

    5797ff4e138f5b50b8b1ce683adc03d608beaae5

    SHA256

    08c52a18313f9b00f4f6c8608b9d0741792e65a95d2c8a828fcb9b69159ddb4a

    SHA512

    344c934ac54d235bd8abbf449add0b07b908bca780a01dbf30438fbab4f8dd6989ec47595bb1ce01e08a0a9a880e8fbf21d90c1eeba9da771db60dd1f9f645de

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\COBAVMMH.txt

    Filesize

    603B

    MD5

    0b81a5862f255461b4c2542a1812cdd3

    SHA1

    60cd5ea3483bb2a79be3c9cfb8c945fe2bcee360

    SHA256

    4bf6270eb791334b125d8e8fa39413f45189949bc840dfc55887bb83db3bbe23

    SHA512

    27fe29742da6d7cc46b0bc8877001578d2f8291a907ae8d929b96e374fd9b1f689b69a375e677fb45b978cee41fa1e03f72cf6c8280fc5edaff8b28170431c78

  • memory/1764-54-0x000007FEFC0D1000-0x000007FEFC0D3000-memory.dmp

    Filesize

    8KB