Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 01:50

General

  • Target

    38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe

  • Size

    524KB

  • MD5

    66b954f24fb3c847b7ba75e1dfccd91b

  • SHA1

    89ad34c23b0c6c9b8612d8f9a2404fce9bf2e059

  • SHA256

    38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129

  • SHA512

    0df7ec7897aa3496f013bf53f8bbe01beb33bd0d28ee9a7b5d718b21950b024a63a47012f3bda0b2b7d5ecbc7da8e82b9493f2c848d68ced97d630970f76b71f

  • SSDEEP

    12288:hkhIj6W6nGbmuUqvZ0902fEWG3O/Q5lXhyEyFF:hkhjQmuUqve907r+Y5l/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe
    "C:\Users\Admin\AppData\Local\Temp\38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.wa300.com/tj.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4144 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4456
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\38CAB2~1.EXE
      2⤵
        PID:1064

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/860-134-0x0000000000400000-0x0000000000483000-memory.dmp

      Filesize

      524KB

    • memory/860-136-0x0000000000400000-0x0000000000483000-memory.dmp

      Filesize

      524KB