Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

475fb53ad0...38.exe

windows7-x64

8

475fb53ad0...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    475fb53ad0a86fccb2b2e71e4206c8d2fe62c9c25a035bb5a52903071c834d38.exe

  • Size

    361KB

  • MD5

    1431404f1348c88b7686da7b1968355d

  • SHA1

    08c328c0f085f8337c7c9b7e1041de0513f879f3

  • SHA256

    475fb53ad0a86fccb2b2e71e4206c8d2fe62c9c25a035bb5a52903071c834d38

  • SHA512

    04a87a348f8bf7810e6b88323d4ade7a96a6127f13688a091de80d896a88d2d05c50a2e9e5dcdfd4ae19946d73cbce111422b13a7f4b14818d91ccd55827d017

  • SSDEEP

    6144:gflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:gflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\475fb53ad0a86fccb2b2e71e4206c8d2fe62c9c25a035bb5a52903071c834d38.exe
    "C:\Users\Admin\AppData\Local\Temp\475fb53ad0a86fccb2b2e71e4206c8d2fe62c9c25a035bb5a52903071c834d38.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Temp\opngedecdbrtrsqr.exe
      C:\Temp\opngedecdbrtrsqr.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\cyxxtsponc.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1060
        • C:\Temp\cyxxtsponc.exe
          C:\Temp\cyxxtsponc.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:736
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1880
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1092
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:792 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:908

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • C:\Temp\cyxxtsponc.exe
    Filesize

    361KB

    MD5

    de43ef02ca74c0cf299bc4fd4b4acdcd

    SHA1

    348d3c056a2c8c25dbbbccca33dbf57ca605201b

    SHA256

    620d0e72b216021b695210b9340ad1af98b30394b9f04e2fa847a7261e24c2b8

    SHA512

    410517e890be56e896b97f745a1151f03c0b1779631854e1e6dde1dd5738ad09a5c17539e5a53cfadcb416272ef46f917212e05a72fc6abbbd49b3f1dd3fb2cb

    Download Submit

  • C:\Temp\opngedecdbrtrsqr.exe
    Filesize

    361KB

    MD5

    119ce39f8ed2a47a8dedf6bddd4f6975

    SHA1

    2b3165fe37eb1dcf4f4d029b84d10af5d82e4f39

    SHA256

    a454327150a6141d37dc3ca4cb29e59094c078926622f8f71c6c8ccdaf892eb4

    SHA512

    adfba388074f81dc2c55a2c9c8e479bf990b707a4acaf545e9580cbee7ee6c6606bf38e02bf8fea79fbbec038400eae8e1687bccbd564b79d05faa3fc8f6bbf9

    Download Submit

  • C:\Temp\opngedecdbrtrsqr.exe
    Filesize

    361KB

    MD5

    119ce39f8ed2a47a8dedf6bddd4f6975

    SHA1

    2b3165fe37eb1dcf4f4d029b84d10af5d82e4f39

    SHA256

    a454327150a6141d37dc3ca4cb29e59094c078926622f8f71c6c8ccdaf892eb4

    SHA512

    adfba388074f81dc2c55a2c9c8e479bf990b707a4acaf545e9580cbee7ee6c6606bf38e02bf8fea79fbbec038400eae8e1687bccbd564b79d05faa3fc8f6bbf9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BRQN2G4H.txt
    Filesize

    605B

    MD5

    0651f1bc0baf460e4624441210de9265

    SHA1

    86109fa35c0465468fa42aacd8b570d04071017c

    SHA256

    392cec91ce4aae55a21e051867bba74837a28e8e8a699b9d3e86b24ab7859fc7

    SHA512

    e57934cfe469b7699225d7dc1594b148f2b69fd8333468caefea6fbfea0741b4ceebb8202868b0404c024112aa6e67d146d5f40394d7e5e1d2fd4d857a013a5d

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2f3b498941f5e7bdf9dabd96f8d41712

    SHA1

    9484347485a1f96115b1af4c6ca41777b9bf880f

    SHA256

    e1d0eee613b1d7811ef1c9a669c2169677d22975a06620f014700edcb26f8acb

    SHA512

    585b76e2fb029f73653ea8699856d76511b578dfb21d3fe1acc9863635a6cf0b3cccd47cc258b06d1e146d9645a88dfe6debbcf0b329f24a30079282edc1395b

    Download Submit

  • \Temp\opngedecdbrtrsqr.exe
    Filesize

    361KB

    MD5

    119ce39f8ed2a47a8dedf6bddd4f6975

    SHA1

    2b3165fe37eb1dcf4f4d029b84d10af5d82e4f39

    SHA256

    a454327150a6141d37dc3ca4cb29e59094c078926622f8f71c6c8ccdaf892eb4

    SHA512

    adfba388074f81dc2c55a2c9c8e479bf990b707a4acaf545e9580cbee7ee6c6606bf38e02bf8fea79fbbec038400eae8e1687bccbd564b79d05faa3fc8f6bbf9

    Download Submit