Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

891693e510...cd.exe

windows7-x64

10

891693e510...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2022, 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    891693e5109fedf8fa7b58e4dab3b13887a54afe60aaf10356ad73da5f486bcd.exe

  • Size

    1.2MB

  • MD5

    612e646b51561df3a3f7b52e513ad5d6

  • SHA1

    d8de003cf8a3b4f5e85bcebae108a3589fb458bd

  • SHA256

    891693e5109fedf8fa7b58e4dab3b13887a54afe60aaf10356ad73da5f486bcd

  • SHA512

    80d9bcf04407666dbb503ac71b40f51cdbceb406982e94e0fa97d0adbd244c36e9c765b62065db2c32a02c32a495132e43fcdd5627b6195a78973c8bd87b3f0b

  • SSDEEP

    24576:n84Fb6PHUotlxRz0rs2U62W5su0S7sBpbum:n/6PHpMA2U6L0S7sBpKm

Score
10/10
jokerinfostealertrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 43 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\891693e5109fedf8fa7b58e4dab3b13887a54afe60aaf10356ad73da5f486bcd.exe
    "C:\Users\Admin\AppData\Local\Temp\891693e5109fedf8fa7b58e4dab3b13887a54afe60aaf10356ad73da5f486bcd.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.v258.net/list/list16.html?mmm
      2⤵
        PID:1544
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\uYXyp.bat
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1552
        • C:\Windows\SysWOW64\expand.exe
          expand.exe "C:\Users\Admin\AppData\Local\Temp\ico.cab" -F:*.* "C:\progra~1\ico"
          3⤵
          • Drops file in Program Files directory
          • Drops file in Windows directory
          PID:1492
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.q22.cc/?ukt
        2⤵
          PID:1956
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v921.com/?uk
          2⤵
            PID:1832
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://www.779dh.com/?kj
            2⤵
              PID:1908
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            1⤵
            • Suspicious use of WriteProcessMemory
            PID:1500
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v258.net/list/list16.html?mmm
              2⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1020
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:275457 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:316
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:472068 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:1404
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:537604 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                PID:992
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:799745 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:1976

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
            Filesize

            2KB

            MD5

            b90f7774c9a454dcb4e765a13fd24eb0

            SHA1

            f08a1453647c33dfd7d5757619f8b786106c1810

            SHA256

            cef9e0d09bcefec36de16ecca1a53665018bae69aac8c5350e5e74594574b877

            SHA512

            648f95283286096734187c0c130db8ee294046fde96bcaf7409761bc5b4207073b2006f4dddd8c8e3f44423934ce92ac112bd18fafc329e0b839404552b54249

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
            Filesize

            1KB

            MD5

            3b84cebb286ce173832e181b4ee6e5a4

            SHA1

            90addc1507cb6daa7a4568bae0cae01e9f3e6898

            SHA256

            13973bf04aa11227209e8d3da202340159943ee95a0e8974e764886ced4af4ff

            SHA512

            87ecf8915b7b6eeb073e507ffa55c08bc6e34e5ee47082590bd790fd718232601145c4f8c4e73355a76e71bf90d8cdea7cbf6e44d9296b4f30c0c6387a6b75b3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            60KB

            MD5

            d15aaa7c9be910a9898260767e2490e1

            SHA1

            2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

            SHA256

            f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

            SHA512

            7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
            Filesize

            1KB

            MD5

            00227a1997000059db17c4973b72409d

            SHA1

            f583a8cf20fafabdc46595d85f32ed3f51f140a9

            SHA256

            37f5fa67232195384dfb20b9437c251697dfb2c9a377b1da726176757b31c917

            SHA512

            bcb08425bf0998004ab5331c5d0b3989b1ac6ee9616da1e1e3cfd02ee288c267fa3b8b1ef1d3bd9dcce707c0a3288ef0904fc5851513641a05f4718fc3e711ea

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
            Filesize

            1KB

            MD5

            b76fee086aab8f6c3ce9646ae8be45b6

            SHA1

            8e70ee34a9e3e3abf5974305587049381f3b1090

            SHA256

            9deb4aacd71f4565f51165a170f9d626ef080adb6e5247c523d4894619d12484

            SHA512

            ec8fbe71b4a7f6df986739d771823f68c701c24e18b4081d78c11009e90b86dd4a7c5547b8b67743ec5f6456c6c5657b19127b62a9370a908c6e73da56b1c6a2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
            Filesize

            1KB

            MD5

            6ad22bb37c06a8542959021fc49948fa

            SHA1

            753e47099793b24efedc8208611e9fabb74990b2

            SHA256

            e88f513b287a2aaa2118d51d71a20ff6cd04dacb2bbafba25676fc0ade7874b7

            SHA512

            838d033789ae6028b8fac4c5a6f7415d1515a2ea3a4a022c890e0879abddcf05794165799ae890ae3c54601fed034efb3f2fed35d3fa980c13941799d87dd440

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
            Filesize

            488B

            MD5

            c8358ea2dd966d41606f0860dda2e474

            SHA1

            bb3000e2be85f2f3ce70f2eec8c78340eeadabbe

            SHA256

            e390ceffcb8ad83aa134e37ddad940b2b5ee28dd43bcb61346ed90672873b5cc

            SHA512

            32426cdc12e508059d7e08cdd2a7c6daf6488179a492610e2f776b3b385391043630913f7658cff4339b98f7f294fa6347d7b617c1058aacddccbc1e6f7351ba

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
            Filesize

            532B

            MD5

            abe4c217ddb02fbf3d9c3b28ea8bc348

            SHA1

            173f5d5d9aafa2dd5cbd279aaee9b75a2bd3fead

            SHA256

            55afdef78a0de61cc9c8e5ec28c3988d741880a018bf415fa5627fbd40327288

            SHA512

            959b6fd4c59713f29b06c46942fca468b9bcef5babc238ca02b21b2cf4d558629026f5c9f9522d6e53f95d645c9e4e5c02b7af6fccc5577d37f8e870eb380527

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1c7a3d7f2184a974bb41093d4c42e37b

            SHA1

            aa4c992b34ec2d201268467ac4a4a74e6bd3473e

            SHA256

            519efe6b4b991192c721332953258c238c4012e0b5a3946be0e39729db3795ed

            SHA512

            7a5943e4eb81085462b84fbd6611f8bbbe8a8978fa1538d1c0fb21d007de05b4c03707e8c2814888acf7fda20bcd145f0e01a4c2b27297a75b4b00ac9f46e0de

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            6253878713aa518949fabe4134b12bd0

            SHA1

            bebfc62b08ac4d774545953bdec11be626707e85

            SHA256

            a9f9853613ff881c306d78a0f765c189132521b229d5edaf5f477c35d5bf88c3

            SHA512

            0234b0c7d0bae632ed2aada0667d7c3f87bec5eae59c00a07bcf665f618dd7452536bf5d34ad86d1771d4016e445b5285971b0b78c26f5c4a50b65a77f686016

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            da0c9581154b71e81fe60aa888a0a641

            SHA1

            7afb9da5578a98829538331a9515989080b30794

            SHA256

            febcc503b05589a06870eef0125e3578e2fbb5117ed3f18bceb737a68d6be334

            SHA512

            c7d458048118ebae02fee9f2cd5411aac7330c96693d48a449d93623e1123fb8b5426f775c0d14aab758bfd71eb1a61c3ea6f5f775ab493968809fab33f52474

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2cc5c903a196c394152db178878fd288

            SHA1

            062bef169ce8b0a70b9083788fc7ea88b03d1286

            SHA256

            bdf0d55df78d1a47209c5e99abec3c8a00a9e52b6d8476f88e09259282496637

            SHA512

            d952f00f475b1be3237548063739d1af721017cae652ce21fdb0cef950c6af6b2ea8867f38f857b533e31363debb06b4e38d2197896596d25f1d636b3757f132

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
            Filesize

            492B

            MD5

            d40cad88f4a08ae7f4bdde146753062f

            SHA1

            e001206a6e6601603a0558870d2d875e2e201b8a

            SHA256

            981e53e4c5813f61ce22e376f3239b3b5b328b6615a425ada1e6a7444cbd6dd9

            SHA512

            8ae9c1cd1615dafaf89523f316afac945ff6ae1c6588f8f3b7d9ffadc092bff78f3b1d8658d71f712258eaf7dfb8e87d6354f142ff148cfe84df039f99f54f03

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
            Filesize

            506B

            MD5

            b3111f69d379ced23b5d533d7045beab

            SHA1

            7f6ae2545ec1e54d4506580e6136cdaa360fc5bc

            SHA256

            57b8f80b07d6c3feb4c0508562fd44be6de44b5d1857b2817f03730b3161e323

            SHA512

            b84c1f298f56c37cb2cd8cc5ffcfc86cbe768fdf06d65a8058082c7082c50f46905f3edd48f7cafb3afa736a0147af1fa9162dbab5ff6db32452504ec3fd72bd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
            Filesize

            482B

            MD5

            a8598ec0605df3c2cbc56968fdbac72d

            SHA1

            ed68b0cae1467c8ebbbb6a47aaa21416dfece9cf

            SHA256

            eb613ccefe2241dec234435d610b4b67120c4c31967a1c7aa7ea4ac4b12014a7

            SHA512

            18fe69ef1c4346f5fc7a8916f803126a08455c1cb1429e421f32149a24f2204d5ac7b68715d1187e7373bf64ae70f48e68b0354b7c0960f6fa73b8fa46c77d49

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            502aa0c27a7ebc901d58fa68f802caea

            SHA1

            b146d6f618ba406104e03263b3fdb91135e2a5a6

            SHA256

            71196283bed29384408090f3fb62c6adda9f9d2000a4487e4787e95145d242f3

            SHA512

            67e27acaf6d11eb8ef872230bb60c06ca6b7eb02743ad3abce7c5e69c5993087e488d8f2e03b8d829843d38da52d79d695ce0dd2b1e665a5af5d2f89976155c0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\uYXyp.bat
            Filesize

            98B

            MD5

            ada787702460241a372c495dc53dbdcf

            SHA1

            da7d65ec9541fe9ed13b3531f38202f83b0ac96d

            SHA256

            0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

            SHA512

            c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3OATOVZW.txt
            Filesize

            93B

            MD5

            5ea75c1315d5e5678643d04f3748a1ad

            SHA1

            e15255badfa0089eee27d6a0a2a04376d136ba4b

            SHA256

            1fae6c44d93b1423fcdbdd37cbfc09d8ff2afe43e90021a88088a5c19a29b856

            SHA512

            f2e87ee3437bd136d7e43e68c525080e1c212123c5f5c53329225d0500598b67ca340de198501174e062a209818308aff780dd9ed4f5d5d5f0a3133e8b69e71f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4S36CMQ0.txt
            Filesize

            599B

            MD5

            351fd7011f249380c1c645bde15fe202

            SHA1

            b6d451114c544ad1b1f14ad10511892ead656c55

            SHA256

            f72978f1038b55fa6083cb505ac18301f45580822f3e61a4508d60c740c8cbdd

            SHA512

            0ace360225df7db331c84da6fbd7696a5c044680598baa8c8cc51bca6c40f5df249f15a5ac7b75312b637ae0c69399fc0d1f9cf51044fba9ceb8c00f87290912

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7V34TG0Q.txt
            Filesize

            112B

            MD5

            32b189148a0cc20fa6e0d858abaae49b

            SHA1

            69e38800b102aa93bf0b83fae4291b4bcfa3af98

            SHA256

            59a3fb583e3fa5fec8326a05415e2882da1e89404b975d1ad0195ab2be8e32ff

            SHA512

            934ef759eda1632467d6deedf988fbb06f15fd26bffc49b85e6ebc0e40c0ae68df1c597302650f9c63805735ef9e15ec94323d414df2fe768f003d94524ebc36

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FC556AW4.txt
            Filesize

            224B

            MD5

            04678b79f9d938d68af8ab8979fa16b9

            SHA1

            ec69505f93059a804978c95c8f63837e4064983f

            SHA256

            b5176bc6b5466fc2d601d4924dbc841fe5823e7e49ab669eac6042179e5231b2

            SHA512

            adfec85978dba04839dfb9ec72ee6c24852ce87098021fdedc9f41eb30428921542df34dff0f423a46ff72c9ac97a839ef60c0790e12150c9e700303aa9d4ac8

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RSBG0HF4.txt
            Filesize

            322B

            MD5

            db3fda23b88a478df7598d53c4af001e

            SHA1

            3ca1e64c41ad1535953f39911dff2287fdc6ae88

            SHA256

            47b278af52b2a580e2a55be79e32c9020b6741f9ec06d8e5ac7add0f0bff2c21

            SHA512

            c74319a1059f23fad4879d5cad2d0119644f1792cda6f75434fffeb5ce59ae4b32a1696ac687f5140d9f4d8e39165022156326347e61fe6ca3da47e6db406c22

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TABN1HKX.txt
            Filesize

            116B

            MD5

            cb9af7faf78aa774b1d1aafdacb29fa5

            SHA1

            80eacb1d008b8048ec64d9254011a777698f7401

            SHA256

            eeb99162d26257d153207596a2480ae2984fa4f2f09bc2ce086b011e8cbaf42c

            SHA512

            8713d2da6ad50daa44c62a0af1e8328f92c7c046e4fb452f5335ca8f0ba2149c35ca85d8140497152272148b537e889ec127d7e4bade404f3c325915ab0c44c4

            Download Submit

          • \??\c:\users\admin\appdata\local\temp\ico.cab
            Filesize

            20KB

            MD5

            1319e9998cedc513c68fa6d590b6ad63

            SHA1

            ae95b333e88a13886994f320f5dfb4856168a710

            SHA256

            9a5b18efe243fbe9b9b0be3674a24080e9210436986988f3f85a4007905083bb

            SHA512

            d4052a899c6c310296e2f5fdf6c2031c22d2644be620cb34ddcc6b59789d82a6462daaeb34466c568be48ee975c4a5ab43143eab0792312a6cd0d49f9fbd8d3f

            Download Submit

          • memory/1500-63-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1544-59-0x0000000074981000-0x0000000074983000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1784-64-0x0000000000400000-0x0000000000536000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1784-62-0x0000000000400000-0x0000000000536000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1784-54-0x00000000764D1000-0x00000000764D3000-memory.dmp

            Filesize

            8KB

            Download