Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

65253e97-5...f5.zip

windows7-x64

1

65253e97-5...f5.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2022, 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65253e97-58ae-487c-95ac-e39e7cec4af5.zip

  • Size

    5KB

  • MD5

    85be3e85f77007c2981056546e859be1

  • SHA1

    ae086c0127d5acdd03c003752b64fb46587e5a61

  • SHA256

    c9216837dca129fbe2a63080446acb079deaaac202a5c30a35ee1a282c39afa8

  • SHA512

    7d2224665e46d5fccf4ef3c0930e71423c319a556489eac50c84b1b213271e5a0ec0b79e457c01ff7bd3dc5570e84a59c52ad886004d1c9e1fbedee83f7d531d

  • SSDEEP

    96:mpstaFysDn/d4J+Oq/VlQdBUg9CmyQlfL72/FmIQpE1wq7hVM9ygpstQ:zaQGnGA5pMfP2/FmIQ1yEIQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\65253e97-58ae-487c-95ac-e39e7cec4af5.zip
    1⤵
      PID:1968
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1972
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x4f0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1920
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\65253e97-58ae-487c-95ac-e39e7cec4af5\" -spe -an -ai#7zMap2972:152:7zEvent17822
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1620
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65253e97-58ae-487c-95ac-e39e7cec4af5\Users\abrewer\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8EC7I97O\REMITTANCE TRANSCRIPTION.htm
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1772
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1588

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        60KB

        MD5

        d15aaa7c9be910a9898260767e2490e1

        SHA1

        2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

        SHA256

        f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

        SHA512

        7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        dbddc90eb85fc46805f342573671efac

        SHA1

        2ad0c6956046ad23de72c7238e288adcc8aca751

        SHA256

        bdcc536f01bd479b4b5957685c96c14439782902d7dc71c3d488e1a3f574bb92

        SHA512

        8f5597093f5aab4d947996e459be2ac05201a0b0c9b02a5cbaa57129ecd90bc1781d2e54314d85d2044474a14df96be1e378e658f53243c37f5aeeb3e604a23d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\65253e97-58ae-487c-95ac-e39e7cec4af5\Users\abrewer\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8EC7I97O\REMITTANCE TRANSCRIPTION.htm
        Filesize

        10KB

        MD5

        11b6019ed5bd262d1f87e20ae9f8221a

        SHA1

        d5172b0e3e486c1b911fd28218fdaf9671e94ae1

        SHA256

        01bbabfbcb228a3ab98d6296d6fe823dc82945e6b8e9f61c972645b2c59fd2f4

        SHA512

        67696ce7ea9840001b0b1396ead37c54dbc30968efb45407b3519596ca69b1c2d48e8c793f178a731eed298c5ff0fb53199c3364490059776cddf24b485058f4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZYTSLTGO.txt
        Filesize

        601B

        MD5

        28dc46fa4f09f499f67f53ec6c56331a

        SHA1

        eea3ed00b8d804077267ba15382a55d3606493c9

        SHA256

        a9cca2958b0975ed562a901c740f75dac4e00831f1ef1c137c53e433b578c260

        SHA512

        6fe10f6ef7a022b627f3f58a9eaab9d76f60b59c9f51b8055f326d2823cf73ab3b5f55467f6c3ff6f63083ec0cebba237518ef7d4085d50f492072bb8378f072

        Download Submit

      • memory/1972-54-0x000007FEFBE81000-0x000007FEFBE83000-memory.dmp

        Filesize

        8KB

        Download