Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

sample and order.exe

windows7-x64

10

sample and order.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample and order.exe

  • Size

    281KB

  • MD5

    7dbd6df3ec4fec51110e44dd2122d166

  • SHA1

    078d7b5f3453fcb85908cd9209a07766f613307f

  • SHA256

    cf7fc1a1f8101f89f4b4693b664e96f88febde65bc7c0b5f9dc19ce060c45c84

  • SHA512

    c17ff24eedc17ac985a894f10546761b08965cf5e4c0d7d94466546b8c723cb7140ed37a99be0af64d8abeb1d0092fd16b8e6efe96eecdcb7d62e56d8b9de3c1

  • SSDEEP

    6144:PDRYLF0WnhfA+UOx85VjsXov0Df+FyUzg:rR20Wnt3KsXo8DfCywg

Score
10/10
formbookhlpqratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

hlpq

Decoy

mldSsngjzTHzaBZba069RrUmJw==

f0b/EZNM9UFUVxE=

MDL3b5SzuL6PH/Kikfw=

OudWLtIWZJFGaA==

xXgtQAEmIRjnk2vd+TVnrkpcMA==

HNmBV2fv0mP2gxk=

faeiX5TDOI5ltFsZ

bP0KGLe8mXkxmVkO

VRZeZu3VJs1Q2mET

A9mQgvhLDCUYYg==

TvpiStz3fge+3ZpO73Vj

fBaaUHWI3y02WQXrUa5r

54L6DSGvfeO1tVb9e6sktVDY

yM0Iv3K6hwXriE3Nu+N2eB60w0VNNgo=

obVogUsv0CTETtGGNqAktVDY

zuyrKkdHKGP2gxk=

ZnYxy5BL3u+4qVgkuJufqg==

0P24HCo4h+iuJfKikfw=

gaVk/JEbvFmbJDqNk+s=

bTekCo8Z5gcepjtsjtmGzZ0=

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1360
    • C:\Users\Admin\AppData\Local\Temp\sample and order.exe
      "C:\Users\Admin\AppData\Local\Temp\sample and order.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:784
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2020
        • C:\Windows\SysWOW64\systray.exe
          "C:\Windows\SysWOW64\systray.exe"
          4⤵
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1516
          • C:\Program Files\Mozilla Firefox\Firefox.exe
            "C:\Program Files\Mozilla Firefox\Firefox.exe"
            5⤵
              PID:1744
      • C:\Windows\SysWOW64\autofmt.exe
        "C:\Windows\SysWOW64\autofmt.exe"
        2⤵
          PID:1444

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\sqlite3.dll
        Filesize

        804KB

        MD5

        b09588d000ef4bf2a3dddd85bd701423

        SHA1

        44a810ff8920a340a30b66d932253555143dc28b

        SHA256

        ce4ffc1a12150b8523378553f2a97dd3fc44d5210ae6c296ab31e2c78f0d03c3

        SHA512

        1d807d92da34ccba4628f2a55c3ac1c03ff63925d79e266b4e52d71002228cbde76206ec696c3e25143fc2e0cab56589155666ff6f8ea0ebfd5ebcd362168e2a

        Download Submit

      • memory/784-55-0x00000000002F0000-0x00000000002FC000-memory.dmp

        Filesize

        48KB

        Download

      • memory/784-56-0x0000000000300000-0x0000000000308000-memory.dmp

        Filesize

        32KB

        Download

      • memory/784-54-0x00000000012F0000-0x000000000133A000-memory.dmp

        Filesize

        296KB

        Download

      • memory/1360-68-0x0000000003FA0000-0x0000000004072000-memory.dmp

        Filesize

        840KB

        Download

      • memory/1360-82-0x0000000004EB0000-0x0000000004F8D000-memory.dmp

        Filesize

        884KB

        Download

      • memory/1360-79-0x0000000004EB0000-0x0000000004F8D000-memory.dmp

        Filesize

        884KB

        Download

      • memory/1360-71-0x0000000004AF0000-0x0000000004C4D000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1516-75-0x0000000000B10000-0x0000000000B15000-memory.dmp

        Filesize

        20KB

        Download

      • memory/1516-78-0x0000000000500000-0x000000000058F000-memory.dmp

        Filesize

        572KB

        Download

      • memory/1516-81-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1516-80-0x0000000000080000-0x00000000000AD000-memory.dmp

        Filesize

        180KB

        Download

      • memory/1516-77-0x00000000020B0000-0x00000000023B3000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/1516-76-0x0000000000080000-0x00000000000AD000-memory.dmp

        Filesize

        180KB

        Download

      • memory/2020-74-0x0000000000401000-0x000000000042E000-memory.dmp

        Filesize

        180KB

        Download

      • memory/2020-73-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2020-63-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2020-70-0x0000000000170000-0x0000000000180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2020-64-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2020-65-0x0000000000401000-0x000000000042E000-memory.dmp

        Filesize

        180KB

        Download

      • memory/2020-60-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2020-67-0x0000000000130000-0x0000000000140000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2020-66-0x0000000000990000-0x0000000000C93000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2020-57-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2020-58-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download