Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

55ded8c9fa...fd.exe

windows7-x64

8

55ded8c9fa...fd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe

  • Size

    674KB

  • MD5

    90b6b07cfeca444beae29075302c6a5c

  • SHA1

    982740d05dbd3aa13a584d76f55f7562416523d7

  • SHA256

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd

  • SHA512

    4b345dab7b7f57972a588c36f6caa8183740a5df2474bd6ceb6efc46003547baea4a41f83151d8466088ded7606d758d8a6b40c836c6995668542bc346851bc8

  • SSDEEP

    12288:HZjMLf11MmPQeRXEHYYS3gA0FJO1t3r6QYrOmok4:HafIiy4NwdLpQoOmok4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe
    "C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\game.exe
      C:\game.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:3392
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://down.xingkongjisu.com/flashplayer.htm?52b
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3240
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3240 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3828

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    19f6edd81276d02dd8e6deb50ad30f35

    SHA1

    e296cebefb8ae9c12681b2817dabd6e2b43f8c02

    SHA256

    40b40633767f009406c2bc70df86f5242f9ad1b698704e763f79bfd748c9dba9

    SHA512

    8d654df1de235b5a9308736e39823698bb9bfbb9ca185beda89df630bf1647e57effdfba285db454aeeb5dc64f09dfbe1a21a29e814fb14fea5322e4337020d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    d3ff0edeee7d1ea5754d8a290ae01189

    SHA1

    253ee24a4776d30bac0aedd7ea213adea6acb6f9

    SHA256

    e2e542a3681c428c021d38e608dffa43da666f6f3c53f623c21dc184639b222b

    SHA512

    ab14449059ae31856026e8d8cb0ec0b4158da0fd19f2a73940a159574a9084ce6a09ac05fb80ef3ab11cd9b1395dce021872215baced48f9e8a0bf7311000db7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    d3ff0edeee7d1ea5754d8a290ae01189

    SHA1

    253ee24a4776d30bac0aedd7ea213adea6acb6f9

    SHA256

    e2e542a3681c428c021d38e608dffa43da666f6f3c53f623c21dc184639b222b

    SHA512

    ab14449059ae31856026e8d8cb0ec0b4158da0fd19f2a73940a159574a9084ce6a09ac05fb80ef3ab11cd9b1395dce021872215baced48f9e8a0bf7311000db7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
    Filesize

    472B

    MD5

    cd396ed18da096e2dc38545a57749359

    SHA1

    546cea0bd9b6b27b3050f84525a0fcdf02d9627b

    SHA256

    020df93337b25383ccc3d4dfc35944cdfe8139deb36a72b950ae41274e521e42

    SHA512

    57c7ae8431e7fff259846cae7a1b7dc8c07b1f98376e3953dfe5b43e39258917cd29ea7562a270042389a24584ea83b4e15aa5d5d9f24365dbb4dcbcedb7de25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
    Filesize

    472B

    MD5

    d5fb2bb3183bdfca2229aed607409df3

    SHA1

    38a419a7a186a78ff8a07be3321947f846ebf958

    SHA256

    7ed2d84b138292743f14fa88fd204c5bb02155cba62bbc59ee4358f27f9b96a1

    SHA512

    1b778899aed9a4aea5c4ca9f80088527694465cd20157584fb6f834b2b66ee179bfb4f91e7a2484f47a24aa92ad745877d6753f091a3a800c989df22b1efdebe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    b1ba882c099ed5d14776d2e8e8f068f8

    SHA1

    28fd2f4d30815edfb5ce741e3be49ed4f5e7e64a

    SHA256

    11cf2fcfc65fb8a400d2ae2f143de355377b87b497f9c2ab20d539465973314c

    SHA512

    d53a41c74e802292eb685404a1660cb880e5d26e5a6a48ee5d87a9fb2b5776c313c982f19b0795bb936a6fda059f7a14ccd0d35e021909c5a1fee314741a97a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    a4fec397be6c2b5b923ae42815365aab

    SHA1

    f6a5ae03269160f89bd07ae522ac7f4943c02f1d

    SHA256

    ae779de85538150302146172e11c9159a224644a7c948f2bfff12139f6d96f36

    SHA512

    a17ca69d899b5109ed9d8f71d8a8659aa70a7972cb92b155e6fbb71ca36181a99e1619c991ded95a34e8c71e7f3bef31a738b64bf041fa0300f452f72aa15ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    45435c123cdb0da6a8f3ca11549ec253

    SHA1

    b7d8e1e64f2414d3baccf2ccdb9c9c7c53ac4141

    SHA256

    39b687b4d848b6a530884ed67b018170c485e55c528d6377ef7c45785044c09d

    SHA512

    0d9fd31fab0bcb1b11fbbd85fb07c5c0bfa9471daa865eea82bd4525457af9bd38f3e97fdd1a3cc569dbe581d6c85d68c750fecc0c12ee84f92c7fd8c8aaceac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    210292ddf7f44fe95034eff220e2275b

    SHA1

    e8b14eebe4bdffbe266c6edeae0a92272579b0b7

    SHA256

    7a67ce468e43db5b1f50ced7e2b8fa579c40ab5709aff8b5e10354d30a521810

    SHA512

    33fe7bcfe493812ac77a64f0c024877734d2c9d2886999026a4a48a49e28b8f140469f23b56f2b22969cf1d0986a361d75642c21947e4aefa309319fb1505d53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
    Filesize

    402B

    MD5

    063fdb2b2c423c9fa94449744532c24a

    SHA1

    dd94c087ea7ceceba321a64080cecbc68c162422

    SHA256

    6faa04b60ef0ed56b9778decdc115267424a0d2f340feca40c025d184996b1a3

    SHA512

    d47b0a293f602470231c3d20438872a7f2eb141389c7b7cd5ef3fe796c7ddfd86e63af31d6433abc4237787422dc44d3eef1c5e9aa3be6e640891eb3489844c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
    Filesize

    402B

    MD5

    1e736956ad1f59ea61fad4a074a8a0f5

    SHA1

    893661e9cf9ff671ccc827d7b6675242e20deb37

    SHA256

    b10f728ecf5fdfb933635f6be37de552cf6e11ab530e4b4d0c242d3a9861c1d9

    SHA512

    dedcf8e4e4c0548c1fc97714392e2de1c4128d8ea282ed982275882fd6b0eab3bc6ddd6f68007926a4bfd74c22fb2818d3bcee5566bd69f49ca478d2502eb764

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C6E0922-4FE5-11ED-A0EE-E6C35CACCF0B}.dat
    Filesize

    3KB

    MD5

    45ec5e85ca2c36fd0a12d60728a5cd4b

    SHA1

    378467987483b65533e90aabb63f56b60f03c5a0

    SHA256

    200a83d03e48aca8fab12979a24fb63a7c12598c6369fe394f91b7c187476437

    SHA512

    1b2bf1a9bf0a11bb0d08d4d3f36b0cee0ef08374a5facbb541be825cbc252c973ba340a56a0bdae8d377f9423629e4fdf1fb895bb0c39f586ce0cd62992a2772

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C6E3032-4FE5-11ED-A0EE-E6C35CACCF0B}.dat
    Filesize

    5KB

    MD5

    fbe8f3ca233f9e72193bc60d707f4c8b

    SHA1

    df81f4f20f36cc1a18b3d1e154f0d265d0369bc2

    SHA256

    3757727f2bfb89baf760221a4191fbe517113e99c1945d4bc1b5f22301031b62

    SHA512

    d1599a828b63522f9db56a9dbfef84f753ca4c816847dbb053f0de78251f111988c93008e861ee45d6f2080c1c6a4b05de01eead8a6ffa0bd52f19c4565608fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat
    Filesize

    15KB

    MD5

    3d8cce73355577ca7ef4a70d4197a18d

    SHA1

    8bddd194cdba6bbc2ae6c45eb74e6a69291c1c62

    SHA256

    cdc4f59f19945261a8a177789aff704a56dd45197f387e129429a086d825cd9c

    SHA512

    bf86d30deee5d70b6529d2b7fa86322e6fa3d3856a7855d2c5fb83cca31a4676bcc657e12483d69eaf9ae4144a8cf6debb4b33e69487e9a04e83089cb4ad9714

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\chevron[1].svg
    Filesize

    200B

    MD5

    11b3089d616633ca6b73b57aa877eeb4

    SHA1

    07632f63e06b30d9b63c97177d3a8122629bda9b

    SHA256

    809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

    SHA512

    079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\search[1].svg
    Filesize

    391B

    MD5

    a6ad6e65373db8c1b1f154c4c83f8ce5

    SHA1

    84cc007d6d682c589e1e1f87482a5278830f3000

    SHA256

    920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563

    SHA512

    09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2

    Download Submit

  • C:\game.exe
    Filesize

    135KB

    MD5

    22d32aa8429775b3abc47291a3883851

    SHA1

    3b39345aa462af03b868c94a674886c0a995db48

    SHA256

    b2f96bb0befdcf0a6adc0875517f31670582fd8ba2d2eb643be966c7834bd925

    SHA512

    7ddf9f5f900026cfdead2272bb8ae69571053adf829f199ffc35fb009ef9c8dd11cd61f14c46f3235781405899d5363159cc9f02d05cd60b97614452ad219a07

    Download Submit

  • C:\game.exe
    Filesize

    135KB

    MD5

    22d32aa8429775b3abc47291a3883851

    SHA1

    3b39345aa462af03b868c94a674886c0a995db48

    SHA256

    b2f96bb0befdcf0a6adc0875517f31670582fd8ba2d2eb643be966c7834bd925

    SHA512

    7ddf9f5f900026cfdead2272bb8ae69571053adf829f199ffc35fb009ef9c8dd11cd61f14c46f3235781405899d5363159cc9f02d05cd60b97614452ad219a07

    Download Submit