Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

646eabe027...2b.exe

windows7-x64

8

646eabe027...2b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    104s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe

  • Size

    440KB

  • MD5

    81875945823c63fa24fb0929a71931fd

  • SHA1

    55a773138057a1d077683881834e03f1ec4d6d10

  • SHA256

    646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b

  • SHA512

    47ab171dca24b6446b4f5aa57621841a75d24aeb36e4f48a970768462e9a2256ee0ab8b9b5b78ce2eee9a433f4e7910712ed6a976d4cc303310d8139379c7fc8

  • SSDEEP

    12288:NMTi0uhMqe9ts2zWTpMmCG7F24jLZivYuWO:JXJTpMm7FLZih

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe
    "C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:700
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:700 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1588
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1336
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1092

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79E887A1-5063-11ED-B7CC-CE23F931F8E9}.dat
    Filesize

    3KB

    MD5

    06e4c57b093faf7ea53491f7afa8ee12

    SHA1

    bd00d529b2797384a67afc1e0e03ff300205dacd

    SHA256

    0036041bab1b3d571f40817c12b22f66d8e8239963c60dd654fe0c4209242df5

    SHA512

    0c00a1d8a8118063acfbb29be60118b2e120cb41bae7a95c9a6250c8ba83d69defc4872bacb18eefbcd7be5d010e6177a2301b54ec4432872e174174e787abab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79EB6DD1-5063-11ED-B7CC-CE23F931F8E9}.dat
    Filesize

    5KB

    MD5

    73bb6b1b4ce46215f398711fe6a960cb

    SHA1

    c7bfc1969d32a167e6a9ed5e72b48300e7f49950

    SHA256

    1579bcdf0dc71648628bd36a96b4b706dac08d3b6bb34d628d8aa4cc67ab94ea

    SHA512

    7de6eb7b86b4a580f022c7a3fe8159fd36c6808e6b19901d9ef3b55527eb93d24b11c406c0bb0f921b0cbd5dbdfcbe5bb8cfdc825b9c2b89c1ec95ad1add4627

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
    Filesize

    185KB

    MD5

    650ab7eb4b14cdc873c1db41178ff9fb

    SHA1

    bcf7c69f507935d452b496075fb776e53e19a5eb

    SHA256

    a2577db82e69062adb13f810de7da3dcfd80af1682abcd0279fe2e6e59802de2

    SHA512

    b6a1d23e4a036164472c8e1aaa7ddfd6fc3027231b5c983137e404be81c28175a3f2c2b07bc7029e5588b5559c2de74299d6c24d6e71bc33960c02befa3ce4d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\33CIVCB9.txt
    Filesize

    600B

    MD5

    c6d04948acb1e9c8e44b162f6515f4d8

    SHA1

    570ad879fe77f1c8fb35adc4131863c1e447f661

    SHA256

    1642aac0e8fe20ddd4c870126dd7b46d1214d69f1b87a86a6568ca97a9e6a4cd

    SHA512

    49e748b8b0d8b3a7c5e4aaed13482d88dca41c010e458d1364ee468bff5b08057ffae0e101ddaa6fe3af23e4f4fc823fbab657963f7395c7a6f1c25042ed1471

    Download Submit

  • \Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
    Filesize

    185KB

    MD5

    650ab7eb4b14cdc873c1db41178ff9fb

    SHA1

    bcf7c69f507935d452b496075fb776e53e19a5eb

    SHA256

    a2577db82e69062adb13f810de7da3dcfd80af1682abcd0279fe2e6e59802de2

    SHA512

    b6a1d23e4a036164472c8e1aaa7ddfd6fc3027231b5c983137e404be81c28175a3f2c2b07bc7029e5588b5559c2de74299d6c24d6e71bc33960c02befa3ce4d1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
    Filesize

    185KB

    MD5

    650ab7eb4b14cdc873c1db41178ff9fb

    SHA1

    bcf7c69f507935d452b496075fb776e53e19a5eb

    SHA256

    a2577db82e69062adb13f810de7da3dcfd80af1682abcd0279fe2e6e59802de2

    SHA512

    b6a1d23e4a036164472c8e1aaa7ddfd6fc3027231b5c983137e404be81c28175a3f2c2b07bc7029e5588b5559c2de74299d6c24d6e71bc33960c02befa3ce4d1

    Download Submit

  • memory/1232-60-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1232-63-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1380-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1380-59-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download