Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    123s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2022, 02:44

General

  • Target

    b11035014114ce143da5e317291468c7f536c64da6f48a3b2cab96ba933519d7.exe

  • Size

    24KB

  • MD5

    551b14c92726248a9181b39b0052fe20

  • SHA1

    df8797ab399a5f951940e01e951e405d8bce3878

  • SHA256

    b11035014114ce143da5e317291468c7f536c64da6f48a3b2cab96ba933519d7

  • SHA512

    021a9548923ed6897daffdb80c483a9c9cead67b7c4fd82dfe16c9243497df41f11b5ae78e4e2e78bc611649b3211ab436e6f544986255147a5033eeb5046519

  • SSDEEP

    192:NMwcvY7gE9Juk0/f9UGdcjCjI/kKteDK0sQJEGO:SwwEJ9JukKfyBmkHeDK0sQ2GO

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b11035014114ce143da5e317291468c7f536c64da6f48a3b2cab96ba933519d7.exe
    "C:\Users\Admin\AppData\Local\Temp\b11035014114ce143da5e317291468c7f536c64da6f48a3b2cab96ba933519d7.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe "http://www.netgy.com/cpm/10102/10194.jsp?s=11054&dm=2"
      2⤵
        PID:2004
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe "http://u.772268.com/gg/1026.html"
        2⤵
          PID:936
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1668
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.netgy.com/cpm/10102/10194.jsp?s=11054&dm=2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1288
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1872
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1232
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://u.772268.com/gg/1026.html
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:572
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:572 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1856

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21A1A3C1-5134-11ED-84F9-5A21EB137514}.dat

        Filesize

        3KB

        MD5

        fa36be1dc35cf95e5186c391a9ca87aa

        SHA1

        6e1a7817ee69575b4ccd0d8af73085fdf4c64ba7

        SHA256

        4bbb50d6322534292ab796d625ffe89c1e3fbdd2e7798018824c055b4354a6b3

        SHA512

        2865c73a6e04b2ec754d3fc4c84c518a57ef70b35c1b81792ece1b0053d9836678223af6316b772c03d98dca56c2ab04fd1fd52588f77550df25f75f71528269

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21A1CAD1-5134-11ED-84F9-5A21EB137514}.dat

        Filesize

        4KB

        MD5

        4bc4f49d74d2ed4458eacffde3025f61

        SHA1

        3e6e9742fa71dd3d13809f6b3baade3af2bfeeb2

        SHA256

        31706bf887713eac716b97a4b1c7e2a13f7459119fbdc69c90c2a8569f8bdc2a

        SHA512

        8c495692a480a0c0f2f80c58e3662a6746c61125d19ba6db197ee835f72109de939fd81ae398dd3612bf057b417beeb16cb2e636b272e5c0ec32d94e14bca5a9

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CAA5UU3P.txt

        Filesize

        601B

        MD5

        8147d306029f148d04b7b5338a3e7a7c

        SHA1

        feab0775df286db5e75e6fefc7a72b0a39af1932

        SHA256

        6829a40e3cea634fe0b67ff7e3b8b18412823176093b0a1f0ede2a61f186246c

        SHA512

        3a90f50813d9ec235c0d98dab81c52ad0f32418f128458ab58fd0e12295abd268ea8478d301ae6b077cf5b4c79f9cbf982f7540e90418d4dc5d9d5743a63f387

      • memory/1668-62-0x000007FEFC3B1000-0x000007FEFC3B3000-memory.dmp

        Filesize

        8KB

      • memory/2004-57-0x0000000075C61000-0x0000000075C63000-memory.dmp

        Filesize

        8KB

      • memory/2004-58-0x00000000751B1000-0x00000000751B3000-memory.dmp

        Filesize

        8KB