Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

979efb965e...97.exe

windows7-x64

3

979efb965e...97.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    979efb965eb7438b8d90b581c38df88d1e0afc24086a841703731b8583b01797.exe

  • Size

    558KB

  • MD5

    9d46df79329e1181e232d31990ba673f

  • SHA1

    87227a78bbd49655be0abdff2afde4a94f5d4a57

  • SHA256

    979efb965eb7438b8d90b581c38df88d1e0afc24086a841703731b8583b01797

  • SHA512

    c5d96dbf90b12233bc04e8a64b63eebab3f28d487388d7eda02e1efb09ea0da23656701369abdee9d93fe31fe13a9dcee8a86b9fa8c9f042d61aa876675de6c2

  • SSDEEP

    12288:Uhbk39tLxU8d7EZ/fQdAhecXzbULkt+SYE8Uam:UhYt1xU8FAXVheCnFam

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\979efb965eb7438b8d90b581c38df88d1e0afc24086a841703731b8583b01797.exe
    "C:\Users\Admin\AppData\Local\Temp\979efb965eb7438b8d90b581c38df88d1e0afc24086a841703731b8583b01797.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/pt_BR/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:596 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    430e42076f5abb2ae5f01e756d72ac00

    SHA1

    1af5eb8487fa1983cfcabad29f59e7d1b4dba3f9

    SHA256

    3109a8bcee186fbba213e4c5c0182f759a6d7f96cd587976918f020c76fb79b5

    SHA512

    e43f32184c7f1d88312996d29820631e9150d28ad3957b98e07e0e25745de49b2bfe2003cee71e9e076163f1e3df723137fc7def41f3cd721a536d36e9c068c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    4aec1099a47f2fcaf842ebac8e7af34f

    SHA1

    11f80b3701a982f172a77500d4fbf062c4dd0070

    SHA256

    931343b82329cb30e2c434c32519306255172570065da9b97b5ef65c5ef4b717

    SHA512

    1e1914e54d74dd3cc14acd7d71126766d0f6f63ba18ffea76b1559f87c438244276f142e6d2db2833b1a7b2c0e2c78ee6b4c14de264b72198a0fb64ce5aa1a8a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\56NTC2VO.txt
    Filesize

    596B

    MD5

    602c63a17a1afb481e99cdfd5d012d70

    SHA1

    84372ce98526a1c7e49a3b41a8e86aaab0f9d5db

    SHA256

    d742473f4e151647b171fdc8fb15c8b7c549a126da07154585e36f6c3653139c

    SHA512

    aa437a8960a9d2ba28d39b813d7c3a09b98e6d8e924fa17b7d57d9ae6bb29f1500201f3f430fb1ec1c8291612911c939f0aaab7e6ce78a1a8de1232e4021df1a

    Download Submit

  • memory/900-54-0x0000000075C61000-0x0000000075C63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/900-55-0x0000000056250000-0x00000000563B8000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/900-56-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/900-61-0x0000000056250000-0x00000000563B8000-memory.dmp

    Filesize

    1.4MB

    Download