Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

85034d5dfa...62.exe

windows7-x64

7

85034d5dfa...62.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 10:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe

  • Size

    790KB

  • MD5

    2217f5355683346c04124290920e1ea0

  • SHA1

    89e8d91986793a6f9cfb02932045bf1e62e6a4ce

  • SHA256

    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262

  • SHA512

    6e76af4c851801c9bf4f799162fd78d0ecfde951265177343a055e5a940306a1975c353aa62a44baaa5e4c3f11968ca25212eab4d27e7cd3d6fb90cc94a19ac3

  • SSDEEP

    12288:YSP2Vu2On5XQlE983JNsUDvlkd73hS3n8H5PGFAyG/Q7wv+lR://2On5XakphS305P4An/9+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    "C:\Users\Admin\AppData\Local\Temp\85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1944

Network

  • flag-us
    DNS
    api.v2.secdls.com
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.secdls.com
    IN A
    Response
    api.v2.secdls.com
    IN A
    127.0.0.1
  • flag-us
    DNS
    staticrr.cloudbox04.com
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.cloudbox04.com
    IN A
    Response
  • flag-us
    DNS
    staticrr.sslsecure1.com
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    Remote address:
    8.8.8.8:53
    Request
    staticrr.sslsecure1.com
    IN A
    Response
    staticrr.sslsecure1.com
    IN A
    193.166.255.171
  • 127.0.0.1:80
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
  • 193.166.255.171:80
    staticrr.sslsecure1.com
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    152 B
     3
  • 8.8.8.8:53
    api.v2.secdls.com
    dns
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    63 B
     79 B
     1
    1

    DNS Request

    api.v2.secdls.com

    DNS Response

    127.0.0.1

  • 8.8.8.8:53
    staticrr.cloudbox04.com
    dns
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    69 B
     142 B
     1
    1

    DNS Request

    staticrr.cloudbox04.com

  • 8.8.8.8:53
    staticrr.sslsecure1.com
    dns
    85034d5dfa0c970731da540556187fdbc6989058c23a3cfce67ba7c972bbb262.exe
    69 B
     85 B
     1
    1

    DNS Request

    staticrr.sslsecure1.com

    DNS Response

    193.166.255.171

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\dfs5F9E.tmp
    Filesize

    537KB

    MD5

    ff7eef4dfcc3c54deb1bb962d39b5ad9

    SHA1

    7125758b5088e41160ae6d04a30ed20b842fdc7b

    SHA256

    65534417c3d94effdc940ee2cbcc57adb81b00f9584a4f3f4cc6f5d5f9ed18a9

    SHA512

    e0cfcd65d21dc8094782a09202ca26365d15c258992cc96045760a2393c979cc3db0236572efd3ae634fab48bb85557db12e07740687e8c69706d13d4682e142

    Download Submit

  • \Users\Admin\AppData\Local\Temp\dfs5F9E.tmp
    Filesize

    537KB

    MD5

    ff7eef4dfcc3c54deb1bb962d39b5ad9

    SHA1

    7125758b5088e41160ae6d04a30ed20b842fdc7b

    SHA256

    65534417c3d94effdc940ee2cbcc57adb81b00f9584a4f3f4cc6f5d5f9ed18a9

    SHA512

    e0cfcd65d21dc8094782a09202ca26365d15c258992cc96045760a2393c979cc3db0236572efd3ae634fab48bb85557db12e07740687e8c69706d13d4682e142

    Download Submit

  • memory/1944-56-0x0000000000970000-0x00000000009FC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/1944-57-0x0000000000360000-0x000000000036C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-58-0x0000000076141000-0x0000000076143000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1944-59-0x0000000000B67000-0x0000000000B78000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1944-60-0x000000000C6E0000-0x000000000CE86000-memory.dmp

    Filesize

    7.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.