Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Trojan-Ran...er.exe

windows7-x64

10

Trojan-Ran...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    173s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan-Ransom.Win32.Blocker.exe

  • Size

    14KB

  • MD5

    331add07bd368ff7f40f722a1b86c18c

  • SHA1

    02b1b1faca8d7a3e16bb204710e1dc1f48a2db70

  • SHA256

    7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a

  • SHA512

    6204a7fc7ac4382f5b5ac358e3ed1c66361ad8b5c6f07bb35a1b5c402df0452088e37ddd42662c676f49667396840fc330104c38540e51a80c0d182235fe6883

  • SSDEEP

    384:3AHFMtzdh88K+WoSm4QxIgVDDuFQPqhVcILKle380:QluxWZQxI6DDue4B3

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 9 IoCs
    evasion
  • Disables RegEdit via registry modification 9 IoCs
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Executes dropped EXE 9 IoCs
  • Adds Run key to start application 2 TTPs 18 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:444
    • C:\Users\Admin\AppData\Local\Temp\wininst.exe
      C:\Users\Admin\AppData\Local\Temp\wininst.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:3756
    • C:\Users\Admin\AppData\Local\Temp\install.exe
      C:\Users\Admin\AppData\Local\Temp\install.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:812
    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      C:\Users\Admin\AppData\Local\Temp\svchost.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:4828
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:4784
    • C:\Users\Admin\AppData\Local\Temp\avp.exe
      C:\Users\Admin\AppData\Local\Temp\avp.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:1640
    • C:\Users\Admin\AppData\Local\Temp\cmd.exe
      C:\Users\Admin\AppData\Local\Temp\cmd.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:4292
    • C:\Windows\services.exe
      C:\Windows\services.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:1112
    • C:\Users\Admin\AppData\Local\Temp\iexplarer.exe
      C:\Users\Admin\AppData\Local\Temp\iexplarer.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:1456
    • C:\Users\Admin\AppData\Local\Temp\mdm.exe
      C:\Users\Admin\AppData\Local\Temp\mdm.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      PID:4220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\avp.exe
    Filesize

    14KB

    MD5

    46f1fd1ff8ac8bab84873d00cd634384

    SHA1

    0198f9317f4c7844954903fa08a8fbaf592eeec4

    SHA256

    2d5ef3b8f3ab429509304ebafae70f4dace849a47655183106e1f93d5e64c929

    SHA512

    830fd6cd6aabd38602b75635a60428837a9e16d22a8a935e5414fecab1c27340a88f565b981501a41517ce7648426196dbc7d4fd9bf9383fbd7e54c7241656b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\avp.exe
    Filesize

    14KB

    MD5

    46f1fd1ff8ac8bab84873d00cd634384

    SHA1

    0198f9317f4c7844954903fa08a8fbaf592eeec4

    SHA256

    2d5ef3b8f3ab429509304ebafae70f4dace849a47655183106e1f93d5e64c929

    SHA512

    830fd6cd6aabd38602b75635a60428837a9e16d22a8a935e5414fecab1c27340a88f565b981501a41517ce7648426196dbc7d4fd9bf9383fbd7e54c7241656b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cmd.exe
    Filesize

    14KB

    MD5

    46f1fd1ff8ac8bab84873d00cd634384

    SHA1

    0198f9317f4c7844954903fa08a8fbaf592eeec4

    SHA256

    2d5ef3b8f3ab429509304ebafae70f4dace849a47655183106e1f93d5e64c929

    SHA512

    830fd6cd6aabd38602b75635a60428837a9e16d22a8a935e5414fecab1c27340a88f565b981501a41517ce7648426196dbc7d4fd9bf9383fbd7e54c7241656b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cmd.exe
    Filesize

    14KB

    MD5

    46f1fd1ff8ac8bab84873d00cd634384

    SHA1

    0198f9317f4c7844954903fa08a8fbaf592eeec4

    SHA256

    2d5ef3b8f3ab429509304ebafae70f4dace849a47655183106e1f93d5e64c929

    SHA512

    830fd6cd6aabd38602b75635a60428837a9e16d22a8a935e5414fecab1c27340a88f565b981501a41517ce7648426196dbc7d4fd9bf9383fbd7e54c7241656b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iexplarer.exe
    Filesize

    14KB

    MD5

    e4c0bd6f07cc3439e77aab466353eaa5

    SHA1

    7fb3ea8126301b8256e7a5ce55d81fcf1941c701

    SHA256

    d71df63262d0cd955db8f4e8cfd53ba1e726ab48886a0ce7d9f0e5dd2e352186

    SHA512

    907a6ef4ef89c6ec4faeec3f695b1daffa42c05fc00077cbee1c5f1a4b1dad2b9431ed276e18e2abd73a136e43af700025394e0c93880d6ec6ba298c4d8330a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iexplarer.exe
    Filesize

    14KB

    MD5

    e4c0bd6f07cc3439e77aab466353eaa5

    SHA1

    7fb3ea8126301b8256e7a5ce55d81fcf1941c701

    SHA256

    d71df63262d0cd955db8f4e8cfd53ba1e726ab48886a0ce7d9f0e5dd2e352186

    SHA512

    907a6ef4ef89c6ec4faeec3f695b1daffa42c05fc00077cbee1c5f1a4b1dad2b9431ed276e18e2abd73a136e43af700025394e0c93880d6ec6ba298c4d8330a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\install.exe
    Filesize

    14KB

    MD5

    72c273541c42336c55b71d2cfcec4e49

    SHA1

    748ecb750d7501ec45400fff7d086dbc53d54336

    SHA256

    e05599ac8e4a2bf6fe41d73e25982f85a9141a864554d3f1a7fdca5a5be0f71e

    SHA512

    7847870446a6b4861b4c4c5ec3a285330fd673b3808b50070473a63560147dc0c7b1db854f32f39ce96a83ceb6fd2b4d15cbf43977a90518c667a6a64ee61c36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\install.exe
    Filesize

    14KB

    MD5

    72c273541c42336c55b71d2cfcec4e49

    SHA1

    748ecb750d7501ec45400fff7d086dbc53d54336

    SHA256

    e05599ac8e4a2bf6fe41d73e25982f85a9141a864554d3f1a7fdca5a5be0f71e

    SHA512

    7847870446a6b4861b4c4c5ec3a285330fd673b3808b50070473a63560147dc0c7b1db854f32f39ce96a83ceb6fd2b4d15cbf43977a90518c667a6a64ee61c36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mdm.exe
    Filesize

    14KB

    MD5

    ee480da12e9b2463d0349f602b8c8ffe

    SHA1

    6dd7806ef499af7889d98049e466af25d0adf5a4

    SHA256

    f3a68428f018a6b139f01a5fe11242767ab8bbbc7441b76a152f36cab83760e8

    SHA512

    bd1526bb5ab22b7a55ebbd769232347c98b92096bb732973aaa74d47c365faa2575cd36140e8c7eaf365fdd608c2974b5c7666359d26bdbf240778346a610c2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mdm.exe
    Filesize

    14KB

    MD5

    ee480da12e9b2463d0349f602b8c8ffe

    SHA1

    6dd7806ef499af7889d98049e466af25d0adf5a4

    SHA256

    f3a68428f018a6b139f01a5fe11242767ab8bbbc7441b76a152f36cab83760e8

    SHA512

    bd1526bb5ab22b7a55ebbd769232347c98b92096bb732973aaa74d47c365faa2575cd36140e8c7eaf365fdd608c2974b5c7666359d26bdbf240778346a610c2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
    Filesize

    14KB

    MD5

    a41fef83eeb63e1330ee00b1ff62c818

    SHA1

    a1c43ec091c5ff3d7794e2dc68c87fb7edd06a18

    SHA256

    be92d55fb1f92b4012db6042ba08eb05b03e900bd2d3561955bdad7fb93a5bf8

    SHA512

    ca4ddf57cb9b38e23641cf4388dd85341490e37503e79e4da11d78fb8a864facff9584a9c538869a43c7a93ed307547cd7409cb4a39ca20697f82ada7ec114b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
    Filesize

    14KB

    MD5

    a41fef83eeb63e1330ee00b1ff62c818

    SHA1

    a1c43ec091c5ff3d7794e2dc68c87fb7edd06a18

    SHA256

    be92d55fb1f92b4012db6042ba08eb05b03e900bd2d3561955bdad7fb93a5bf8

    SHA512

    ca4ddf57cb9b38e23641cf4388dd85341490e37503e79e4da11d78fb8a864facff9584a9c538869a43c7a93ed307547cd7409cb4a39ca20697f82ada7ec114b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wininst.exe
    Filesize

    14KB

    MD5

    cadfae16bc19b7230d224504ee10ad7d

    SHA1

    6ab34b51cb74c009c7c46aa4b24f927affa57306

    SHA256

    06e08082c8da418088a9e5a6f47ee9e765b4ce8d50a50dde622809d481ef3476

    SHA512

    f2fa48edb0cd93b65bc0ee820246fb63dd3dca60828110e619a5a9d3dbe016c982352e89910f82114025836b33d9c9bfca3a6d5b273c77aa91ae9bcc07c2c4c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wininst.exe
    Filesize

    14KB

    MD5

    cadfae16bc19b7230d224504ee10ad7d

    SHA1

    6ab34b51cb74c009c7c46aa4b24f927affa57306

    SHA256

    06e08082c8da418088a9e5a6f47ee9e765b4ce8d50a50dde622809d481ef3476

    SHA512

    f2fa48edb0cd93b65bc0ee820246fb63dd3dca60828110e619a5a9d3dbe016c982352e89910f82114025836b33d9c9bfca3a6d5b273c77aa91ae9bcc07c2c4c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yawghd72y7huhd.tmp
    Filesize

    4B

    MD5

    646f4491403c7e9f5c3e218f1687a948

    SHA1

    77308a30e1f0ccf7bf6597f3117583348b41578b

    SHA256

    58774c96b175e0fa0fd1f5938e0a73d976070e9b1f86098d20531c9f7c5b4a3c

    SHA512

    4ffaa8bb2b0c92554181e84f3a600fc9587f73227aa22a3c1acf2ae3901e71f60990c2dca8561f420881867f1250e29f1990d5e70e3eac89b90715db45fa28e0

    Download Submit

  • C:\Windows\services.exe
    Filesize

    14KB

    MD5

    95b7b2024ef78413eb4dfee9a25b509f

    SHA1

    17ee1939264b9d8828470b7339b8f8fcb0d921b7

    SHA256

    236337d4dcf1f81ee05ea7aa865cd36d20757e9f1de8cdd4e40ee0fc8e50e108

    SHA512

    6917496b77495384c059902078ce4efd419dda5daa5fa3333e069ee20702b3a465a5e643f88585568a3d4d56080c7218598e7eac2362cb9b0033df717cd5202b

    Download Submit

  • C:\Windows\services.exe
    Filesize

    14KB

    MD5

    95b7b2024ef78413eb4dfee9a25b509f

    SHA1

    17ee1939264b9d8828470b7339b8f8fcb0d921b7

    SHA256

    236337d4dcf1f81ee05ea7aa865cd36d20757e9f1de8cdd4e40ee0fc8e50e108

    SHA512

    6917496b77495384c059902078ce4efd419dda5daa5fa3333e069ee20702b3a465a5e643f88585568a3d4d56080c7218598e7eac2362cb9b0033df717cd5202b

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    14KB

    MD5

    b65b9ed8a06e6aa2ae656aaa12509792

    SHA1

    97390f3d7be9763e9dcf6600b20013227aa67e5e

    SHA256

    557581f25e836fdb109fc06fbdd08587290de496b0036b6dfba15efd9f99ee12

    SHA512

    701a53758d32d537be4f47d95050f71102f7cba3946b13ac00c3a11f30764ed4176ea1e9678f57dcdf5de968b834137addf9fe38bf9892eae037be61e440aa97

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    14KB

    MD5

    b65b9ed8a06e6aa2ae656aaa12509792

    SHA1

    97390f3d7be9763e9dcf6600b20013227aa67e5e

    SHA256

    557581f25e836fdb109fc06fbdd08587290de496b0036b6dfba15efd9f99ee12

    SHA512

    701a53758d32d537be4f47d95050f71102f7cba3946b13ac00c3a11f30764ed4176ea1e9678f57dcdf5de968b834137addf9fe38bf9892eae037be61e440aa97

    Download Submit