Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

d6b40904d2...ff.exe

windows7-x64

8

d6b40904d2...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2022, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6b40904d2d07a8bed76920e5bd77beb993944655ddfd9b2f370eed3c4c9beff.exe

  • Size

    361KB

  • MD5

    0a833f395e5ea4d8009636030b54c6b0

  • SHA1

    1a911f3c0e77b39bb5c0a4325b7814467f0fa2f2

  • SHA256

    d6b40904d2d07a8bed76920e5bd77beb993944655ddfd9b2f370eed3c4c9beff

  • SHA512

    9adc73aaf79bc40dcd530e42762c42f2f4269d390cc998fd5756a3e0ad3a2a92d04a2e3c512aaf79a095780eea097bf173318470e73c83d04cb69918dbe11eaa

  • SSDEEP

    6144:0flfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:0flfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 5 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 49 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6b40904d2d07a8bed76920e5bd77beb993944655ddfd9b2f370eed3c4c9beff.exe
    "C:\Users\Admin\AppData\Local\Temp\d6b40904d2d07a8bed76920e5bd77beb993944655ddfd9b2f370eed3c4c9beff.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Temp\wpjuohaunhamfzsl.exe
      C:\Temp\wpjuohaunhamfzsl.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\hoyioyxhry.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1720
        • C:\Temp\hoyioyxhry.exe
          C:\Temp\hoyioyxhry.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2024
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1280
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1704
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\i_hoyioyxhry.exe ups_ins
        3⤵
        • Executes dropped EXE
        PID:460
        • C:\Temp\i_hoyioyxhry.exe
          C:\Temp\i_hoyioyxhry.exe ups_ins
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1336

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • C:\Temp\hoyioyxhry.exe
    Filesize

    361KB

    MD5

    0cee31e088dca71ffe2fca591c162f8e

    SHA1

    fa94369d17f2bd81406c7696cedde9a44c4eed7d

    SHA256

    82965642f30f643e9d622142a5a0b1873300eaa4acb788d0649050dd0bcd46ae

    SHA512

    7fd6855799e8a00b731d1b3fc2e5e37f748476460e2e21ce733c96fbb8716d4cbb57e0215b3c918ac6075df2b8da133473e80d839ebce1586181eb661589ddf7

    Download Submit

  • C:\Temp\i_hoyioyxhry.exe
    Filesize

    361KB

    MD5

    aa81839f9096866e6e2b992a04299358

    SHA1

    6dfbdbb2a70208800d0e970ba7405c4a6b98ecc9

    SHA256

    f55b8e1fb36d144414b65ce7ae879ebc935f7937e646120d2269ceb1abe080b2

    SHA512

    b3a3de7345bcb336d7a8da80ca44b5fb9859b04e26b25e8bcecf78af10efa79d59e991b4941cc362ce971154fc7bc915f30fe778c49a91dcb72ab431a6701321

    Download Submit

  • C:\Temp\wpjuohaunhamfzsl.exe
    Filesize

    361KB

    MD5

    810e8a92c6029c9d44b3dd7cb1978e38

    SHA1

    c7216d93e4af121a9e11199ddd8f2c8a9b03bdc6

    SHA256

    24f0cf87e0531707cd4041954d383aede37f50d51fd35dedb4746e055a0ed870

    SHA512

    b837e8712f4196f3db7990d51d2048dfa2617b3480ebabf8f686b04b1dd380daeb0dc970092af02873c03985cf5742d9444073a6737089d23abcea9b003ed813

    Download Submit

  • C:\Temp\wpjuohaunhamfzsl.exe
    Filesize

    361KB

    MD5

    810e8a92c6029c9d44b3dd7cb1978e38

    SHA1

    c7216d93e4af121a9e11199ddd8f2c8a9b03bdc6

    SHA256

    24f0cf87e0531707cd4041954d383aede37f50d51fd35dedb4746e055a0ed870

    SHA512

    b837e8712f4196f3db7990d51d2048dfa2617b3480ebabf8f686b04b1dd380daeb0dc970092af02873c03985cf5742d9444073a6737089d23abcea9b003ed813

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZKD6CT2M.txt
    Filesize

    608B

    MD5

    7ec4445815ad73bbfc9cc0795997dec7

    SHA1

    2a91870d5d788c3c2ed1d738ed99170cf50d54fb

    SHA256

    6491956f4a390ac6fdbf5506e947bbef7a29adebcba8f32977c719f432d1412e

    SHA512

    961a7eb7927e08dc38fb045b3bab6dc5628dd4937670d8695a2a8238444a8f7405e8e3f74906f5749d80a3c62b4d4d907ea2734c6f02eb51610cd3ca166cfe46

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    d19b2c4c0ea8efb1014faa59c470c636

    SHA1

    71c534bee69c1264263586504f49b1a0ac7432ed

    SHA256

    c8c58f0100813d6044209f47be60866aa0acac9deb289357d710e5a3d842df59

    SHA512

    0431cd888511d4bbc6d9408c1015634103083f3188e4f73403eb9feee6f5a162645c5ab7b16852cadeb39a83d142d7556919f583e0bf811c983348ad1d112af7

    Download Submit

  • \Temp\wpjuohaunhamfzsl.exe
    Filesize

    361KB

    MD5

    810e8a92c6029c9d44b3dd7cb1978e38

    SHA1

    c7216d93e4af121a9e11199ddd8f2c8a9b03bdc6

    SHA256

    24f0cf87e0531707cd4041954d383aede37f50d51fd35dedb4746e055a0ed870

    SHA512

    b837e8712f4196f3db7990d51d2048dfa2617b3480ebabf8f686b04b1dd380daeb0dc970092af02873c03985cf5742d9444073a6737089d23abcea9b003ed813

    Download Submit