Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

87771b930f...d6.exe

windows7-x64

87771b930f...d6.exe

windows10-2004-x64

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 23:36

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6.exe

  • Size

    244KB

  • MD5

    4496578bd5fb9153b6dca335b1a89be6

  • SHA1

    65e635385fccafbe495bd36db14b3b0098fe4763

  • SHA256

    87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6

  • SHA512

    7a2d3e49070a1169045e2a9cbc10b859938b322a3f6cfb4b7fbf01f78972e1d9e116178e37838b2649f3661a884afa5a798cf7fb8c92290f60889d439924cc8e

  • SSDEEP

    3072:CwJI/eenD+PvsD4sjyiacgdYVzdbxiQUjSf722ZYvOSnDcPdwa1u6Bjnqw:CL/eeqPDxia5YAQUjC722FCJ1Qj9

Score
8/10
adwarepersistencestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 2 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6.exe
    "C:\Users\Admin\AppData\Local\Temp\87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Users\Admin\AppData\Local\Temp\jqx.exe
      "C:\Users\Admin\AppData\Local\Temp\jqx.exe"
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5032
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Iprip
    1⤵
    • Sets DLL path for service in the registry
    • Sets service image path in registry
    • Loads dropped DLL
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4472
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3981855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:2164

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jqx.exe
    Filesize

    20KB

    MD5

    6d503f46ffe12541109dacb2d764ab67

    SHA1

    332ce950448830b28e455308be7f5dd68840264f

    SHA256

    63986c2f76b3160039635370b08483e35afb29b934e527d80aa93386d27e99a3

    SHA512

    f1dcc6c74366284ee3216f15298976ac51f51955d20954e096709a6da35ab3fef9287b06eff6da0f27d7fbb434cbadd742f24756d9a67adbce5dac87a5d7ea00

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jqx.exe
    Filesize

    20KB

    MD5

    6d503f46ffe12541109dacb2d764ab67

    SHA1

    332ce950448830b28e455308be7f5dd68840264f

    SHA256

    63986c2f76b3160039635370b08483e35afb29b934e527d80aa93386d27e99a3

    SHA512

    f1dcc6c74366284ee3216f15298976ac51f51955d20954e096709a6da35ab3fef9287b06eff6da0f27d7fbb434cbadd742f24756d9a67adbce5dac87a5d7ea00

    Download Submit

  • C:\Windows\SysWOW64\fsutk.dll
    Filesize

    116KB

    MD5

    b7a2b15f6cd9a16e1fe15b867a6b40ed

    SHA1

    7673d0372b5a1937bbd52826107a4385b7a3da08

    SHA256

    78be4f2d1902e7d9194e14a08c792466c13464f87b21aa0f2bbac476edd05db5

    SHA512

    7f08af47ba878db854ddfe87f6c96204f8675346bec39525d947ebbbd59ccb662032c518d64e0586b4dc5ee499e07042a00e4a4cacbe6bf74bea57e3dff387fb

    Download Submit

  • C:\Windows\SysWOW64\fsutk.dll
    Filesize

    116KB

    MD5

    b7a2b15f6cd9a16e1fe15b867a6b40ed

    SHA1

    7673d0372b5a1937bbd52826107a4385b7a3da08

    SHA256

    78be4f2d1902e7d9194e14a08c792466c13464f87b21aa0f2bbac476edd05db5

    SHA512

    7f08af47ba878db854ddfe87f6c96204f8675346bec39525d947ebbbd59ccb662032c518d64e0586b4dc5ee499e07042a00e4a4cacbe6bf74bea57e3dff387fb

    Download Submit

  • C:\Windows\SysWOW64\fsutk.dll
    Filesize

    116KB

    MD5

    b7a2b15f6cd9a16e1fe15b867a6b40ed

    SHA1

    7673d0372b5a1937bbd52826107a4385b7a3da08

    SHA256

    78be4f2d1902e7d9194e14a08c792466c13464f87b21aa0f2bbac476edd05db5

    SHA512

    7f08af47ba878db854ddfe87f6c96204f8675346bec39525d947ebbbd59ccb662032c518d64e0586b4dc5ee499e07042a00e4a4cacbe6bf74bea57e3dff387fb

    Download Submit

  • C:\Windows\SysWOW64\liprip.dll
    Filesize

    84KB

    MD5

    624a66664fd5c1648a515495f14b1e22

    SHA1

    601d3dd45ea5e9bc217e309183ec6c99281150df

    SHA256

    5c6551e59177b93111fe35e760842184004db46c3fdb12b0e62f6fbb13efa451

    SHA512

    4f821eec33d49e77ca383ebd3344ff7acf30ffc8f67058d14e1e164a8c6848a90203ef6f63b848ede40b0c585a3542489b1058dfe28da58c0fa6d3bc6118035f

    Download Submit

  • \??\c:\$Recycle.bin\int.dat
    Filesize

    220KB

    MD5

    c65cf5d4fa3670b060713b49a46fbede

    SHA1

    315941ab4859008e7d3805d6e3b38a2476a98295

    SHA256

    ed3cc82856e36aee10b0da04fcce96c58a423a9f91cd915fe0e66cc10991d73b

    SHA512

    83ded1cd97b3863b7aaba218ee5ea6f32a265b13aa57c64518efa555fcde854ce809d599b753c82816f2e74be72235d10fbd8950bb2507e18a54b3177a76d7f0

    Download Submit

  • \??\c:\windows\SysWOW64\liprip.dll
    Filesize

    84KB

    MD5

    624a66664fd5c1648a515495f14b1e22

    SHA1

    601d3dd45ea5e9bc217e309183ec6c99281150df

    SHA256

    5c6551e59177b93111fe35e760842184004db46c3fdb12b0e62f6fbb13efa451

    SHA512

    4f821eec33d49e77ca383ebd3344ff7acf30ffc8f67058d14e1e164a8c6848a90203ef6f63b848ede40b0c585a3542489b1058dfe28da58c0fa6d3bc6118035f

    Download Submit

  • memory/4472-141-0x0000000001800000-0x0000000001820000-memory.dmp

    Filesize

    128KB

    Download