Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 12:28

General

  • Target

    ae6287c078c5c6426a12723e67951ce1820a0eb1af1c176a1d3fecc7a699614a.dll

  • Size

    666KB

  • MD5

    a500d3575e09c282cc97b9d60d5270c6

  • SHA1

    9926800d8436264b7d78b45f41ed071f3469aaa8

  • SHA256

    ae6287c078c5c6426a12723e67951ce1820a0eb1af1c176a1d3fecc7a699614a

  • SHA512

    6cdafad189a8e5cfe5fe05c62b28120d0c69296570b0d3317e9196324255cf045b1d18614ef89e8f34891987584159796499b30b1dee69252ddad097d2e92f99

  • SSDEEP

    12288:UBPgEfxixsIbWME80+YAKK54ygTGI0JwT8TOG6V4W8KorWeIqZxS2sBxcHQgEyqW:UBAbWME80vAxHgTuyTuOGiF8rqePW2lz

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6287c078c5c6426a12723e67951ce1820a0eb1af1c176a1d3fecc7a699614a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6287c078c5c6426a12723e67951ce1820a0eb1af1c176a1d3fecc7a699614a.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:360
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\system32\svchost.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:680
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/pt_BR/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1268
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0cf21278c78fe6e4a45d9de8e4d3fd73

    SHA1

    f10deb8cab744501503d51321640855ddbde8270

    SHA256

    7c2c57a7808b3e756dfacf55e83c1e48373fda5d9f84756956f298ff5313b9ce

    SHA512

    883efd998e20430d9af7b0346847c05be4fd436e0de7cc6b9c26b365eb01ea63d4d8be78e57e1ea0fb85f126ed31bd0164c3c6522834acac7b42bae271cf3ad7

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

    Filesize

    1KB

    MD5

    fe5862c81c7398f6b073059bb62b2c60

    SHA1

    cea44376e42c992800f23517cd329b35c706c32b

    SHA256

    0a538732a65a43a076ec6814a98ca3462ff02ef2c808b14c899917788805e5c6

    SHA512

    390d2a1fbcc8f091a82ddbf04276b723c2ad74e580ba752f1ca47a8dcf856b1ba8346c6aa2cccb55983adbb43e03e7c63bb70fbb889be2599a398e2efd13dff4

  • C:\Users\Admin\AppData\Local\Temp\image.gif

    Filesize

    1022B

    MD5

    e8f7fdb9e108ee44039f52e157b43a10

    SHA1

    51e6bebebe0ac865c065eb9a6c3fd41f6c3c3c70

    SHA256

    d5a320d22071d9907e6c456b83b422978db1bc7474274ee4afd5bcbf6f5fd0c2

    SHA512

    aed5b60b7e777655d4c88b56c77fefe7dede00b4ca5f17dbfbbbb60897133f520391dc6fefd9e5a65fdfb6c00b12aa806d4ba60a442f5bbb280ca31cafc8879e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QG7XW2YO.txt

    Filesize

    608B

    MD5

    9c8e73a6bbac51ec5b8a4b775e1a96e1

    SHA1

    a028c57d14564347b5f75f9e2f7ce2779b548671

    SHA256

    5742c1f30b8b2bb021cb4b744f84e779cdbb2001dc30360e889f5ad68c96106a

    SHA512

    30ebd1d044fe019cf9babda82f04adb5f32903befa3d0cdcc4de1ed5ef4ef2218cad576c56338ef4baf3beaca8c3aaa522acda44707fd8968100db111c7faf0f

  • memory/360-55-0x00000000767D1000-0x00000000767D3000-memory.dmp

    Filesize

    8KB

  • memory/360-64-0x0000000005F30000-0x0000000006039000-memory.dmp

    Filesize

    1.0MB

  • memory/680-62-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB

  • memory/680-60-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB

  • memory/680-65-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB

  • memory/680-66-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB

  • memory/680-58-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB

  • memory/680-56-0x0000000008C60000-0x0000000008CBF000-memory.dmp

    Filesize

    380KB