Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    297s
  • max time network
    401s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 19:12

General

  • Target

    zonesszanpinglun-v1.0/QQ空间秒赞秒评论(秒赞贴吧).exe

  • Size

    1.6MB

  • MD5

    f29d9bca9f069a84076593270496e3a1

  • SHA1

    a6f907bd2dfdd4ab81f9ebe3cb070c5430ed8632

  • SHA256

    d30c3cf612a35cf8bd52582f006afb580ebdad17c648a09b54cf6bbb2fd6ee57

  • SHA512

    4915962d2ead9bf33433d778b34abd2ccad4367d8adf191ec0d9e7551bfc8fa5d0e50d60fee4fa1feef8e3bff3d9c3c285e3d7513743afed1221fd3f9c8c7dbf

  • SSDEEP

    24576:B6m4SE6FSbxSDQxlTZaqdiXSp0c02uFG6dAk3CMbES:BXEJAAlTZaqdwk0c05HGibN

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zonesszanpinglun-v1.0\QQ空间秒赞秒评论(秒赞贴吧).exe
    "C:\Users\Admin\AppData\Local\Temp\zonesszanpinglun-v1.0\QQ空间秒赞秒评论(秒赞贴吧).exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2345.com/?k520000000000
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2020

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3042bde809910967ac2bd5ad5164d97a

    SHA1

    c216b67ba51db8b27dc8625096630febc8558e8c

    SHA256

    bcc46290cf1b4e92eee6f54ee5d59b3ed460b27370bac5d6405badc55b5079dd

    SHA512

    2cb968abfb363358cfdfd49b2b05a48aeba0ab4ca3f2e128904baa54c9f5700c78d2e2d4a2087c29945cda8babe7b83cf453b62e8aa8572fe1a21aa49bf2f465

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4dae50322026e10df9fc8cca40b94834

    SHA1

    be1aa057d97b0826b4f54def671bf4aebbe9abf2

    SHA256

    61d531dffb8856c5b34e7301000371f5f1b1b57875d363a28ee562906e17696e

    SHA512

    08a5ef5025b93b72f9f4710ee8b13b95955fa0bd446ce70e2196cc4bf4e7e05f4bc34e07639b9c3dc6c5be3720b267c20434b9b706f5232a4fc4075ae0bb1a5f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\83XC4OG2.txt

    Filesize

    608B

    MD5

    628ee8cfb8a1fb700dac13ddd3281d40

    SHA1

    4b0f151eb7c18e950dd30461402c7a29e1ce1d2a

    SHA256

    33de9fc4eaedee6bf3f3d61ced7c58c8fd5e3249699fd562f23a0d4860e6957f

    SHA512

    13d34168de822ae9a68d36adec819b4f5c4ff81fbf7bac16d9fbe7fc4d01c7fbe827977ed269a38d8031db956afa5462148074d0f2509087e5d9c115d4adb578

  • memory/1940-54-0x0000000076D71000-0x0000000076D73000-memory.dmp

    Filesize

    8KB

  • memory/1940-55-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB