Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    81s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 21:58

General

  • Target

    ad2b6a26a419855a75af65a719dcefbe549f531b7c9a53a91e6e9f1258a89bfc.exe

  • Size

    1.3MB

  • MD5

    b1fd26e97f2e81a66c412574e5647e34

  • SHA1

    1bea16036a58c603b3422896e8b1f37c7eb12b84

  • SHA256

    ad2b6a26a419855a75af65a719dcefbe549f531b7c9a53a91e6e9f1258a89bfc

  • SHA512

    04e5c7799e918a9380ccaf3ee58caf901cd48f1f2b0b635323529c1b7fb4e641905233d6712fa0f042e131738d72dadf46b0721fe3cbbe75e9fc2ce93e783287

  • SSDEEP

    24576:8qyGy7DgvIwMLdZiz518Jh1G92pq/2QRe1sOG3l:8D7DguhGiPS2A2QReeO6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad2b6a26a419855a75af65a719dcefbe549f531b7c9a53a91e6e9f1258a89bfc.exe
    "C:\Users\Admin\AppData\Local\Temp\ad2b6a26a419855a75af65a719dcefbe549f531b7c9a53a91e6e9f1258a89bfc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://browser.ali213.net/?
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:268 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:428

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    fce8e1dd061bf4538a7f75e69811f445

    SHA1

    30d92a7ac08bb987dc695175e80f63c1511a875f

    SHA256

    a8549eada2d06f84c29881cee9d5606c05a3c1ba857eb01b3911cff1f17eaf69

    SHA512

    d895fe86a79fbe347dc8ce4fdf3a9dca7acc398ade691453c454d543823207c9b7204c5e0700437a6d8e1dfcf3d21a6077772254bbe7405a50dcc30ec7c73112

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

    Filesize

    21KB

    MD5

    dea8e3ed7c8dc0dc4f6c4f126916085b

    SHA1

    a708f42a337575e3edd216b1cd577f60d6785a61

    SHA256

    190e20af3eae474546424de3b169fc5e426f30b9e483bfe4f81d39de51605ea5

    SHA512

    16e8e92cee19040586d84e00b6fc0009a6b11ce984fcf96a7849b5ea6ba486600e5167909ad1b2b538afb221ddc8ab3bdaf3084adf0c970efbe764682dd8e7a4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U63LNVU6.txt

    Filesize

    608B

    MD5

    4d491d7176ace2b3154f2bbcc1b2d503

    SHA1

    6d8877846eef79d4e30a3a8f5930fe2d05183987

    SHA256

    389c3b185363bd077e7149fecf9463ffbc98e0cd108cad4638b30f96adbe4ee5

    SHA512

    9eeaea88431c67606a7ba1f5fd915634f7f928e2f31d382bc767b128c22e288fa9c56bafd7b9325ea7193a7f581d6b6c229e431abb16ef15f77d352b4c9f6e5d

  • memory/2000-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

    Filesize

    8KB

  • memory/2000-55-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

  • memory/2000-56-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

  • memory/2000-57-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB