Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 21:58 UTC

General

  • Target

    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe

  • Size

    806KB

  • MD5

    bb99351de0cffdf8d2b327f5cfe656fb

  • SHA1

    b1100bf7997d81a2c5fe1a0f60705e825772c43b

  • SHA256

    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7

  • SHA512

    220fc0b5c121c9cbf3844b5b5cb0201d0cd0a01190ddc44ef501362317dfabd1398b4aa19fe2baa2d1c9931103fc1ac8a23a859ffec7a2bd4a045f7b88fcc564

  • SSDEEP

    12288:ZFg7mO44fThgeimepWLdrHs7ChttruktOsIHIMUhmulqWSHfx8nHkhSSikGr7Pza:Dg7m4XLJt1ukEsIHIAu8WLnHkhpixM+W

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    "C:\Users\Admin\AppData\Local\Temp\0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe"
    1⤵
    • Registers COM server for autorun
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1980

Network

  • flag-unknown
    DNS
    r1.sunusadirall.org
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.sunusadirall.org
    IN A
    Response
  • flag-unknown
    DNS
    c1.sunusadirall.org
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.sunusadirall.org
    IN A
    Response
  • flag-unknown
    DNS
    c2.sunusadirall.org
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.sunusadirall.org
    IN A
    Response
  • flag-unknown
    DNS
    r2.sunusadirall.org
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.sunusadirall.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    r1.sunusadirall.org
    dns
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    65 B
    147 B
    1
    1

    DNS Request

    r1.sunusadirall.org

  • 8.8.8.8:53
    c1.sunusadirall.org
    dns
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    65 B
    147 B
    1
    1

    DNS Request

    c1.sunusadirall.org

  • 8.8.8.8:53
    c2.sunusadirall.org
    dns
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    65 B
    147 B
    1
    1

    DNS Request

    c2.sunusadirall.org

  • 8.8.8.8:53
    r2.sunusadirall.org
    dns
    0fd0af027316957cc48e477f45fa939c1fcf5fd327e00bf37821788ca9132fe7.exe
    65 B
    147 B
    1
    1

    DNS Request

    r2.sunusadirall.org

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1980-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

    Filesize

    8KB

  • memory/1980-55-0x00000000020B0000-0x0000000002231000-memory.dmp

    Filesize

    1.5MB

  • memory/1980-62-0x00000000020B0000-0x0000000002231000-memory.dmp

    Filesize

    1.5MB

  • memory/1980-63-0x00000000020B0000-0x0000000002231000-memory.dmp

    Filesize

    1.5MB

  • memory/1980-64-0x00000000020B0000-0x0000000002231000-memory.dmp

    Filesize

    1.5MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.