Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

e3b79ce471...90.exe

windows7-x64

3

e3b79ce471...90.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    128s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3b79ce4710e4271ebbefe4e7d8452b46bb9c4e5e057c298986bb62986b17690.exe

  • Size

    110KB

  • MD5

    1b80b4ad493be6b717e5bacb9f1a7502

  • SHA1

    41b2582bd2c4d730938a5f5b9ff12a20ffd08320

  • SHA256

    e3b79ce4710e4271ebbefe4e7d8452b46bb9c4e5e057c298986bb62986b17690

  • SHA512

    4a84e92c7fa41f59d2c8be32a16f0110d8c823dc0cc3fd2824ea67f8543b3acf943947922342b5c99d14f4ca11fcf1de033bc84d30fb16a90f07d34f61cba331

  • SSDEEP

    1536:WdSsBR1aUeveIMwQaCkqXkbsJPJcwA5F+hOcIxK:WX3aUqhiksJPJvA5F+hOcIxK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3b79ce4710e4271ebbefe4e7d8452b46bb9c4e5e057c298986bb62986b17690.exe
    "C:\Users\Admin\AppData\Local\Temp\e3b79ce4710e4271ebbefe4e7d8452b46bb9c4e5e057c298986bb62986b17690.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=4300107^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1672
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=4300107&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    1449add840e9160cae5f5b565c634b70

    SHA1

    dc889a8567e97e99d8b3186975f6b969de5aad6c

    SHA256

    ab53d0cb3f95f86c66a7e43185e7abce5c80b18270ebe804cfd73a7249174d36

    SHA512

    192c3eee32ad50022f2f561f4e08c03bfacd7a891e7709e5528ff2641d02a84deafdfd9deb0d086c02b4bedcf8ebf802746f1814a3b8f70afd309695181f4d83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    a0fe20d41a043db700a84924cd9793f3

    SHA1

    c0da481fef6cd00558f6e68b074acb34bef8292f

    SHA256

    03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56

    SHA512

    f9de5b16bd1312dcab9ae06c0a39a295a79354821552b39ee48bb456b42b7302d27e9d063243d3766cd0c2bc47255dee21eee7036b99e1c4df02f1c335e204e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    079d0d5c3e97b5a2f7cb16acdc179c59

    SHA1

    d6f9283c8db446a716599319aa13d80ab1b12fbd

    SHA256

    e0c9840acddaa1b238e0984de93648b6e67bdfe715dd0d3e6727f0538814fe31

    SHA512

    3e3bc1f3b038d3740ed2b94724ceb1dc77c1d00d494cf864a3ae9dd323d7079c565ba3c708f9c6a614f19a2a3b0ab2bae13b1b8456d60f846c9b594287b9ca65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    9d8be0b107ecefca012a4c21513dec30

    SHA1

    1b7cf440a007b28b08f9ac17175ab5675d77e70c

    SHA256

    eecdd4c6835b56221a3c859999428646ddab099417679d2ec58f8e0f476d2778

    SHA512

    55e1ffd3eaf8e177ecad0824e6282bed0ebd70cedbba16d1c956e936f116202b3e358b31df9ac5a9b94069ba5d838620a1882d7aa8f75c54940aab3a8b0c3f72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    8bb000d67c50a59bf4a74dc56baf782d

    SHA1

    047dad4e87e4be98d0cfdd91b04f540496153d86

    SHA256

    ba67081c5306f3ce951082eea063051155efd739aee9184affd2ac39a26f2f8e

    SHA512

    db51f2c3698c0149394b91ee95890f01582fda8e1eb5bde9a17bba6aa339c6fd71110f02a17e3c261db6e2cb5dcdef375b119cbb616add4da2387b986254fca4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    bcf09ce7980b11f93ae41264c3aebeb8

    SHA1

    45001fb9a394ee61e798fc2a64aa90448d669893

    SHA256

    8340536410b755c547a1453c585645afe903ff500701a5e1b0cecaa6d7b55ecb

    SHA512

    b5bbd3dcee224233a11eb8e043de707a6db92cbc761cf71640461ba66fab880e91e9fa3f8579c6a71d833df5b106a8d4c1285ca34a7ab062fa2dd8c44a9fa445

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    72942969100d8c26a131435d18019e4e

    SHA1

    d73e9080913d8e8d523030a498fca36065b1c1f4

    SHA256

    fa3f0e4df6abba4a5c901f8db6065601db1408f3e8c6c4fd02f2dad34126753d

    SHA512

    95140317a94f0958e97118b59ac3e3edc136f2ff4c0194a91cea17f86978a205058dd33070d8897476e4fafb764402b30f579df200fac8b058e288899423065b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZD64D89X.txt
    Filesize

    608B

    MD5

    bcc9f3d7e8453f9b08026d52cb2e2524

    SHA1

    c8fb24f859cda4a677da5e032afe5a552e0d8609

    SHA256

    dec5bbc839ad547bf326b1fd9b0ed932be652ef28e4ba8737dc00e9da43f7481

    SHA512

    57f9d1f8555a956243219e1d5cf5b71e61c499af8a6866a38b626469d3055c486a3bca1977c5c199f34ec1370b5c9ffc5d9ec3a6692d0d01130c7be68c264d57

    Download Submit

  • memory/1536-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download