Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    202s
  • max time network
    251s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 00:17

General

  • Target

    bae57ea87dcb32a31267b90dd10469e3d5af905f41c80b972c35869b47ac6617.exe

  • Size

    51KB

  • MD5

    8191a193cf8e6576152558fc423e809a

  • SHA1

    b97b5acaf9bafd3f9ebb832fd39f82d8f3f4954e

  • SHA256

    bae57ea87dcb32a31267b90dd10469e3d5af905f41c80b972c35869b47ac6617

  • SHA512

    33c0766d92ce2df7fec25c9afd3eebd9293bb31f18b2db41531c6e86c489b26d860f71a5efae34407735cf584a06ac34bf10033d8455b689f8e7acd13f9b196a

  • SSDEEP

    768:ZdpnF5/ija+1I+NYVawgYvCAvEZQ25AX94JowOy5up9/05unb184woTMe28xoEP7:ZdJyqnvE3tJGbB05gVxoEP7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bae57ea87dcb32a31267b90dd10469e3d5af905f41c80b972c35869b47ac6617.exe
    "C:\Users\Admin\AppData\Local\Temp\bae57ea87dcb32a31267b90dd10469e3d5af905f41c80b972c35869b47ac6617.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1220B3DR.bat" "C:\Users\Admin\AppData\Local\Temp\bae57ea87dcb32a31267b90dd10469e3d5af905f41c80b972c35869b47ac6617.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\SysWOW64\explorer.exe
        explorer http://blog.sina.com.cn/romdiying
        3⤵
          PID:856
        • C:\Windows\SysWOW64\PING.EXE
          ping 127.0.0.1 -n 3 -w 1000
          3⤵
          • Runs ping.exe
          PID:1172
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://blog.sina.com.cn/romdiying
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1428
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1428 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1520

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2a44efd68bfc6d5f94478c95de0494c5

      SHA1

      5a4ee2193920be103d43552d37d5e8ba4fe369e3

      SHA256

      8863231cbc4468347018600d0a16e19e6acb5c8c3e9f477a42a5681e900ef8b5

      SHA512

      1dafecc2f286744b7df5f69f107ed03f0b0035dd5c7e57a7a78be63da1afa839306aedee93367a7acfc1d6f3a0a5ef0693431ed091d5d42f5bd056389d26294e

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

      Filesize

      884B

      MD5

      f990552fe0e3756c6e4342463a2a3d95

      SHA1

      315b47ff5f6f1b2d4feffdd26e3ebaa1fec1deb8

      SHA256

      c4b6639fa476701b60d94e72ac1790084159fd6f73ab7f9d57d9a5d73cbc2bbb

      SHA512

      9286298e4af88b6e0abc8b6c2701c2f6dbc836a9e3a8c6bf491dec5512635e5ebfcfdc2375402b628414ea8e57c2e126b7b8c0fc18333b97f64276d40db1fdf4

    • C:\Users\Admin\AppData\Local\Temp\1220B3DR.bat

      Filesize

      3KB

      MD5

      6b2c10bd5e84c5ab6f676d0fa206b0ee

      SHA1

      0c1ce2357a51f40543b00270089c8921d9907e82

      SHA256

      967a1d4b85b00d213473e445561f1dcf916f8e278b62141d6559c6d635403831

      SHA512

      28955951ccf348d89d7d72ff09f806c6405a9851180e0a9668cf1af9fd9db4ba36762d8e1626179543c53446062d1dc2ff888324c06bef8bc30a2168ca49fbc6

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4DMDBDJ1.txt

      Filesize

      608B

      MD5

      2c7a761fd57e900226d3b04abcb01c47

      SHA1

      c080b6c7081442a0a4e73f5bc3ae8f64a2efb9e5

      SHA256

      2e4b63c34b896749766412f88216b5fc310ddc3de471622eb019c0c2a5e24e7e

      SHA512

      a0b322dd1a6221e0526c89d51601b9c9ada0556be4446288f907e4102a28663fe760df3cb23c1883ac24ea0464ebbb0632edcae33617310d468f5789b99bff5c

    • memory/824-59-0x000007FEFC181000-0x000007FEFC183000-memory.dmp

      Filesize

      8KB

    • memory/856-57-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

      Filesize

      8KB

    • memory/856-58-0x00000000750F1000-0x00000000750F3000-memory.dmp

      Filesize

      8KB