Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

a29ba458d8...97.exe

windows7-x64

3

a29ba458d8...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    258s
  • max time network
    339s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe

  • Size

    143KB

  • MD5

    547c8451955b15ff34c32197d92094b2

  • SHA1

    46d8c4b205f61a2dcee15b5c7da1402731597335

  • SHA256

    a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097

  • SHA512

    4bd0ccb03cd95ba36f26d461bc0a582e9fa6e3ffc7cd7fe91604119ae01141bc4f736da26aa17d87e06161ba6d45fb2a72e2b9e7a051a2bfb32926c168746302

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dn:pe9IB83ID5T

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe
    "C:\Users\Admin\AppData\Local\Temp\a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt45^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt45|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1756
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    f2080851a6780703a0f3764645202ce1

    SHA1

    6e16ec7fe0404b0fe43ebd271ca47ffba9fc9588

    SHA256

    d3969401d4fc819669b9ce997251cc41d4883a31c4f43271b088944fadce3a83

    SHA512

    50e5661d1b5c66073c34d164b49733d7c1c1d7b2782611596646b60dae81321c5c92f9e64dce980cea8306b29db6136e582dcc07f1a951580c1f9f4d69643121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    9f6cc8d3fe9092a6d3901e873a87fd87

    SHA1

    2e0aac117a4cc57596efb3d6f6624c269f94b031

    SHA256

    e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

    SHA512

    9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    5d49720ef47af8aaf174ce2af12b63f6

    SHA1

    104d20fc8163749bdc6c9930e49266dea2a6d904

    SHA256

    5c86b4e8f5327cac794dd89466271a651dc36c3517654b2f9b267a25ba49c992

    SHA512

    6bc4a029cc8d2d6ea2fa73e8b13b6b5b17010d985727eb4814070aa2119c2defb14b7f26aedeb63961fd6988884de1a6c28ce9949059d395cd6f4500469d8479

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    735eeb751d2fe99ddf59968d03f02bd7

    SHA1

    33087c3b74872b7f3a8f36a1e6c857ffa0a625ed

    SHA256

    9bb90a32fb9913f75338181ef5f61689e11ed1589b39460a85d4cc9fd7956aef

    SHA512

    52b3b6909b12c85c42b22eebd1d7a762159f97f542a89e009cc11b3728345ee5a80573bfc2b41b45f0a7e13fcd28b4b8bd1472988d5ed6a1f6cf53f1b2f4543b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acb5587318120443f98ab9a0fbac6bcf

    SHA1

    9f839130b3b7161f3662c1177745bb9f61df6c21

    SHA256

    dd960c9d0c9d816785eec2a93d353f6ace0a1ce9f695e6bc2d24c4cedc185a22

    SHA512

    b4ab843f31ffdb68e1ffa3feffa0a646a16a82b112eafe9a13276191842cd8cd93786653c3b3cafe2e46f6abce91fd30c2362c3eb03d2e07ba3aab2298cbe7e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    b3c299e89550f4755e24239037e4cd3e

    SHA1

    721c3fee857261c61a4ce8d0cc1e6b493c84c310

    SHA256

    85093c47a5567a0996573ee21c7a2dcda4197d579515db347036a5fd9f5ff214

    SHA512

    4ad8e8c3303d73671c33248c0d6d7ec3f7d41f9a22925ad023f4c18311f9039f22e5002ba634e6c7b68df73eb01202907cd8a52ae29ae438b13bb83043bb6bc4

    Download Submit

  • memory/1168-54-0x0000000075E81000-0x0000000075E83000-memory.dmp

    Filesize

    8KB

    Download