Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

596bf9f7ea...e7.exe

windows7-x64

3

596bf9f7ea...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    596bf9f7ead7e699d41f5045db3c21359cb3ae957c910eab7a580f90d81064e7.exe

  • Size

    143KB

  • MD5

    7e309a66854b3d516c2f0debe59cf814

  • SHA1

    813bc138e2011020993edf7ab0af4d741abe13c9

  • SHA256

    596bf9f7ead7e699d41f5045db3c21359cb3ae957c910eab7a580f90d81064e7

  • SHA512

    086160e6378d7721369960b903fac27e77a49eaa2d7d2ef7acc8572f1071960c15eda9628d276212ac0c6658a4fef9bbc22b87f169175e0d98ca39f74e90a0cd

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45D31:pe9IB83ID5L1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\596bf9f7ead7e699d41f5045db3c21359cb3ae957c910eab7a580f90d81064e7.exe
    "C:\Users\Admin\AppData\Local\Temp\596bf9f7ead7e699d41f5045db3c21359cb3ae957c910eab7a580f90d81064e7.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:596
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:596 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1624

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    f2080851a6780703a0f3764645202ce1

    SHA1

    6e16ec7fe0404b0fe43ebd271ca47ffba9fc9588

    SHA256

    d3969401d4fc819669b9ce997251cc41d4883a31c4f43271b088944fadce3a83

    SHA512

    50e5661d1b5c66073c34d164b49733d7c1c1d7b2782611596646b60dae81321c5c92f9e64dce980cea8306b29db6136e582dcc07f1a951580c1f9f4d69643121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    9f6cc8d3fe9092a6d3901e873a87fd87

    SHA1

    2e0aac117a4cc57596efb3d6f6624c269f94b031

    SHA256

    e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

    SHA512

    9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    766ed1594abd2846c3f555dac640e34a

    SHA1

    448040664985d903c8be20f862775e78958f59b2

    SHA256

    721181f7ffc93d7aa936037dae0876d32924ec2808ab42911e2964d0b6b08615

    SHA512

    a6b20a0b212986a0a47538188bd862ec3a4ee12b83f7d88ecca09550004eddd101c7ba7204bb38e9b0364fcacfea438ba5fa29cac4f9030f8174eebb6531055f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    e6ccbd35b049bf15ab7ef3c1b897c89a

    SHA1

    1f294ec56fefdff33ebaee1c14ab374cc151a98c

    SHA256

    3454debaaffc4622a800a8d5cbf8537adeed0657b9b934ddd56cfe37619b52e3

    SHA512

    8f9ff3b0b526b261251e33bb1e61ab05e4fdbd60cad716c8ad2a690cea8c7da6bfde00817949d8018176c4a06f3b1a4c839eab80f131213d5d589e15f3cd546b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1194d6aca742f65e6e170122df2e088

    SHA1

    f1595cad619d37e862f3b869ea130be35ea834a9

    SHA256

    ac5f4567cc1d4d4e56773f549714d74c7518f716580987b06cce4031d428f870

    SHA512

    f57ce921ef8a9586d36b171e6229a3203491f99aab5482e8d0ad8b646ae497b593cc7c6aeb79483b2d73918480cf2eea8d486adce2ef71ecb8dbc8194bf535c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    a75b553afad1221c6d7c200cf58bac34

    SHA1

    6ed6421d5a7822c87ca3daf686d73c001c0b22e7

    SHA256

    46c6a43330395141b820860424e52728248c206056357116aa5f8f1b1d39dce9

    SHA512

    8f95d87492866f46ce3a308de94d0d5f4d631977a540c8dfa232b6ccc4bfd8b9be7daee4287ff52d7a3073dd1219fd51b64972afa80893fb7f92431e83784d2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b19e44b424d9c2a7575d26ff61f68051

    SHA1

    09a55bd3d15c2482837faf55eba4efdccd01e53a

    SHA256

    a1976241d40ca80aa454a96a086a45c04ca6a3fa21123aa7bc7f4a7eda884f6d

    SHA512

    126efbe33f2d6e9107c08b69f01af5be31cb66670ecf2162cc1efcb97d8519463f73cbaca30c8d3c46b833f6ccc875e200b87f46834ea182fc5f4c0f8ee32821

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W8S8KWOX.txt
    Filesize

    603B

    MD5

    9bbc3aaef5b04b8b86040cdddc9fe273

    SHA1

    451706023ae6551deee58ae68190d45a34491247

    SHA256

    81b28829c8bb14e1caacb873c1bb1cd935156e2df45971f548c5a22a4ee9da95

    SHA512

    3aef2aa71c8148bef1339d749d77b27daed351da03dfacb5ef41c7a586189d126a4346c873f69d516ef099879da2917ee7bab4748465b7c8b3f412f7b7cac4f4

    Download Submit

  • memory/1632-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

    Filesize

    8KB

    Download