Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

5732f0a72c...13.exe

windows7-x64

3

5732f0a72c...13.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 04:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5732f0a72cc59a931f272acca8ec049f272d5bedcf0e20024d9a27193ba7dd13.exe

  • Size

    143KB

  • MD5

    0dd718f2f753fc408593d935ac294994

  • SHA1

    9472181cd4173a5ff861067e352095b4fd2f49cc

  • SHA256

    5732f0a72cc59a931f272acca8ec049f272d5bedcf0e20024d9a27193ba7dd13

  • SHA512

    ea92862794b2b77b862c0bb85733e0c827b35f1e4bcf0ea626152ee3b715a10468b9b05144fcdb876f6b92a0b6a0113e1fcd2413a33c51a41712966883624e65

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45D5I:pe9IB83ID5a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5732f0a72cc59a931f272acca8ec049f272d5bedcf0e20024d9a27193ba7dd13.exe
    "C:\Users\Admin\AppData\Local\Temp\5732f0a72cc59a931f272acca8ec049f272d5bedcf0e20024d9a27193ba7dd13.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:108
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:108 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    9f6cc8d3fe9092a6d3901e873a87fd87

    SHA1

    2e0aac117a4cc57596efb3d6f6624c269f94b031

    SHA256

    e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

    SHA512

    9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    48321e58f47874817f54b5b9673b917e

    SHA1

    b79f1e1d4ffdd0cc239099a9e768ad59a48788b9

    SHA256

    4d447b8ddb2a1a66e997ebb9c9684a37056fe13e8c013f92b44621371759f6e9

    SHA512

    1e0d1ffdebb3d391a51706a129279dc834ea103ec8ecdf79f2cf67ef8054a101e8ce89ce70dc0917008b352fb05e640a04eb389972e04e432fcd4764284476d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75527166b38cdbd8bf7ca9e0589fdda6

    SHA1

    8149667dbf4d71950b752a9b282412131259ee75

    SHA256

    300b4e8903c023838e69819efda130b3b4f98277f287104c449f2a21e73fcd8c

    SHA512

    b90edb0c1e4fa702f941b30451c522dfd8827cbe99b5f6be2e4c14c6d0ed316274a2fca4d544c554cad65ead5302136ab2fe7172ba46d8352fd94fa2ceca03a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    712a53fe223b9c697a24028a5613a612

    SHA1

    47dac7b64bc1934d934e68bd50236b01ef551789

    SHA256

    ae4741a688b1da2aa5d7eb3435f193973a0ebb1a2cfa76e5aa767a136d5b5d53

    SHA512

    1f79506dea7e7f64042414eeffdc3f22786ea623c420c7e3bb82b6aa982c89dbab3b9faeb82c9b416c9eea9f4fe62e236f58e799154edef439ed2cdc03244c7c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GI1IBLWB.txt
    Filesize

    601B

    MD5

    bd4219c51d2f0f6220b256ddd36510bc

    SHA1

    2bced698bcf3d0b49b41fa1fcb8d419fed73fb66

    SHA256

    039f94356eaa2c6ccb2000d382a4b4b93347c3d716d859c9a3db19e4667fd3b6

    SHA512

    248b0a94bbd5a291add77222dbdc58ebe79c9737bf3d36048c8a1f5eb49e1ccb73106e323a7287604d3d34c38087ca4ad38ebf6798f42ad4d78ff172929ee8de

    Download Submit

  • memory/1268-54-0x0000000075531000-0x0000000075533000-memory.dmp

    Filesize

    8KB

    Download