Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 07:08 UTC

General

  • Target

    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe

  • Size

    3.5MB

  • MD5

    03d9bd5b2e777234ed9abb531795a432

  • SHA1

    4ce18554eae7a948685581cbb54629b5bb9323e1

  • SHA256

    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4

  • SHA512

    3e738fe8469d85d51d94e75c81847eb3f461a1ca1c22e4eff599e0651dd38f8b9d6568907e88d4070d66d1501687bf63a13fa802215369ec3d2c6647d5acdbe3

  • SSDEEP

    98304:RDGnkRWN+Ci067DeL2iUZz9ZdvyjfXMNgvHNIekdwLg:gN+Cw62Nrv0fXMNetIPwLg

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe
    "C:\Users\Admin\AppData\Local\Temp\7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 460
      2⤵
      • Program crash
      PID:992

Network

  • flag-unknown
    DNS
    config.dianxinkan.com
    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe
    Remote address:
    8.8.8.8:53
    Request
    config.dianxinkan.com
    IN A
    Response
    config.dianxinkan.com
    IN CNAME
    ziyuan.baidu.com
    ziyuan.baidu.com
    IN CNAME
    ziyuan.n.shifen.com
    ziyuan.n.shifen.com
    IN A
    182.61.201.50
    ziyuan.n.shifen.com
    IN A
    182.61.201.90
    ziyuan.n.shifen.com
    IN A
    182.61.201.91
    ziyuan.n.shifen.com
    IN A
    182.61.201.92
  • flag-unknown
    GET
    http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg
    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe
    Remote address:
    182.61.201.50:80
    Request
    GET /Public/conf/open/1/1_1_0_1_7/10.jpg HTTP/1.1
    Host: config.dianxinkan.com
    Accept:
    Referer: http://config.dianxinkan.com/
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
    Range: bytes=0-
    Response
    HTTP/1.1 500 Internal Server Error
    Server: bfe
    Date: Mon, 28 Nov 2022 02:23:03 GMT
    Content-Length: 0
    Content-Type: text/plain; charset=utf-8
  • 182.61.201.50:80
    http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg
    http
    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe
    608 B
    628 B
    8
    8

    HTTP Request

    GET http://config.dianxinkan.com/Public/conf/open/1/1_1_0_1_7/10.jpg

    HTTP Response

    500
  • 8.8.8.8:53
    config.dianxinkan.com
    dns
    7b536a34adb465e42395cca862cedf6f53ed26b4a227bad6d7dfa509683c69a4.exe
    67 B
    188 B
    1
    1

    DNS Request

    config.dianxinkan.com

    DNS Response

    182.61.201.50
    182.61.201.90
    182.61.201.91
    182.61.201.92

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\11282230486\LZMA.dll

    Filesize

    67KB

    MD5

    d0f2416807f04c559e6394a0a4c7f1d1

    SHA1

    7df43ffa3716156d282b1e37d12dd1122f0a762c

    SHA256

    0fe6a869cf220769a058f8d281f272ef72669e3587673e52b53f3f9650dcf1fc

    SHA512

    8199c967ad813216f2ef3094a7614c9ccc95d35a817fc685cb7823f36cc97f0279bddd0ec0bb8f07ee2445476aaea35548516841ee9cde53a8be395515457799

  • memory/1352-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

    Filesize

    8KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.