Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

bd34a3e005...79.exe

windows7-x64

3

bd34a3e005...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd34a3e00570e70db111a08470a39772df00d441aea26509b47bc283eddace79.exe

  • Size

    143KB

  • MD5

    e42131e41fc933f6d581b129965f9ba2

  • SHA1

    84adbc7661df1b1aabf1a04e290007fad93c6e22

  • SHA256

    bd34a3e00570e70db111a08470a39772df00d441aea26509b47bc283eddace79

  • SHA512

    8a0f22c0c35e72b39a0bc23a34c6e0392f65c4bd058bae1738cc98eba346529236c5de3b6b6c52f17c679ea78a12e469832a204c98c955c7c537f1c881100ec7

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DF5V:pe9IB83ID5jV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd34a3e00570e70db111a08470a39772df00d441aea26509b47bc283eddace79.exe
    "C:\Users\Admin\AppData\Local\Temp\bd34a3e00570e70db111a08470a39772df00d441aea26509b47bc283eddace79.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=4300109^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=4300109&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1740
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    f2080851a6780703a0f3764645202ce1

    SHA1

    6e16ec7fe0404b0fe43ebd271ca47ffba9fc9588

    SHA256

    d3969401d4fc819669b9ce997251cc41d4883a31c4f43271b088944fadce3a83

    SHA512

    50e5661d1b5c66073c34d164b49733d7c1c1d7b2782611596646b60dae81321c5c92f9e64dce980cea8306b29db6136e582dcc07f1a951580c1f9f4d69643121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    9f6cc8d3fe9092a6d3901e873a87fd87

    SHA1

    2e0aac117a4cc57596efb3d6f6624c269f94b031

    SHA256

    e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

    SHA512

    9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    64c2919ca034cd11474186e0568f0e24

    SHA1

    dbe1ed45daf97832c4523bf4b861e57703a8e36d

    SHA256

    56b26e2be81514dfaf553e2cb6c789820c5dfe1ceb4bd7cf2fda5ab5633b510d

    SHA512

    da5cec6a7b1609e3de38c19990d26d35bb91615d652d9718881261583ef8166676260fe4513b1a36aed5dd98a18e5bc669848eaa555079eff6e89bf7b2dd1c12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    6f7fb1e2aab8d7b3055f405cd1110472

    SHA1

    b4eff64c70d4ceec6ed982049b9e39434da823cd

    SHA256

    5b3ff3ab5c07866e9afed73b629c0c9351315274b886785c6009a83ccaa87491

    SHA512

    5eb9dc2c4ed9c3d4f0f1ab0d023fe1fa58ca3843751b1a7a643c4b5c5329f8d2056cfc96e5e135826ac14176a10063752575fb0882e37cafde5007a41e72fa91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4189aebbc52fa880687f2cef7af800e

    SHA1

    c845aeed46b0b84f6f73a25e10815533cd6f2f53

    SHA256

    511c494386d30fa672d2c17d60c15083526e09ed4ac389410afe51f68fd207f6

    SHA512

    efc60a0f85682d8befa97239b585953f0383e1aac5411991ff379f194a99649388a65b8c063f8b49f65270d078f44e816ed9c3e09aa2292a50b7f9d35cab2bd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    1c953b87c0b241f9d950a15fa567534e

    SHA1

    274a3b4b5af3698694e9b0a88adc3cd90f8365f0

    SHA256

    8218e26c8b3022d01a2bf9c55f4e08d1795647fe3adcf9bf48013e9ee1c9eb86

    SHA512

    c610146fa4102f83f71b80d9e7de6ccd08f3bdf75e56c8730d99ce750e537a206bc62b1d972fcd83a1904f834f5a2a163896a523e1ffb040c30f6194e9e79419

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q83PL6MD.txt
    Filesize

    608B

    MD5

    31d7ac9b5c8b944fa266b286b9962756

    SHA1

    9f99c934769d8f77899c161f3357745b08a11916

    SHA256

    11fae79f146d94b023e14ee0b6c1e11a1ccd4915954ac8e5ed05123a133a62b8

    SHA512

    d5f1e9726899eb2b7de251508217739f7bf06e118a60eb4335b5c4d97cf900311ba94aab71fcbf3ca323a53e65e6b60cf1035bc3087a1d56f9b51317ec099d20

    Download Submit

  • memory/1536-54-0x0000000075A31000-0x0000000075A33000-memory.dmp

    Filesize

    8KB

    Download