Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

0bfa2cc0d0...03.exe

windows7-x64

3

0bfa2cc0d0...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bfa2cc0d03575db5073e3482c0179307ba142b23d78c4b7a1cca8f8ee6eb203.exe

  • Size

    143KB

  • MD5

    14274b2c7852ea88381c9267ffcca069

  • SHA1

    00575f10993b892b33ade4378bc8c1824d7b3580

  • SHA256

    0bfa2cc0d03575db5073e3482c0179307ba142b23d78c4b7a1cca8f8ee6eb203

  • SHA512

    16450cb85fd158346218f5415200b870f54bf6b769a5dc98bf9d338127fba60dce33e52bcb9fbdf77d26b84a2e54d687116178ac59b58b4bc739311c7f18bb06

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dn7:pe9IB83ID5z7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bfa2cc0d03575db5073e3482c0179307ba142b23d78c4b7a1cca8f8ee6eb203.exe
    "C:\Users\Admin\AppData\Local\Temp\0bfa2cc0d03575db5073e3482c0179307ba142b23d78c4b7a1cca8f8ee6eb203.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=4300109^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt34^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=4300109&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt34|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    063a50cbc4917175937023da67f38659

    SHA1

    4dcf57234f59af687bfa98e7c87fdf7b34a9688d

    SHA256

    bb5e5ac3ea70c33664275bb2eef3c4a59034a37b63b10d46226592eb9c8fd51a

    SHA512

    43a839d1a748efa321b5550d3d540b953159deeb24ff9cd6fab905e6951a3d1f9ad58e1890132ccb7632bdc814792858c1edeb88cd9e6ce7f0a86350ff1b87f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    96ce375bf1dfdfbabd413baa9be58245

    SHA1

    b3efade71938fcb1b355844e9cc61b9c0bb59741

    SHA256

    2dedcae24b75eb6209fb254e8d446d5dd63502b617ed153fa252ce9a76c015ad

    SHA512

    1664bf586426f9712a77dcdd8b181bf2049762c5dd6b6ed27fd1cf0c970aaf04f0010215c1d78edeffdb74b36113bf1a44fb97a0656cfc05657e147752d56c97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    da341c58bd238fc5eb0c85624b7aaf05

    SHA1

    7730176ea0a18131e98895e3ce8a6086069112ca

    SHA256

    8df330153674390b7dc4f99fb4a0ffc1f93fa6534f597f2cfb23e8d85b84d7ef

    SHA512

    e10c7bd738b2030ec1cb866ec4d70332f0b9c097ce1ed1b733c293db098c391fbe533c2da6ee3b3f2c50df3524b8bad200b8d1a0e14f94cf2298a92a4cef7045

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    d2fabe8eb7a1599e76dfc0eb828c1e67

    SHA1

    82e0774364f3b6e26c73c67f905aac635abcb88a

    SHA256

    35c5f34974a1eb037016b6d2bfa51b18c0b0f9535e09d50096ae2400ebf85090

    SHA512

    368c0b3ead7bd8fea8ca22a2d1b8074fcdbbe68d8b4b43280d7394fcca053db25962ecd060f67b3f82362804a146298960906041d24f58d47e8cbb601096820e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    a1e21d8715147e9526a5523e6e828523

    SHA1

    58690e3aa1d910fa2defaad16de5fb862276f885

    SHA256

    8515cc6f5cf3270aa52625c54494c048d022b3e81583d8829ba102dcecf32de3

    SHA512

    64a12624e460fb0e14c32c8b6659e31bf42819247ad8e4257abb5799cf055d55cb2002026967c957aff4682ac9edd83199654d9bb69c44ffac182fdc98b4d433

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A66G71C0.txt
    Filesize

    595B

    MD5

    e32db3d331fd932f4b6c8907504ab7c1

    SHA1

    4b2ac18db26c6238aa9f5e0e04265342b919d432

    SHA256

    6772c6074e5a1c38c01984b0c75a3385aa05114efa412380e7bd70e628b6038a

    SHA512

    1eedce1402fe30b4b3f66f6bed28e9cb6b8e84a1b1d2780b3d4f36ba81397dc04b1a4ba621b6485c3b69d1719f7a6a910d4845c7a3036928ee2689f1a6bbfab2

    Download Submit

  • memory/1516-54-0x0000000075841000-0x0000000075843000-memory.dmp

    Filesize

    8KB

    Download