Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dc1ab039a4...4e.exe

windows7-x64

3

dc1ab039a4...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc1ab039a44f72fe847cae5a91d783570398ffd2ca0a5641b89f2a542e7e3d4e.exe

  • Size

    143KB

  • MD5

    b701ed818fb6eebef97ba549ea3e6222

  • SHA1

    a8b008ce8c9f9d13b3659d74929261abe0ec81c5

  • SHA256

    dc1ab039a44f72fe847cae5a91d783570398ffd2ca0a5641b89f2a542e7e3d4e

  • SHA512

    2543edca349e8a06d3cd6fe904a963bba500fc0aa514cc3a12a20acc5faa5444eafb17f33475bfd5a6704e7873a74f99f81fa83c114beb98a5ead6c32c93da47

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DdPT:pe9IB83ID5BPT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc1ab039a44f72fe847cae5a91d783570398ffd2ca0a5641b89f2a542e7e3d4e.exe
    "C:\Users\Admin\AppData\Local\Temp\dc1ab039a44f72fe847cae5a91d783570398ffd2ca0a5641b89f2a542e7e3d4e.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1536
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:752
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:752 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1960

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    22c0f3f1266108b1d1c49bd02c976971

    SHA1

    711c376d4ce0a641d9830c9d4621e4b7dc5093bf

    SHA256

    d4ba705e8aa98dfc7aeb63bce6b17320992e2db5932196caa8b5881e97788b0d

    SHA512

    041595781b194ba14ced53e7d1ff51e1c4940035be19b19d34d25e0fd6f2d5feb9c1e510502c12d620a9bc9945fec4a8c51df55894df961162fca03df6faf14c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    05989c16560dde9ae220067ef12204e9

    SHA1

    7ab0fdf43a15191652e9e4b71fba2fb172e56308

    SHA256

    b8ac986219843139d82240bbb12d910c5589e9488d2b9fa87d2349e687e6c48e

    SHA512

    df1a9057966102f4b6531510675141ee34f59adb5e7efefe13a382cda0458240e02d7db8be909621522cce6233735fd18f18f65a0b2a15edaaa2502aab52cfd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    bff6cb5a0f1595e5e31e6846932147bc

    SHA1

    504be205076f611f69128fe12500643e2d561955

    SHA256

    c1870b91864c5d13cfd615e2b8d2e40adac4c5c409e30079cc870fa90b508319

    SHA512

    ffcdcc24638e815cdfa378ab33a803c0729cabaf6f4807b75d0f2f7b00d7ec9b8dfc45d3bb8a6aac42064697f40f66a6d91c6777c19fc82839a5205c5c31cb3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    709377fbcc454ba4cc2edd667d5c7f2a

    SHA1

    0f91522067ce487c102d04ef3b07a55f047767e1

    SHA256

    828f1f0fab27ba12395e6a0dd2cfb03d0f244dcb64fec122b9e3c9c12b893ead

    SHA512

    c694acdc699363a4a32bde36a18d75058ed842f6d69da282d41a42bcf5c047cb7146792778e089d681b17fe45bab4b10267f30bbed6289a48901d30897a38ede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    99de65781f5d7f62cf442f23f0db68ce

    SHA1

    f439ad5a1130602eb510de773afb6ed9c0e6cedc

    SHA256

    df7fe067321963da702825fc812f5b1b42ae872f4ae8b78fa6a3f67a4e2ab2b0

    SHA512

    c602d2018833d9dcdbf9d955d62c65197ceb30527e4db334bc8a747dcf0c19b61a46720407306e40961a2732f2e7bfe3551c736dac939566e5b5d93535fbdd6b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PQ144B1Y.txt
    Filesize

    601B

    MD5

    927e023e737f547c4f6cd48f78a7f4f7

    SHA1

    5b2d2b3b368b653f9e7b003d17ee73048f6d06a1

    SHA256

    bf65382444fb7cd5e911bd693fb08bbc4754b7d6c2a6bded81b12f952a8c8197

    SHA512

    9d6d8dbc002cadcfbbe43c7b13454fc3bb5a29998be668e9cf2b44a11c81d62f011d29e56b1d8f94d3b13aa29dffda57632c3f29c1a4fa756b7f0c471c7e0ab8

    Download Submit

  • memory/1928-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download