Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

de2f686de0...0c.exe

windows7-x64

3

de2f686de0...0c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de2f686de0313bbcd1778f1ac88d8f93a07a68546b8c390edf42b5b2102f060c.exe

  • Size

    143KB

  • MD5

    abb8f2971f4b71720b7033c4ca4ec792

  • SHA1

    de5b6bb19420c35e54cc578f3ecb36933a721bef

  • SHA256

    de2f686de0313bbcd1778f1ac88d8f93a07a68546b8c390edf42b5b2102f060c

  • SHA512

    80760c28aff9f130e59374313fa524f66a20a853bd4505b01f1e483f663053a7ba0467cc4a934b6af7590afb244ada4e96789cbf17d70f913f20c03b2cb3031b

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dw7:pe9IB83ID5U7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de2f686de0313bbcd1778f1ac88d8f93a07a68546b8c390edf42b5b2102f060c.exe
    "C:\Users\Admin\AppData\Local\Temp\de2f686de0313bbcd1778f1ac88d8f93a07a68546b8c390edf42b5b2102f060c.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1800
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1904
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:580

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    6b50d84037caf7791778564ad8509056

    SHA1

    66fc9eeff7ed2447b6710d9cfd745b558291d661

    SHA256

    2f121db143f95b43e6e76739c4a58c25e2aa8d0c82ae45e30705cea39c5326e8

    SHA512

    966854f1609457ef7d27088a21e42276fba5578d68860d112527f7c13a3a0befaa881794a2a9f6ca752e3326e90f56f9eb7689adddef19bd9c6417883c9cbeab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    94acabc09f6a5fcc7a328c58338fbbc5

    SHA1

    4e67fe81f7caa9ede50b5c8e9d5ad79aacc15956

    SHA256

    ebf694a80fee06b00272806b19cab63d84afb8e70d97d3c91f25af75f0cb00e2

    SHA512

    5e47f829bf840ace15638a0b4ea85499e9df94264b3a50f83094013d74cdde64d844751ce38b9dc5d1314217877defe7d5594561f93f265506f400b471cc93a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    847727cd11e295209e2c32e0d4f6b008

    SHA1

    8dfb3812f5c3280e50866323623fc3600668bf2c

    SHA256

    a0f26553289a581ea7f12ae9bafd587e4be6aa1271897b4b665b18e6ab095848

    SHA512

    a1e7ce40fd0dbba1a128fe04bab8520f4e2c30f3729671b8d44b8a5ce949129b2fed7019bd5cfb51e9fea0f53d26b2bafb79644e476f960bb42ba24c7ef0c6fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    3d4883a671f4a65e823ec2ad780d9baf

    SHA1

    e4de6f7cb008727843fcb021f07cbf42a368b383

    SHA256

    eb0435058e40463bb07a60629b611d2f094b31ddd916e911937b3b2139443e41

    SHA512

    c6a9dc2b7cd96015e178e2a49f25dd59930158a97750b2d065b0ed1d3da03e32b2960186e9bf95d5e25145086c920b637415cdd18dd3faef9050b6cadadfed58

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EQE63O3E.txt
    Filesize

    603B

    MD5

    3ff97e9bdefa99c4a7da64c47c9721b3

    SHA1

    eebe49cb128f67019c47b8cc4477738616856703

    SHA256

    4416436c5ca86ff74d264463b130c492d2b1c5eaf175a7445da063d7425ab8ff

    SHA512

    d7e98830e79c31a260732963bf832f247540fba27c48f04ce1c1d00c6aa89069795bd4ab907b3900b075c289761914bac9daa2432f828c50623715a279189dab

    Download Submit

  • memory/1944-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

    Filesize

    8KB

    Download