Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1e7960a65a...28.exe

windows7-x64

3

1e7960a65a...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    193s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e7960a65a709610f36d00791c88717a984229e457146c4f5925cfb50df39b28.exe

  • Size

    143KB

  • MD5

    98513e29a9be23e63a13d0d950820666

  • SHA1

    bc08499739216a236d478ae98c8fc0b25d828df0

  • SHA256

    1e7960a65a709610f36d00791c88717a984229e457146c4f5925cfb50df39b28

  • SHA512

    ae3c8e4d1c8af8d3819811373e8618e3ad904148c8728e1eeec4dba3970742932c40bc8cf41a9e6a2964d081ccb056e93a4643488b6dd4ebd6423fb3227eeb68

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Db/:pe9IB83ID5X/

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e7960a65a709610f36d00791c88717a984229e457146c4f5925cfb50df39b28.exe
    "C:\Users\Admin\AppData\Local\Temp\1e7960a65a709610f36d00791c88717a984229e457146c4f5925cfb50df39b28.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1156
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1156 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    1KB

    MD5

    1519171ba0e9b6aabdd22495c93b43f8

    SHA1

    da916b57522c4c4cbac2aedc3354bc6c69a56270

    SHA256

    dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

    SHA512

    7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    4848c7d8c80834a6edffcb91e390b8fe

    SHA1

    efcd9c8dd20beb11c952371a02a0ca69493f6d33

    SHA256

    77ddbe20b6f9d2486f68b91bd2e05feac5f9a6ffddef92160a46ef051a909f33

    SHA512

    69e3a8f546ec5d1591b2319b484999af9b8d1d260a9cc3798ace6d112c7d5e90753aaa1914aaaf34f277a01b38662fee3fda0d01dd5010367b624937f74bd91a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    184B

    MD5

    f47c1eb8af157b1345995db1fc048abc

    SHA1

    c620b9764a1cdad8491c56dae92fd11a57964400

    SHA256

    4e57775d8b0eec64719c050f5f8c88a31a90dedb1e61a4db4c78a19359b27bdc

    SHA512

    318569ed053ed08be0bd5aa4d1d68aaf806ed4593f442841756eb86c8751f8e4e48d34a9bab9eff5af59f0a1d59ea0aa98c60d92873b4fde46b5256d91a5f2ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04fb56ed6f8a8db77133966ed979a32d

    SHA1

    d290f152c4ae243ef5962ac769e2a0dea98105c0

    SHA256

    3de0a9d3a3ad1db4642766dd32a000940619eaec809e9ad0681ab9570bb7b3b7

    SHA512

    c75407d4ae84a970bf9205858f2c2636f64a82350c1d3738805b5923b46f243c34872c49359a561882aa7a7eb07bf710489b10e36c00c38262e1de2bf59af24c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    65d8f62f93474c5ffff522de58a8a5c1

    SHA1

    0a1505af22b07d15febe975eedb02efece9ef8f1

    SHA256

    e1046bf80230e5738c1e0ba6edd4832193dda8969c04b9cd1666e2f6b9159dff

    SHA512

    2b41b89ea8ab73040908f72c9322319669cc9e9bd03205d1c4a82711b58edf6959df4afe938a64e228cd41829185daa797b0d85808fc2db5462750aeaa575036

    Download Submit

  • memory/2040-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

    Filesize

    8KB

    Download