Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 16:15

General

  • Target

    fa898867ce49e0f214f93f8b0802f2b31dd20084aaab818800c8768ce5041fec.exe

  • Size

    143KB

  • MD5

    6ed9a1b21c3a78abeed8040c458788b1

  • SHA1

    af29eb7aaeaecf310e2153112b77dc269e556b3f

  • SHA256

    fa898867ce49e0f214f93f8b0802f2b31dd20084aaab818800c8768ce5041fec

  • SHA512

    d6d74fd979e45a192a22102fc5ee1198737c1bd9cd2f6fcb2cf381ef227ac02b589d5b2ee0ec4066b5d1517593ad9ebdc87c0b2cc099d14807a7bf5505a8a90a

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dvk:pe9IB83ID5g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa898867ce49e0f214f93f8b0802f2b31dd20084aaab818800c8768ce5041fec.exe
    "C:\Users\Admin\AppData\Local\Temp\fa898867ce49e0f214f93f8b0802f2b31dd20084aaab818800c8768ce5041fec.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300031^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt34^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1408
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300031&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt34|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1088
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    9f0e2538da7b85d0dc16efcbf68f188f

    SHA1

    fa47961da05786d7729408f40265c41100437af4

    SHA256

    89aee288b1f04a2b6dd7df98a7267f7bb7848027a4d86d379e70e9e03fc8f677

    SHA512

    9fe231bcd69ebda480644a5e7bf3657c4b0eaff96a4ad92ee41b6e2a9d048f1212dc56a515bcd29587b651fb2f1fb5ea83b5d56cc97a9f0590a8a0bd59cfb12b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

    Filesize

    402B

    MD5

    87a0882b1b9b258e1b2e3603d91e1857

    SHA1

    56caa641e1f7f5ccae6c52cbb4ed3311a81c8dae

    SHA256

    f5dfaf3c8ca2c5f1b506e9793b0517cf360da13c06f42fa8459baa0547874a22

    SHA512

    3e6317f9a6f44af469ac90e27bdff5ca3a55c2456cfa7077705776037ea20f9afb47f126fe77a46cd0587113f16f1d885fb71e8bdef2d17adf0134f6e4110d90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c34986a70409913dbf33f5fddba303db

    SHA1

    36bd714a281b18fd4b837c1aad977b751ad332d5

    SHA256

    31da4f6c0a8aa8f4ebf2173e26216123d1cec8c4e0a7ee50f0ab2e41c633d307

    SHA512

    9e83eb9ff035e8a62fc491e55874ca4350357ec987673ac14674ef89f424bbae28c69c8a83b091f429a7e3109779e5a666e00edb91aec5c66fe84809a15c47d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    de86b47c9a9b03bc293c483f15f3689b

    SHA1

    98a5f566f10c3fe670914a8bf3599c9cce8be91f

    SHA256

    c1c3540b82e738a22fdaf2deee39280496eb3949c9d7d5160f8d15edb67748e2

    SHA512

    177870d0d26bb9167c88818711781c341e7b29405763377ab1f7d7c37042e8ed0b501e4869c91d8e8a21e2707d41df6cd50480f94d63c468cf4decc61b8ca7a1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O9XMKRP3.txt

    Filesize

    608B

    MD5

    3fca0e9c8a9604fefba05d911afc790a

    SHA1

    a29f9734a338fd13f7af786febcf2440a6e2c732

    SHA256

    9f9bc98dd39a1e0c4bee8f95142f94db83642d5ef7764391a53c9e2c12aaeaa8

    SHA512

    41a12aee0032d91b88d8425e5394086a7727e6e61dc0a9114331819eda21177db9735ea511f4f802906d4ba92386a473de4f9a7891f296b923aa90a2e4c1106a

  • memory/1672-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

    Filesize

    8KB