Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3efb383dba...9.html

windows7-x64

8

3efb383dba...9.html

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/11/2022, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3efb383dba269fbba3e497415c26dcd1a0bd67ef1cc9022491dd061a839352f9.html

  • Size

    223KB

  • MD5

    2796de625194b4f6876a53c70a228920

  • SHA1

    884254565c6567649d728980b22316fe29e018b3

  • SHA256

    3efb383dba269fbba3e497415c26dcd1a0bd67ef1cc9022491dd061a839352f9

  • SHA512

    1a275899e8c88f395c2c57bf8bacf9680a03db410eb9f0465cddf9d750034bdf7385f017ed170170f612d7b75ca997608be9e21d9dafaff25038720be5026b51

  • SSDEEP

    3072:G77NRi0R0jyTHKvKjKUl9WANKvRqIzYlSx4bO:oTTHKvKjKy9WAaSSibO

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3efb383dba269fbba3e497415c26dcd1a0bd67ef1cc9022491dd061a839352f9.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:836
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
          4⤵
            PID:976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:406539 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:856

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      3dcf580a93972319e82cafbc047d34d5

      SHA1

      8528d2a1363e5de77dc3b1142850e51ead0f4b6b

      SHA256

      40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

      SHA512

      98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eec746814532bf8cbe921af9c2ebc5ca

      SHA1

      0c9258d96bbb4813ca96d78f668dd785eda26fa9

      SHA256

      edf34a57d27829d884fb1b100819b7f7c4bf5ec3ea0c3855423b8407dcbb4b7b

      SHA512

      2677d826640651c11d99adcd7746e064ff6cf79516cbbba8716ffb05757d432e0f95d2f5c20ac7675c1cdb1cd97d9453635ed81eba153c464fcde78fdaf85cfd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc536c5e95a860bbb0df7f79fc274263

      SHA1

      03cede0f93979a3c5b01cdedbd87cfad504a595a

      SHA256

      65d47718ec5d1c024a9f1b6d23d4bb4d6fb3e712910743c8ac663bfecf95aa53

      SHA512

      64159886e53604b1b84749774b51b0f7b22a6e0dfe61b2abbe1815f8590324f47c01b5dd9ce26b4e9012ca7776733d0ae00b8815712f0392264eae9c4ceeadef

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
      Filesize

      13KB

      MD5

      3f0fc960da209f65527bd54a337a3fd0

      SHA1

      86d2bcb8ba340215fe5459a60e76fab96a3f9d45

      SHA256

      cfb622106556efc074661f72474074669292fd14ae76bdeb64577701f095b096

      SHA512

      6bc6778fc065f395ea467279ceb92a39d15ccf383389cec9568cef4972bec9c64118eba2f12497485eec74fb08b89dd6af9839d565e53dd71f5cfafb0ed734e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
      Filesize

      757KB

      MD5

      47f240e7f969bc507334f79b42b3b718

      SHA1

      8ec5c3294b3854a32636529d73a5f070d5bcf627

      SHA256

      c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

      SHA512

      10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\085M8BS0.txt
      Filesize

      599B

      MD5

      a5e564ecbd3a5086a6ee4395d8ac8ee3

      SHA1

      586b0424da9a1d09a03a0170a4e61e7da0660b12

      SHA256

      3014dcfef763e4b99e332d07cb260685496d19465677fc96cb2a06eea15bee8b

      SHA512

      1c8437fadba231b8e6481061d55bad05006be28ee56ef5c92695a4a99de0cead93042d64128f2b7e09e3c2c4ba971db8d87f9f874699efc62d3399c88ed3adf4

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1BX69CED.txt
      Filesize

      608B

      MD5

      0200c52eb3c381e4f343d6705c3d281e

      SHA1

      df89586cdf6e11c138913ea2192585d3533a3c35

      SHA256

      e1c04e4c68e96d3848bd47e435e86df9ffda120850347b41a35439cd1a31c21b

      SHA512

      888c55b0ecdd82dee872204c050bd568c2a0c3b3eed87a62d1d5617d9eecda4b6e8930647b5a2c75957bc7356186ff6de46ca08d566b73b2f8954cf48d5e2892

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7YJXB0CO.txt
      Filesize

      1KB

      MD5

      acf92567348baceaa339f051bfe0ab38

      SHA1

      30838b0e9ab4573bf5c94ebcb167d2de6cd72c2d

      SHA256

      2d1cd929ea5cf1bdbd573f5e5744519b3800917e74d88ede994c32347c9fada5

      SHA512

      d106bc6828a2edf27c96a12d2ae024d29fe072ebf02a76bd31d90fe2b102aa09adfadf3caacb358572ad1dc4688486579e7e8d6fecbafcbe88e027a8fa3a35cc

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\94ZHQEAG.txt
      Filesize

      599B

      MD5

      a5e564ecbd3a5086a6ee4395d8ac8ee3

      SHA1

      586b0424da9a1d09a03a0170a4e61e7da0660b12

      SHA256

      3014dcfef763e4b99e332d07cb260685496d19465677fc96cb2a06eea15bee8b

      SHA512

      1c8437fadba231b8e6481061d55bad05006be28ee56ef5c92695a4a99de0cead93042d64128f2b7e09e3c2c4ba971db8d87f9f874699efc62d3399c88ed3adf4

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KOFAGFPQ.txt
      Filesize

      92B

      MD5

      7ba1c404bd82a8b402fedac7c600b491

      SHA1

      4b1d2dff04742f916284c11ceb8a624127f6cd75

      SHA256

      e3aee017cf6fc565fffebb91672cd386dbce0b3522f9719d939427ee696708d8

      SHA512

      0203cbe68bb1e6861e2b89b96d0f11c6a2afc9c4f3b58fedf050a56cf527bd88e31e4e3d65c66d3c5dd1b57b8aaff7f990f9c6424085806b131ce894706027f7

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LMY1KE2M.txt
      Filesize

      1KB

      MD5

      0ea91ff266c227184c54e4eee0f8841d

      SHA1

      7756811cc5b45b0ec1e5ff63eb94fb5710ed9fd1

      SHA256

      5e9071acf327f7a00b477ce53df958f773247156351251f1f90884df67caa590

      SHA512

      ec87f9872ce31ed6a3db2c3e5d6efe5fb07e35e69a9aa06bb36e31f348969b394402158c6416d76d3090badbd3c2d8f6c7308880eb610d8055b1a13a62a0dd93

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V2JOPZOL.txt
      Filesize

      1002B

      MD5

      9f743f828292c24e91f5b3ea5147714e

      SHA1

      cdc68a3286fbabcd6f769fc208da6de5e97fe9bf

      SHA256

      40cb521a72e133d7a09656a1394920e2fd34dfba2eb3f5fe72cc2d8c1a7e7b97

      SHA512

      ecf82d5f00e4144b33001f4c2a693dc881c50b917c573790720d63fc9ecd9caf406d051839309e390d938973ccba13cc7a467ec21310371650287bd653621739

      Download Submit

    • \Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
      Filesize

      757KB

      MD5

      47f240e7f969bc507334f79b42b3b718

      SHA1

      8ec5c3294b3854a32636529d73a5f070d5bcf627

      SHA256

      c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

      SHA512

      10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

      Download Submit

    • memory/836-57-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

      Filesize

      8KB

      Download