Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    107s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 14:46

General

  • Target

    209b71e5ab7b8cbd538b0fa08ad8276f25c99d552b9bba3c68cca8f0b4ea22b8.exe

  • Size

    479KB

  • MD5

    d51d291cddbeb4e6277e7cc0553cb830

  • SHA1

    418739f762a23d7e5bdcf1e15f44cdf9237175a9

  • SHA256

    209b71e5ab7b8cbd538b0fa08ad8276f25c99d552b9bba3c68cca8f0b4ea22b8

  • SHA512

    e54e5511f81596ce1ee2fc87c5ab76347b29585c9761665f4c5dcab786677c772926ed09ff2c255445d48293367ffd6d602a1fcb274b1607ca531cf0119c34aa

  • SSDEEP

    12288:Z8/p7VZrTjcvg9OmLP2NrHD0DZ+e32APuGw:e/dVZrG5kux052APA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\209b71e5ab7b8cbd538b0fa08ad8276f25c99d552b9bba3c68cca8f0b4ea22b8.exe
    "C:\Users\Admin\AppData\Local\Temp\209b71e5ab7b8cbd538b0fa08ad8276f25c99d552b9bba3c68cca8f0b4ea22b8.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://bbs.qzonebar.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:516
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:516 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2OU6C4L9.txt

    Filesize

    535B

    MD5

    1e42f2547c9a6b565f737c4abd878084

    SHA1

    c556bc40021ce87c4c51e510a8a3bbf6cb3aec13

    SHA256

    2c88e902c38b792672444ccfdefaf4621f08595cc3e2493924d9fa78691f8a08

    SHA512

    7cb6eaa855b5e83f6ebba54f4a70543cba702d947aa5c4a263c7372a6518aad2895f422ea94024075b1e337dfd4380693203f3f193aaf6c408ae36e506735ff6

  • memory/1460-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

    Filesize

    8KB