Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

2022ed1f2c...df.exe

windows7-x64

4

2022ed1f2c...df.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    106s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2022ed1f2c27a2b2b35f7157a3cad9ecb3ff6a484b0ea7f0ffff72204ba5fadf.exe

  • Size

    1.6MB

  • MD5

    a600ab106b1c18a6ea1cbfabd58f8381

  • SHA1

    1414b21cd9e59ed09ce436092868b62eb67b513b

  • SHA256

    2022ed1f2c27a2b2b35f7157a3cad9ecb3ff6a484b0ea7f0ffff72204ba5fadf

  • SHA512

    843859e6318ced28af60b8ef51c30d632c25433b47f1d29f3f7f34fabcf1a33d3dc632b3cc65626ad1c36d7f61654e74736ed567f34a8a4286344d582adc838b

  • SSDEEP

    24576:QCiD/2C/izkzWTrwoxWy3OqsSE1qFfDt/1Hs5YbFXMJLvINU:QCiDeocfP3W1G7hbFXgLQN

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2022ed1f2c27a2b2b35f7157a3cad9ecb3ff6a484b0ea7f0ffff72204ba5fadf.exe
    "C:\Users\Admin\AppData\Local\Temp\2022ed1f2c27a2b2b35f7157a3cad9ecb3ff6a484b0ea7f0ffff72204ba5fadf.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.nz92.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1020

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    Filesize

    1KB

    MD5

    8603d07167cb03d1a558ad02c3b72f65

    SHA1

    b5b0719c3b104690fa7848b65c87de81d17318e3

    SHA256

    47a0091f4e37f15b301d05271e744cf9a65d3bac6c8695f7e9218fa620ca51ba

    SHA512

    a547c95a7b2f9a8865b47a7940a7c503a3e29d2dfbe0d95d394ca50b245029bea7816ea77bc1a737f038c7d70774fca94f867c108d4f2621798429da1afb4f71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
    Filesize

    1KB

    MD5

    bb5d2dc5f7a0f2864c279271743b881d

    SHA1

    a2934972939537e54ad2a0c540ff9d5d3f484cd1

    SHA256

    4592a1e0f37a04c3bee388b2f1fe5b4159c3faef40b6aa22d0d9feeb4caa21e4

    SHA512

    62f20e3002dd9df1cfb9b4a369bcc1f6df16d5d6bd0d5a84a94c0f1fb742f1397b059b3d296e601dc91f30bfb8d4caef5b663725aa0f2c8e544e548ead115372

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    Filesize

    450B

    MD5

    62372a9853f774b6cc83389b35a17232

    SHA1

    30aba6c340c3e44e6d5c1bb422369ec7ff236e80

    SHA256

    704a73b1a43c7b08ca640572e68fa0ffef9727ae4d9f347f8a35c3b66e34a555

    SHA512

    feecc6e8df2bee70336417446b49e2b7d7e9b5c502b47cc920a9e838235d4c210c569fd2f6c14a0bece8b55480676fb2bfb2c0ab7953531ea63be31f9fa1bf4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    481d04fcccef421a629bdc51b9b7145f

    SHA1

    1e226a6bc88e94049b24b50551e5385e49083ad6

    SHA256

    50f75d14fa125d410f01021ae887c87ec82f834063c6e42e2dd6e1ee917be53d

    SHA512

    68efff9aa3eb4fb5d1685cc5cde8af29a672727292bb381c90ab36522193967c3f530f047056afae5df2c001d51af3ab041e6c0b857eeb3227fbf03d08658aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4766aee60e601fa0b36156434659542b

    SHA1

    3ca4b69ae1130438ab174284fbdb2851defb5e24

    SHA256

    078381acb95400bc3d10292857b339652c4fe0ec8b6bee6e0b8bc5acc3515e89

    SHA512

    156a2cde3c9d9f1be6b1eb2b55e95ace755215aa38debcdf48670359167859ad98d699079642c5ba6610ce076f8bfd8391bc8648e70a6cef2f7b6b557340b9e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
    Filesize

    458B

    MD5

    a2af1a07660367eac7b1723b35c9406b

    SHA1

    0ce9d9de0054fbd7d6ce51c0fb9431b9afcde6c5

    SHA256

    e090b02260fa907d393351bc1fd78698c493556cb273a0e3799e395bf0cee435

    SHA512

    6aee075f68c101e8c8c1a701cee459929e4c97d2cac3176140d81417bd4d2c6ed08e0d8a2bde19f8a6a3bde9c44bf7bb4503fab4030dd70245f5bd060dd33306

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    8KB

    MD5

    d5a625ff223015e2adcf48042425693d

    SHA1

    f80a29e1599dad286c30cda380fd9caecae425d9

    SHA256

    578aaeed6502e66476a16a7285cdc7067d00ed2321b069433b12af31063dbb83

    SHA512

    9b4c7111adef6f6c3668bf25e2d942d3f2db0326a70432bc3848ab99391ddf48a5503c67434575752e9f727285baa246c3bc26925becdcaea6d91b73beb34d7b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B2K2TREB.txt
    Filesize

    535B

    MD5

    612988190a354bfc8db3941d2d2d4abb

    SHA1

    fcc281df4c52cb204f8bf733be1abeab1c2e5257

    SHA256

    ec3bc951d77bb5921bf4a6945456f62feb2a2d64e8b5d899593701c41aa05267

    SHA512

    b1c11f84399acc3a4a1901c6ac74711163a52b16082eac78fcb03efc00985bfde161b582e2b56cc6d7b906b7965f200688eefb1a82ecf459715839259ede4b3a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UFGUJEDY.txt
    Filesize

    1KB

    MD5

    a725aa41cb9d225d8899ec20794fad90

    SHA1

    647577a5aa20dc64438412fa6bbe8fd0f054ebf0

    SHA256

    bdc0700f144aa0c152d1671173516c2a1f46f01c0a6806e2b3406019565bbd30

    SHA512

    923cc279802f933ec7ba0c0cc9ef1d92d22108f754cd29fc22ccceedac7cdcdd0c85ce5c1df79387cd51585ce30f5119e8daf32d7f1ec60b403e8e26e296c318

    Download Submit

  • memory/1000-54-0x0000000076561000-0x0000000076563000-memory.dmp

    Filesize

    8KB

    Download