Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    175s
  • max time network
    201s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 15:33

General

  • Target

    2c44b9dfaf73d54ec34479ca3bf3c972672af62c10c134911fd6042f067aab59.exe

  • Size

    1.6MB

  • MD5

    370223f429c741800b0e645662f2ec44

  • SHA1

    9ae49e07f2f20224862fb88a44c7ea07a251636c

  • SHA256

    2c44b9dfaf73d54ec34479ca3bf3c972672af62c10c134911fd6042f067aab59

  • SHA512

    3b2431acc3e71bfc1b24a102b366f9d2d630a182c21e29293538fda721a8eb6ed9aace6b5a1ff37646fcf140baf80b6101cd4adf5344a909a48c9f39e6d291fc

  • SSDEEP

    24576:DJf0o2gDZATBBsHeQGZfkRq2WBwjWeVdzZPQes+Th/7w74J6J:DzATGZlEeVbb/7w74J6J

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c44b9dfaf73d54ec34479ca3bf3c972672af62c10c134911fd6042f067aab59.exe
    "C:\Users\Admin\AppData\Local\Temp\2c44b9dfaf73d54ec34479ca3bf3c972672af62c10c134911fd6042f067aab59.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xiugua.net/wg/dnf/20130121/1754.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:828 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:340

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8710459a9c88420266abe4eed74c041

    SHA1

    d8b3dc08e8d0505339afb66a53e75f3bcf00dfa4

    SHA256

    6bbaf95056b7405b9acaad3aed6f297d19afd2fb83d88ce065ab5389df7373a9

    SHA512

    44e39cbfd8cf08ac577178f05016fcdebd5ea96968621088a56af2ea6c0093bc9ba65af94678df81a75cc0722f4c3e855c2b448dcdb11d8967ff26a5e612be73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    b2fe9f51b6cfdda8fa3edc25ac565cdb

    SHA1

    b3b0617a1c5b06676f14deb13112b1edb2bb5ddf

    SHA256

    cd578ef8bfae3f4cf5820b9e95d89640dedb7f33dc5f1f3ea2c80c46080f0d62

    SHA512

    d0cb9c7f96a623341341936fba53bdf7d2a7161b2e85b913fd436fec3e92457038133ebaa472b87437d5df21284493d0f4be8a276fbe628bbf2ffb381bc89012

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

    Filesize

    8KB

    MD5

    a5a3655c50e2c3dbcce7c602d48458e6

    SHA1

    aa5ce6b52a220f0f9c964eb6ab2ae1aa4c3bc1f7

    SHA256

    2e60b987515613613caaf567f863d334554becfbecf2a2af48033986c1578224

    SHA512

    90bce377c8d71f626555117535102e9c0891a13db8138fff3d20d16b603987263683763e73ec535dcda9f0d710331d08e78533dd41a56ed194e4c11d75cad0ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BPXC22NI.txt

    Filesize

    539B

    MD5

    53d19290376b97f6e485cb4b405549b8

    SHA1

    ab3b7769140910129fc1963154a88efc57287958

    SHA256

    7ae3bdee6dfb28db25a9a2576b2da1f816726245ab3a5b0eefe69baccdfa8e8c

    SHA512

    b27ebe67a711d86e79479ea8f53431844c58c6e7732a990ab838a291cccf16b40d2eb3db32d593be60391d6be9fbc216f869ac6b838682c398f3277c37fb55c3

  • memory/768-54-0x0000000076091000-0x0000000076093000-memory.dmp

    Filesize

    8KB