Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

8a8dea3df1...4b.exe

windows7-x64

7

8a8dea3df1...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 01:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a8dea3df1099aebbd0ab3c89aa4ff6a2acf2220c37b1166b47789f2ec42db4b.exe

  • Size

    163KB

  • MD5

    a81848cfeebddcb637e78723794e9383

  • SHA1

    0a0c78c8c14e66a6306183912d968e6e0df465c1

  • SHA256

    8a8dea3df1099aebbd0ab3c89aa4ff6a2acf2220c37b1166b47789f2ec42db4b

  • SHA512

    19aab0277f7bf478d29c7ee7ad46c7106b594b1e7bf204cc49d9e77a9f1fba8d0ee39b2628d82f8d4b35d98538e13ee23b8981dc11496b976f70fa9ed9c46e0a

  • SSDEEP

    3072:YgparkbXjvUoW4sObiMS719ERvzxOt0jWL2AFTf40++bJ2ofLqxO:YcbzvUCyM7RM3L2AFL40+6TA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a8dea3df1099aebbd0ab3c89aa4ff6a2acf2220c37b1166b47789f2ec42db4b.exe
    "C:\Users\Admin\AppData\Local\Temp\8a8dea3df1099aebbd0ab3c89aa4ff6a2acf2220c37b1166b47789f2ec42db4b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\ptiac.dll",GetExePath
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1272
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1880
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275461 /prefetch:2
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1116

Network

    No results found
No results found
  • 8.8.8.8:53

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • \Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • \Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • \Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • \Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • \Users\Admin\AppData\Roaming\ptiac.dll
    Filesize

    163KB

    MD5

    e518db52e90ed00597faa3e1dc73e2d7

    SHA1

    8dcc27e126dcd6dcb9b822c8715cb622223ce646

    SHA256

    1b3cd9c038829d8a900f8ff13b8eef618afaf9339dde8316c8def65d2742151c

    SHA512

    14ffc6f291a502504c991adb877111ed3085384cb498b67740d71ec296812773fb5e95d9a5530aeda40ef86de005c2d6e3338c015b2b1febec2f373679038660

    Download Submit

  • memory/1272-67-0x0000000000200000-0x000000000022A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1272-71-0x00000000000C0000-0x00000000000D5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1692-54-0x0000000075661000-0x0000000075663000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1692-55-0x0000000000290000-0x00000000002BA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1692-59-0x00000000001C0000-0x00000000001D5000-memory.dmp

    Filesize

    84KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.