Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

4da9f92d28...6b.exe

windows7-x64

5

4da9f92d28...6b.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    98s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b.exe

  • Size

    164KB

  • MD5

    16a4f72a115d2ba72770bbc53dda8d50

  • SHA1

    e8a1167df93b6f5cc40cfa8f78fa14144b8735b1

  • SHA256

    4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b

  • SHA512

    2d2b8a4dceebf0a6576c6b979e30ba476e060e99ffd36a26b8966ec18cc287e099a46db6d39732be52a42432c38de49ca573062e03395abd0ffbd140addbd530

  • SSDEEP

    3072:wJfrOsX6d5/hadTRl6ZghWyZokJZ1dTzcTWyQ9:kqKahadTPOspJZvT

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b.exe
    "C:\Users\Admin\AppData\Local\Temp\4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Users\Admin\AppData\Local\Temp\4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b.exe
      C:\Users\Admin\AppData\Local\Temp\4da9f92d28de874298753061a63b7843e4fa03bc2fec3bddc4124dbcbb18da6b.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4420
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2828
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4644
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4644 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    4132c54f59c529167c112e7f519120fa

    SHA1

    94cc9036fa031258aa744c7ee88e3c0b6c7a73da

    SHA256

    e9f456cf8bb8cc4a683d1c2f792feeb4c83fff24a86e6bcb260eff8fbff126fb

    SHA512

    e8efb8e81a90ffbe177301fbba4470ded104fc6d12cfa0123938b981d612eb2c4a66bb47b585cd43ed6ed4940e0ad5a1e3a5d9d18f8cb643e741aae694c4baee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    eeb17b3cf6e54a06d7fc727ae09194d5

    SHA1

    c9ac9ee38ce3029750cdcead648a5d7ae8dbcdff

    SHA256

    975cee6aaabb844b5d74b80c665ce8154ed284f8366867deb4ebfd721c7ca08a

    SHA512

    baf6116308c8b20c0dcf25ce46436994e5fccf3ef22e138b38ef3b7289432fde5177e3d938c90debe7f5060d3a814326c708be3d1fa4cd9417a72af45e6da576

    Download Submit

  • memory/4420-133-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-135-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-136-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-137-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-138-0x0000000000700000-0x000000000074E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-139-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4420-140-0x0000000000700000-0x000000000074E000-memory.dmp

    Filesize

    312KB

    Download