Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1494601d2a...e4.vbs

windows7-x64

3

1494601d2a...e4.vbs

windows10-2004-x64

3

Analysis

  • max time kernel
    104s
  • max time network
    187s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4.vbs

  • Size

    534B

  • MD5

    76da5805a167c985041e3e4153f88939

  • SHA1

    8c8e6732979e8da3bede00917d7c2022f0160ce4

  • SHA256

    1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4

  • SHA512

    3a4b94c5d3f14fecbe360a5b9506bc25110ada3049834ab7dcb0c1fef83731d61e5d05e763623caa56319b053f79114a306fbba575ab106fc13bb939d42de7a1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97dn.com/?tc
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275460 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:537605 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97wg.com/?tc
      2⤵
        PID:592

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dc57b72e40ee94d7cbb706d8f591d88e

      SHA1

      3ea74e887ade903236aefc6d9ec40eb7e4cb8445

      SHA256

      37a647839ed6387c6dc2e847349f498c3a0b35fa46363f90dad63f1dfb751405

      SHA512

      a58a04a434a36b4aff597ed7df7eff4eee9f28363383d3e2abb865f02148a56beb620f9a6713926fa738e9f4b3831abecabfd7d50c779738eb8e9c3568beed15

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ef248d4ff1a930de9ae63528a4609f98

      SHA1

      e15f2f497908263aa886e14a497d003f92de00a2

      SHA256

      67212d390949f9cb1e4ae77de9cf8f56df48509e547b756a2318265a835bea75

      SHA512

      48dcfde52f0278f1c737d19c4ded25fae92665208b7267cd4c8e6d1a740a71fc9b0c97201d4833ae3e9c481cb2a6155eb9850bbf1f1373a9fb33822bf871197e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\09XVLMMT.txt
      Filesize

      208B

      MD5

      251db52f73611aa66bbbb7f642b4d257

      SHA1

      94096f243b1df4acb7dafccce75290047e51c247

      SHA256

      6eba44fd5d1fd46ab570ad404b3d4fd319b55e9525c088b04e3437c9edd74ec5

      SHA512

      952647be6f17025937f50e0ef54f97aeb88fad19ca5867be71bc26a670b88e048da4f320e44c8f35e85e3f79a41e4231de4773bce0259a4c96db2a800b2ec21d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BRBSLX9C.txt
      Filesize

      208B

      MD5

      11461aa56fc7f82b7cb52b53afcddf3d

      SHA1

      beba6b9bbdb408fa27d2d7f1a787e294fd3aa348

      SHA256

      c053974ec1b6ff97d97db5a372860d9eca58893afb11aca701250f2e036cbec7

      SHA512

      41378cacfdd2c260c3cf9542f4b0df13aa4a7e6a54b840bf14ffc4bdb616d2be3c281b0e67ceac66b16d685524888c9f4a08be7122a4f0e0b7cb17beab5038d1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RKB70JZA.txt
      Filesize

      208B

      MD5

      11461aa56fc7f82b7cb52b53afcddf3d

      SHA1

      beba6b9bbdb408fa27d2d7f1a787e294fd3aa348

      SHA256

      c053974ec1b6ff97d97db5a372860d9eca58893afb11aca701250f2e036cbec7

      SHA512

      41378cacfdd2c260c3cf9542f4b0df13aa4a7e6a54b840bf14ffc4bdb616d2be3c281b0e67ceac66b16d685524888c9f4a08be7122a4f0e0b7cb17beab5038d1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S9JY949R.txt
      Filesize

      111B

      MD5

      a4aa3e378541d03bf2b1d35991b503bb

      SHA1

      7e9233b6a1ba556b01b49b9c368126a5a8e4cf14

      SHA256

      644806842f2018fbd6859ff82be5e59f834cf526d12a86c356e2b78920b12d2f

      SHA512

      9d33f08553b0a9ddaee6ab919340608fd31ca7e936bc2122243b45a2cf4a8f72132b8b4ca17522c8691a2d2cf8785f42f6ddfdd5ce48526d65b781dbae0f7f83

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VKNZO735.txt
      Filesize

      533B

      MD5

      6de56339b8d1208820ba2863771fdded

      SHA1

      02e16a34579e2a28c05479cd49846570254d39a0

      SHA256

      d5737873fdaca47a4d295dff797502b396cdbcc38996747ab9d740e04413e962

      SHA512

      3be2d737fc27efd65473a542e9c2b710de451cb6bdb63b0555da392a6a9ac182c3a06350f7b9fe20ec8798e7e43899b9d022a2718f9fc2fe06276e8f0514525a

      Download Submit

    • memory/1276-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

      Filesize

      8KB

      Download