Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

d6065c4e70...43.exe

windows7-x64

5

d6065c4e70...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    109s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe

  • Size

    38KB

  • MD5

    319e6acc4cf60abfd3c42f737f907d4e

  • SHA1

    ae6f911670d7b6fc80a9374b9dd7eb49d1d296c5

  • SHA256

    d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743

  • SHA512

    85e01457e8548a39f236c4a4c619276cf92ca5211b63424c2ee1ef524ca5a476350d199ed6d7b7e319b7303d48e8324df5b1e3ed0cf37218f11d15786d869901

  • SSDEEP

    768:FFe7tEyaKaorzIgQGgV7qw2ZqoAX7W8UnY7:/caKaorzIgzgZqwmqRX7IY7

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe
    "C:\Users\Admin\AppData\Local\Temp\d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Users\Admin\AppData\Local\Temp\d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe
      "C:\Users\Admin\AppData\Local\Temp\d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe" -s
      2⤵
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files\Internet Explorer\iexplore.exe
        C:\Users\Admin\AppData\Local\Temp\d6065c4e700d99a2d864e9dc2bb79150494397de681334e9c2a2581be3b4a743.exe
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1624
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1760

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4ASJIMBS.txt
    Filesize

    535B

    MD5

    2ef40038fbf88bedfc789e4fb9b04ea8

    SHA1

    20869cb585af0e81bcaefe04cdf6ab3c331ae0ec

    SHA256

    88dd5df42b4fd8f4a3cfd7661dc0cc80f6f04a1acda5ff730bf48796d3a08f31

    SHA512

    d9f8039a24756c0e4a809b371892eee814fa21ef02b35d51063157f39e9e730036eab43971904f84b0b1d65a06ff9df5b940fd8b65efbc50849968af4df24a80

    Download Submit

  • memory/992-54-0x0000000076561000-0x0000000076563000-memory.dmp

    Filesize

    8KB

    Download