Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b54559a9ec...1d.exe

windows7-x64

7

b54559a9ec...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe

  • Size

    146KB

  • MD5

    ac91834a560f32091239091be536b1f5

  • SHA1

    93be5f9e4765a52ae029460da608f474c4b2580e

  • SHA256

    b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d

  • SHA512

    f60a2c41025a9ea4d4dc89576c85d29bfa1c03978e4659d7223bad6018c0a7d292284b41292ee5bca52780113790ba06648faa04c345b37f9bf43ce09e82bbbb

  • SSDEEP

    3072:6LeoO7ta1EzHOWdJBE673HCcO0/qjsSKutSwxk43z6NN:6LeoO7ta1ESWdv/3HCcOdjXSwT32N

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe
    "C:\Users\Admin\AppData\Local\Temp\b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\ocalet.dll",Restore
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1420
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1764

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ocalet.dll
    Filesize

    146KB

    MD5

    79b3a2a7683a5d0f36557d82201115f1

    SHA1

    a4a5e1f3935e2195e5448b302ae842ad0619f807

    SHA256

    a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

    SHA512

    b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

    Download Submit

  • \Users\Admin\AppData\Roaming\ocalet.dll
    Filesize

    146KB

    MD5

    79b3a2a7683a5d0f36557d82201115f1

    SHA1

    a4a5e1f3935e2195e5448b302ae842ad0619f807

    SHA256

    a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

    SHA512

    b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

    Download Submit

  • \Users\Admin\AppData\Roaming\ocalet.dll
    Filesize

    146KB

    MD5

    79b3a2a7683a5d0f36557d82201115f1

    SHA1

    a4a5e1f3935e2195e5448b302ae842ad0619f807

    SHA256

    a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

    SHA512

    b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

    Download Submit

  • \Users\Admin\AppData\Roaming\ocalet.dll
    Filesize

    146KB

    MD5

    79b3a2a7683a5d0f36557d82201115f1

    SHA1

    a4a5e1f3935e2195e5448b302ae842ad0619f807

    SHA256

    a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

    SHA512

    b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

    Download Submit

  • \Users\Admin\AppData\Roaming\ocalet.dll
    Filesize

    146KB

    MD5

    79b3a2a7683a5d0f36557d82201115f1

    SHA1

    a4a5e1f3935e2195e5448b302ae842ad0619f807

    SHA256

    a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

    SHA512

    b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

    Download Submit

  • memory/1420-68-0x00000000001E0000-0x0000000000207000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1420-72-0x0000000010000000-0x0000000010027000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1420-73-0x00000000001B0000-0x00000000001C3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1636-60-0x0000000000230000-0x0000000000243000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1636-59-0x0000000010000000-0x0000000010027000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1636-55-0x0000000000300000-0x0000000000327000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1636-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

    Filesize

    8KB

    Download