Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b54559a9ec...1d.exe

windows7-x64

7

b54559a9ec...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe

  • Size

    146KB

  • MD5

    ac91834a560f32091239091be536b1f5

  • SHA1

    93be5f9e4765a52ae029460da608f474c4b2580e

  • SHA256

    b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d

  • SHA512

    f60a2c41025a9ea4d4dc89576c85d29bfa1c03978e4659d7223bad6018c0a7d292284b41292ee5bca52780113790ba06648faa04c345b37f9bf43ce09e82bbbb

  • SSDEEP

    3072:6LeoO7ta1EzHOWdJBE673HCcO0/qjsSKutSwxk43z6NN:6LeoO7ta1ESWdv/3HCcOdjXSwT32N

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe
    "C:\Users\Admin\AppData\Local\Temp\b54559a9ec4458ac16b0a4714201a8b6c6968b68c62a38d28fba1c2b908f981d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3820
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\bsexts.dll",Restore
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:4716
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:1252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:82948 /prefetch:2
        2⤵
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:368

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      0ff2da8bfc83bec6bce38ba6a3f7bf58

      SHA1

      84c37df7bed08d69f040c289676735c49a9564eb

      SHA256

      91026f24711c435d99a44884c7239ed1265cd17c0259a6c5885f69e4309421ea

      SHA512

      78afdc44d7557b2f14444182085252e8456c91289511d6f2abfd1d7273d05baba9a94206d370add716b9fc30dc326a1a2e1c78f642e926759d962cf216c3a489

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      bf3f4b0b7d763bcb08e6ff15ed60bc79

      SHA1

      5633e3319bb65e10e7ecd6677c135dcb1f6a21d3

      SHA256

      e06aac90ee24940534fba6f40431438654f07038908307c599811b23c98b9c2d

      SHA512

      4c828aa596656599a06601a58b081b1fc55f63257fc69bd9993ad3aeb0320eb3dd05f01bd42092de4ef89326fc3c153e7369dc0b977f0bcedef5bb6971118a5f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bsexts.dll
      Filesize

      146KB

      MD5

      79b3a2a7683a5d0f36557d82201115f1

      SHA1

      a4a5e1f3935e2195e5448b302ae842ad0619f807

      SHA256

      a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

      SHA512

      b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bsexts.dll
      Filesize

      146KB

      MD5

      79b3a2a7683a5d0f36557d82201115f1

      SHA1

      a4a5e1f3935e2195e5448b302ae842ad0619f807

      SHA256

      a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

      SHA512

      b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bsexts.dll
      Filesize

      146KB

      MD5

      79b3a2a7683a5d0f36557d82201115f1

      SHA1

      a4a5e1f3935e2195e5448b302ae842ad0619f807

      SHA256

      a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

      SHA512

      b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bsexts.dll
      Filesize

      146KB

      MD5

      79b3a2a7683a5d0f36557d82201115f1

      SHA1

      a4a5e1f3935e2195e5448b302ae842ad0619f807

      SHA256

      a8761baccca6235d01a695851fbe647202c45e9a521e1e3435fe2b0d7f98f910

      SHA512

      b4ac464288296a2e56db4d4e62d052c9f17593b6c8401c8890a9beaea20e14610887c26e27f924539c146bb2a1678b3fd52be3df1e7b49182ea10c2236c3f151

      Download Submit

    • memory/3820-132-0x0000000002020000-0x0000000002047000-memory.dmp

      Filesize

      156KB

      Download

    • memory/3820-137-0x0000000000550000-0x0000000000563000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3820-136-0x0000000010000000-0x0000000010027000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4716-141-0x00000000009E0000-0x0000000000A07000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4716-145-0x0000000010000000-0x0000000010027000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4716-146-0x00000000009B0000-0x00000000009C3000-memory.dmp

      Filesize

      76KB

      Download