Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

aafc4d2e9c...e4.exe

windows7-x64

10

aafc4d2e9c...e4.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    237s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aafc4d2e9cd2b2a19d121a23042160b0278fd3a2a5ae81ed5d516905e6dc84e4.exe

  • Size

    70KB

  • MD5

    ccb8d4614785878db8cb84dc45ba5141

  • SHA1

    59224474f4df8b8a489f5dd326861fc138728b8d

  • SHA256

    aafc4d2e9cd2b2a19d121a23042160b0278fd3a2a5ae81ed5d516905e6dc84e4

  • SHA512

    7c13baf94d256a0d26fcc5572f485d94b4ae664465e44e1a6a930ba3359b0a71acb1b08052250cc7d9b13df41aa513631f4f542546ede0b14084fa87146472b4

  • SSDEEP

    1536:oPei8NowvzI7uJANRipkezzUUnxnQfKwraqrUUvMoufxRuRK:oynzI7uJ6qk04UnnNq4YQZx

Score
10/10
adwareevasionstealertrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 3 IoCs
    evasiontrojan
  • Deletes itself 1 IoCs
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies registry class 60 IoCs
  • Runs net.exe
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aafc4d2e9cd2b2a19d121a23042160b0278fd3a2a5ae81ed5d516905e6dc84e4.exe
    "C:\Users\Admin\AppData\Local\Temp\aafc4d2e9cd2b2a19d121a23042160b0278fd3a2a5ae81ed5d516905e6dc84e4.exe"
    1⤵
    • Windows security bypass
    • Windows security modification
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1564
    • C:\Windows\SysWOW64\net.exe
      C:\Windows\system32\net.exe stop "Security Center"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:924
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Security Center"
        3⤵
          PID:1252
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Roaming\asd.bat" "
        2⤵
        • Deletes itself
        PID:1900

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\asd.bat
      Filesize

      292B

      MD5

      df5521629b8fdae9eb3be1ff6796053c

      SHA1

      5bccb394daa6fe781014bee07b150bf6487caf0f

      SHA256

      70e5393a5676722d867dca992cccbad9fb940c18e4aa6a9904077f438c630cb9

      SHA512

      4b7b7f5167b92da32cc4ff5ffce37a608c122efdf936caca8314d312683f4c3a325fee05970b9a21870174b0006f236c2f256a8620a5bb232929ad7a475cc5ab

      Download Submit

    • C:\Windows\ieocx.dll
      Filesize

      28KB

      MD5

      a10e6205c62802ad7c472bd5d003cb4a

      SHA1

      2bc0806195ae258cdab3f8f753f624bd07d729fa

      SHA256

      1a04223a5dfc65a5ec55800e770dd0b3138eeace42120559385ae95535d9aa8c

      SHA512

      adc92257e0eee52b61560f6c8d7d6e57b48082cb1abb98ba1cef3846442937a843f0f45c536fa9c85fae40a46d07708a70fd44a47018c360af1fe83873f2e075

      Download Submit

    • memory/1476-58-0x0000000000220000-0x0000000000231000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1476-57-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    • memory/1476-56-0x0000000075491000-0x0000000075493000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1476-54-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    • memory/1476-66-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    • memory/1476-68-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    • memory/1476-55-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    • memory/1564-62-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1564-63-0x00000000001D0000-0x00000000001D6000-memory.dmp

      Filesize

      24KB

      Download