Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    178s
  • max time network
    202s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 23:04

General

  • Target

    aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39.exe

  • Size

    706KB

  • MD5

    e95c2dd08bf1a35bd4203d263014937a

  • SHA1

    79db7c1c20f09f3b4436831caaf7e2cf47e7f8a6

  • SHA256

    aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39

  • SHA512

    310a9fdc07f5cfea452200922326568495abc9f602ce6e92527a6d2639cc47d4f20b01d0aa7adcb9928506cfbaea1cccf1711ba20f3e64bd42c70e9e1d95ec41

  • SSDEEP

    12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGspemCs36DqeQ8jawRXjZNam:gpQ/6trYlvYPK+lqD73TeGspWsKoAaAl

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39.exe
    "C:\Users\Admin\AppData\Local\Temp\aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Windows\ScrBlaze.scr
      "C:\Windows\ScrBlaze.scr" /S
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1204
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x554
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1752
  • C:\Windows\ScrBlaze.scr
    C:\Windows\ScrBlaze.scr /s
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1120

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O5T150R7.txt

    Filesize

    72B

    MD5

    bf990095c1910f5425168bdc91d10a0b

    SHA1

    a0613412ec0b1483b1fd7b9504eb0f656a9dd3cd

    SHA256

    476ad674498003cde0f49c9c6693c5a9fa81f39d19f0446d663dd1fc5f009153

    SHA512

    897b2e8d726f0420300b1c47d30b13cbbf9ed0c31a9ce09ac353e28e75a057374ac091afa4bc3dc04a48742a2fa64c731aa0f5e41d7d23dbea0850dbe491a73d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SFBKVSS2.txt

    Filesize

    77B

    MD5

    5c606aba3603cd535ffbb92f8a3f3cde

    SHA1

    e59ec124d3bf90874b63b8706a71a5ed8829e573

    SHA256

    83d80c7f913bc18f49df8b8bb75a7c80784fa213f987ba2003978b276a3ba32e

    SHA512

    f05e23b316d081f057ab80a6ecab25db5b6ec9c062b8b7183d4aea4a7ffc1298c7bd7f6e1dfc3ab8f960988c232f0c9b05ca73c116016bc507b35d8127973e78

  • C:\Windows\ScrBlaze.scr

    Filesize

    706KB

    MD5

    e95c2dd08bf1a35bd4203d263014937a

    SHA1

    79db7c1c20f09f3b4436831caaf7e2cf47e7f8a6

    SHA256

    aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39

    SHA512

    310a9fdc07f5cfea452200922326568495abc9f602ce6e92527a6d2639cc47d4f20b01d0aa7adcb9928506cfbaea1cccf1711ba20f3e64bd42c70e9e1d95ec41

  • C:\Windows\ScrBlaze.scr

    Filesize

    706KB

    MD5

    e95c2dd08bf1a35bd4203d263014937a

    SHA1

    79db7c1c20f09f3b4436831caaf7e2cf47e7f8a6

    SHA256

    aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39

    SHA512

    310a9fdc07f5cfea452200922326568495abc9f602ce6e92527a6d2639cc47d4f20b01d0aa7adcb9928506cfbaea1cccf1711ba20f3e64bd42c70e9e1d95ec41

  • C:\Windows\ScrBlaze.scr

    Filesize

    706KB

    MD5

    e95c2dd08bf1a35bd4203d263014937a

    SHA1

    79db7c1c20f09f3b4436831caaf7e2cf47e7f8a6

    SHA256

    aeefcd58ac62baf48572d82051f71fe2bd1a861962b85fd1a8e2ca04d07f0f39

    SHA512

    310a9fdc07f5cfea452200922326568495abc9f602ce6e92527a6d2639cc47d4f20b01d0aa7adcb9928506cfbaea1cccf1711ba20f3e64bd42c70e9e1d95ec41

  • C:\Windows\s18273659

    Filesize

    898B

    MD5

    813809e9d8c2f017462f9a6a5d0b8fb3

    SHA1

    f75292860e91aa19f33c95eb490660a2a79c6b10

    SHA256

    2ba3dfa957801b586134755c5ebe67fb445640121d494e288df0a258609da4d5

    SHA512

    27386327497495cf10a22f0f2660ab6884cd64a8ba4d4215ce3877b1dfd53f3c6b9d4425ec046adab4e9fbd2efe2d9633f9a03f2fd5800609a6467ac004704d7

  • C:\Windows\s18273659

    Filesize

    864B

    MD5

    dd589f88d1b99350ebb5bc334ecf9387

    SHA1

    54724b1e8bbf8f6fe3062a8666991b77877b6c6f

    SHA256

    3214eb8ab39992a713644311082adbb7b045d7a598a3b754ef839f2d7db84682

    SHA512

    a8c61c8a207dca23b089d22d05011765fedf6c94617fa65e4d61be0fab7e08742da1cee67e311a75b8e39f371686178eacec048325b9970ceb227ac9ef26b636

  • memory/1440-54-0x0000000075091000-0x0000000075093000-memory.dmp

    Filesize

    8KB