Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

f939375fd2...f5.exe

windows7-x64

10

f939375fd2...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    211s
  • max time network
    265s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe

  • Size

    2.7MB

  • MD5

    1225acf9d74a4e4652eb0484d7d83420

  • SHA1

    e4a9475e685b326c291dc712fa49190b78dd3bd4

  • SHA256

    f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5

  • SHA512

    d8bc4757b7114aefdce5f52ece22aa95d77f2e8e757076e2b200a3e4cecbb145f2e180d4010546183fd53dc10de3796da51a6d5be8aeee1ca5d5126130719903

  • SSDEEP

    24576:HafIiy4NwdLpQc9wibXbWejl9keHLXThLQs4G42zcr/FDp4G9Z:6ffy4NwrQ+waXxl9n/htP4ZrVOGf

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
    "C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jipinla.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?qqchang
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1572

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    1KB

    MD5

    c7c90d7e57408cbd8d05e86a29e3e3c3

    SHA1

    494c48fae580e5408d533a2deffa7463c3b50d07

    SHA256

    906ff54dc7b8250eafe5d01b3b2b4bf0af7483799e6a4da5df8036a94c95781d

    SHA512

    3cff5510f50c8431d19a28e29107aa843bceaa9847b8b4f412b409f512c4760c2758b6216859798af831776d1f353eaea478e04e097324115c0961a54fbed474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a672aaf37f59e18e935908bf65aed31

    SHA1

    e673c2c61233f2ebb84b0ac808c102e14ff249b1

    SHA256

    33465a72b18e9a1a9e2252677d828504462d83568d574c66538673a52a769eb5

    SHA512

    c6f99c450b0a69b9c9b6003b435d01dc306b31fcdae26397d8f1a3d996890126167ec24adc1f39174585a29c1f8c1f9cdd565debd3073736d8759a74015b513e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    492B

    MD5

    16e8448c62d6d08e0a9edfc0e672dba7

    SHA1

    c93b72f762b408b0fff6918c82c2c88ecb809403

    SHA256

    f0451fb735ec60afcb11c29094d8b4cdb80a1838abe14905d9856b13c2498bd8

    SHA512

    cd8da4f876a52007102023d83ae03c8a7a76a4e19cc7ffc68da089c127df1b8c4d1ae58da5ff924c6bf5df00325bed9cd69f4aa6e56e168dc2071e91b227b542

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09B9D820-748B-11ED-9B91-62E10F117DDC}.dat
    Filesize

    4KB

    MD5

    30986b82cba009c3bdf36b78dddc6b83

    SHA1

    dabd0ee1254d672ea6bb5861045f38ae2314b3ee

    SHA256

    efa040a35ccdb4b844cd4225f55772b29fc479fa1a9570a8e0c5cd817a25da48

    SHA512

    396538f77e65a97acd3a68dd9617c344435342203fac5642feaeadf36b6bb3f06b1ee6c25a4079e2cea7ac194c4039c27ccff2883d26b22f71bd2e5239a1a7f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09B9FF30-748B-11ED-9B91-62E10F117DDC}.dat
    Filesize

    5KB

    MD5

    9841fc782977ae92ff0a7a9fc6923c67

    SHA1

    f84dae56fac64274cc05eb7e495684613a3bfabb

    SHA256

    dc3189f5d2f874f2294e670e784220b972325116728de6a7ea77b3b9165e0477

    SHA512

    a6b96d4bc644066627f0fe94c33c73a5cf924df47245e1fc89d85a21ab0ce9be4ee0b78d83713ed97b9c7cc425d149e2f22ece43a426f10d20ce0e8a6cd89a90

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FLGA4NXX.txt
    Filesize

    601B

    MD5

    8b869222dd24ca25e8876c2109970083

    SHA1

    4e9e5baa87f5eb636d75983abeecf5b18bd434fe

    SHA256

    6c130c00d6bc72c198fc475bf2ed6b5c2cd4538657ed65ae175b7041a90f680c

    SHA512

    fca63b1a744e6661385158878b3a82d9f426692f5089058ff4540734d7b6d322977465c4ae4ef5579ee88cda056d5781ce0549077e7633a8437ef013e1332101

    Download Submit

  • memory/976-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

    Filesize

    8KB

    Download