Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    206s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 16:56

General

  • Target

    f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe

  • Size

    2.7MB

  • MD5

    1225acf9d74a4e4652eb0484d7d83420

  • SHA1

    e4a9475e685b326c291dc712fa49190b78dd3bd4

  • SHA256

    f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5

  • SHA512

    d8bc4757b7114aefdce5f52ece22aa95d77f2e8e757076e2b200a3e4cecbb145f2e180d4010546183fd53dc10de3796da51a6d5be8aeee1ca5d5126130719903

  • SSDEEP

    24576:HafIiy4NwdLpQc9wibXbWejl9keHLXThLQs4G42zcr/FDp4G9Z:6ffy4NwrQ+waXxl9n/htP4ZrVOGf

Score
10/10

Malware Config

Signatures

  • Detected phishing page
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
    "C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jipinla.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:220
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?qqchang
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:116
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:116 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B

    Filesize

    1KB

    MD5

    4fdbf2a017275068edb32ae5fae40486

    SHA1

    18e582515bf745300816dc8d4ca8156684a086e7

    SHA256

    05672ea05a2043c0b41dc8b81828d9987c683f90d5f2387f1f66cf352b7da937

    SHA512

    29cf468c20e6be691f6924f04cefa0468e5809319845a3cc3f433d20b27a99fc4e22b05fd73d876304bf456c4d5d5730fe110292ee13c4e29e8248fe15f30fe0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67

    Filesize

    1KB

    MD5

    1519171ba0e9b6aabdd22495c93b43f8

    SHA1

    da916b57522c4c4cbac2aedc3354bc6c69a56270

    SHA256

    dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

    SHA512

    7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B

    Filesize

    230B

    MD5

    d30978bc7a2ebbdf400ce0be0eaecf39

    SHA1

    ea3ee7fc6951ba6ad2e615434cc44afbd2841125

    SHA256

    6a79d02fcd0bf222f6ecbca252e245a611f4875763418e3dee0799fbb77e52e9

    SHA512

    a2eea47568600b84ab67080a80d313d91218f774be89d43807cfdb91adec7b05e810195a748036d9e7c1d1e5682cb22287c3b95ece8f0bb9ab97d00e474d078a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67

    Filesize

    186B

    MD5

    1f8e6c26d69fd220ae3ab6b13372ba5c

    SHA1

    f80ea8735b75cf6c77ad8d23387441e341421ad5

    SHA256

    0d6499088b46a90a79e9ac23669e6624d7bd09b08c5c61f482b0c734daa88e9e

    SHA512

    61b2e405ba840422d821ef487f05742d5c422d83fef7af4fa16bd175e6f1bf416ef480e2493e5ac07d3280886eb598791b78bfe1802e5a41a4802c43ff49f367

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFE593EF-748A-11ED-919F-DAD30C974647}.dat

    Filesize

    5KB

    MD5

    13124da690049eac7da7b73ac93a1a8b

    SHA1

    f810e77d5eaef4984351062bed79ba59dbd2cff8

    SHA256

    b1c7131c91f9715fa54c6418a70afd3bf2f45a378674de8f7d965bd556336dee

    SHA512

    bdbdb11954a073452f9de09a7389fa1188fc03065dd889cd11936a2e59fbb9423d9c105ccabf1624d841f35deb496b0e91c5d1181855cafdae201873ce14e0a4

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFE5BAFF-748A-11ED-919F-DAD30C974647}.dat

    Filesize

    5KB

    MD5

    e02ba6d79aeb8ca0913afb2f9ce33e7e

    SHA1

    0bb31621167ce3476ae79390668cbe52607201c3

    SHA256

    ee90094c7c3194e06d319843dbec69393ea8d18e70cb564a39b037cd2416d25d

    SHA512

    29ca913afa428e126bb338cc1eae81aa17b65ac8da7ead8ad2903ba6fcc1ca998a5a6f801cf07b6e1673419492d047f2164ce68e7479f5d0ab48b633d2c26d13