Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

737c6a1212...ce.exe

windows7-x64

8

737c6a1212...ce.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 06:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    737c6a1212aa7f80fa49ac37872277b12c84f0dfcc2645733d2f6504fc4563ce.exe

  • Size

    1001KB

  • MD5

    6e2d9e8a2ab7cc73d535109d46f5ccb8

  • SHA1

    5a96efe70d5bb0d38f0f7b4b25b188deb582103f

  • SHA256

    737c6a1212aa7f80fa49ac37872277b12c84f0dfcc2645733d2f6504fc4563ce

  • SHA512

    cf8f6d862fa620cb63fd658973b3a1f976a95a3b620e4b2712f26e54a4607b9f15caf83cd842bde9aebce60a25c75335d3d067541cb548b5ea6b2865c371f4eb

  • SSDEEP

    24576:wBRk6WvFq9FStU4gf2EW5A2DJr/kS4vGIk6v3Hbo:wUvF4h43Dp/wPHs

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\737c6a1212aa7f80fa49ac37872277b12c84f0dfcc2645733d2f6504fc4563ce.exe
    "C:\Users\Admin\AppData\Local\Temp\737c6a1212aa7f80fa49ac37872277b12c84f0dfcc2645733d2f6504fc4563ce.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Windows\52.gif
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Windows\58.gif
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:560
    • C:\Windows\Server_Setup.exe
      "C:\Windows\Server_Setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:888
  • C:\WINDOWS\Hacker.com.cn.exe
    C:\WINDOWS\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:1752

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26F30A60-7535-11ED-A70D-7AAB9C3024C2}.dat
      Filesize

      3KB

      MD5

      6906ed2d953544740484d3258d874bb3

      SHA1

      288e5ed84d9b9a43d148a103f955711d9a1d46fa

      SHA256

      b63bbb1a2557cbc21bb99dfb0b6cc1ac9a655b414a6afe798ab593a64fdf07d3

      SHA512

      1bbce3f3e3cf0425da0f319967d9aac0e0cfd942d9eed8d301d57fd864806b05dda19f0814d040d1e3bdc96156fa15c7d7ae78447686b6f2536a1ed252b64265

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26F33170-7535-11ED-A70D-7AAB9C3024C2}.dat
      Filesize

      3KB

      MD5

      7e9399d3cba5d38c69c08fea34484566

      SHA1

      02c220a77bf1cbc3e6aa8926ccf28c0900716a8c

      SHA256

      85179647557968e7daa571ed5ada4326b4a9260f063989e41edd8561cf1ba31d

      SHA512

      2fc5a4e698f90a2b4adb790218ab5b933974e4ca9bff9fc87b698b7ba28ce8ad402476e4f0ef341729122bbeca5859267e06513bbe3c90ac00dd2576f8cb4ad0

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9OKVQ68P.txt
      Filesize

      601B

      MD5

      3e9b47af0b39533a1075d5de8d98a5ee

      SHA1

      01efba5bf07c23147217ca7edd099fa525121b5d

      SHA256

      94126655ae9255b4e43395efb60de893af6b4fc377d74a1ceb87e62b34d2651b

      SHA512

      fb76a6974ffd83c5f1c9262000ed9cc89088ae4896997644609e0c281eb51a0dac1c24dd98b32142d7f3cc48ff66314416061942e686c63361f0b4f77392ccc4

      Download Submit

    • C:\WINDOWS\Hacker.com.cn.exe
      Filesize

      743KB

      MD5

      d73581301782149d24383e602ea604b3

      SHA1

      96b73a0255647f1e5d36041c91d8333dede16aec

      SHA256

      70f71fbfcab11a348aec03075d768530cacc29f6fe2fcf626e0a9a1fab87cde8

      SHA512

      d9c4d13b1db7b9609ac5107200e786149a5db351c6cabfbb1d8f0734dfbd866a8cd8edc080ebd0d07bf23968850ed4ddb60c51d078acae9c92f8892c8bcc00fb

      Download Submit

    • C:\Windows\52.gif
      Filesize

      218KB

      MD5

      9f8c87ada1d5384d534a30dd74a87a46

      SHA1

      a9afdbdf992cec7d2d305bfdf89d59d2dcd2133d

      SHA256

      936cbbb74fa6642ed2f6218cfd1f0d6e465e126726653445296b398aa4e8f276

      SHA512

      4e0a3f36d54e0f34363556fe9f06b4ea95193e879a8ab3acc12044b1e9678e58f901a3e632a3d332e10d42a83325699b85d94bb31f08f71252924165ff35d6e1

      Download Submit

    • C:\Windows\58.gif
      Filesize

      17KB

      MD5

      41bbaf8278772dc824bb8ea9fdbc154f

      SHA1

      4fac07e27ac17a67374a083e5a907ca4d5314729

      SHA256

      150adea695face4e177ab81a93e0ec557df23cf7a842edd0a1e9edf54ce902f8

      SHA512

      365acbe1d88023fc541c8f0083a88c20d9c5ff5171f1838c012fc4202870a8ff678e8d8e0b7eabd7b924a7857c2b20b8111ff6a2d28c5993f5e099210cde82af

      Download Submit

    • C:\Windows\Hacker.com.cn.exe
      Filesize

      743KB

      MD5

      d73581301782149d24383e602ea604b3

      SHA1

      96b73a0255647f1e5d36041c91d8333dede16aec

      SHA256

      70f71fbfcab11a348aec03075d768530cacc29f6fe2fcf626e0a9a1fab87cde8

      SHA512

      d9c4d13b1db7b9609ac5107200e786149a5db351c6cabfbb1d8f0734dfbd866a8cd8edc080ebd0d07bf23968850ed4ddb60c51d078acae9c92f8892c8bcc00fb

      Download Submit

    • C:\Windows\Server_Setup.exe
      Filesize

      743KB

      MD5

      d73581301782149d24383e602ea604b3

      SHA1

      96b73a0255647f1e5d36041c91d8333dede16aec

      SHA256

      70f71fbfcab11a348aec03075d768530cacc29f6fe2fcf626e0a9a1fab87cde8

      SHA512

      d9c4d13b1db7b9609ac5107200e786149a5db351c6cabfbb1d8f0734dfbd866a8cd8edc080ebd0d07bf23968850ed4ddb60c51d078acae9c92f8892c8bcc00fb

      Download Submit

    • C:\Windows\Server_Setup.exe
      Filesize

      743KB

      MD5

      d73581301782149d24383e602ea604b3

      SHA1

      96b73a0255647f1e5d36041c91d8333dede16aec

      SHA256

      70f71fbfcab11a348aec03075d768530cacc29f6fe2fcf626e0a9a1fab87cde8

      SHA512

      d9c4d13b1db7b9609ac5107200e786149a5db351c6cabfbb1d8f0734dfbd866a8cd8edc080ebd0d07bf23968850ed4ddb60c51d078acae9c92f8892c8bcc00fb

      Download Submit

    • memory/1528-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

      Filesize

      8KB

      Download