Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

dcbba9950b...71.exe

windows7-x64

5

dcbba9950b...71.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    272s
  • max time network
    364s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcbba9950b519081f80a6a4fec0665d533cf831c3fecce5d2bda036c8ffc4071.exe

  • Size

    305KB

  • MD5

    5af62a19e56e95d687490afb159cc1c0

  • SHA1

    d5295f552f64f32d32570fa31e1181ee63c7e87c

  • SHA256

    dcbba9950b519081f80a6a4fec0665d533cf831c3fecce5d2bda036c8ffc4071

  • SHA512

    6a93a515c0b58e1ed674ae8414f514ad0faad340216e79255938512a69e344189980314ad34b5149628d9875a5e0bd4c482f310b246cb2fbc61b82ab94fd89fe

  • SSDEEP

    6144:19Ufckfn3Vqvn4ftHUk46+2TmnnCJzcOh66LU7J/GvAXXSEZBQX5siEYgK0fT:LNkfFq2Uk46+2Tmn8cOU6oJ/6ApZypsx

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcbba9950b519081f80a6a4fec0665d533cf831c3fecce5d2bda036c8ffc4071.exe
    "C:\Users\Admin\AppData\Local\Temp\dcbba9950b519081f80a6a4fec0665d533cf831c3fecce5d2bda036c8ffc4071.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.v258.net/list/list16.html?mmm
      2⤵
        PID:1800
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\kFBJc.bat
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2008
        • C:\Windows\SysWOW64\expand.exe
          expand.exe "C:\Users\Admin\AppData\Local\Temp\ico.cab" -F:*.* "C:\progra~1\ico"
          3⤵
          • Drops file in Program Files directory
          • Drops file in Windows directory
          PID:1584
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.q22.cc/?ukt
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:888
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:268
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v921.com/?uk
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1536
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:275459 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1716
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v258.net/list/list16.html?mmm
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1852

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cf0155edb4d62b86ed2bc2ec6dc364d4

      SHA1

      4bef1d859d1aaacd51345ec948f4d2a8624999ac

      SHA256

      60902e319181167c188a4055097cd1dfe3423e6ef9ce69df5ed2087da191d38e

      SHA512

      2a2084f167c5e6744b29e3847468ebc6968841dd87bb4d02f595267111b14897556ddc5aa8fe48667cb8e6111ce2c1e85752a1c391f71e33e74c4f74a14926f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9b3cae1e3a545c3343977a58c9f0479

      SHA1

      03c2a88e056e42b2b7c6380ae72b4cff02900c64

      SHA256

      9352c02df8c8e58b4e53a8eaf711736e31bf5b649d3387679b781dcd57e5efc0

      SHA512

      54aa3d24dc60934d16653f70a188950b5274c9772800201127458f69245139ed3bd3231b0735a3c85819c381b422beb0f008b1f9c02144abb652f3d193227975

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d83ed326ac99d13ab024268b9f6cdc21

      SHA1

      bbe08c9fb412893702a66bb33e3c27a108ea1c3c

      SHA256

      b52130bf3cc7b756c522f39db21f712a5940bffacd8ffaa8d0dc6270ad9dafdb

      SHA512

      6e8dcabb17bb0d1552a252891c3bb11e4e504b756958b2061d5d48198d1835a13efce19e9d65b90a6e8a8423cbf83d1acdae5d71631a1f5c064868d3612efa23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3adeb5b78fd5ee7c1e424858bd3fd270

      SHA1

      5c76937161b38fca606ca15bd42cca675391f395

      SHA256

      5b9818e5fe407929e0c1369d72e4a8ecb9e814e16ae3a2f3b0da4bb4d6201afb

      SHA512

      90bdbee96ec8a5b93bdef6749a7dff7bc67d13cf42746ecf432afcea55b2322d27c281044bfeecd0523be71c008dfc5ee92b84a1e47fcd4b4ae9bf2ffdeaf701

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5cc5e3e68cdd3c4c0fdf8a2b35f7d60

      SHA1

      c5addf770e852cfba45629ccca23b7b4b3eda468

      SHA256

      7ffb20d9f57f45742ff446d86c4a59619af734be8353be66229558e583f500ab

      SHA512

      fef785ec9ff2f5bbc0b0986442ca47b1ad74467cd209c46a4ffdaf04586fdc813f78c94d16f35a45d7888d9397493e084a68295c21731ef28aee0c1bf5ad241b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f3b7bab0f5ed2a67109839e35297d3b

      SHA1

      71fcad08d5621f807d2c44fe3f405d2e048f9068

      SHA256

      30e053a1e5bcd9cf0503a6bb21a901806629ec7c82290ad7c64ca57dc69dfb7c

      SHA512

      1b4c0b9c5b8ca0b23922731620e0606cabeefa2e8d77d4d957c0bc0bf5c9455c0f50b6616d384fd88fb913b478df8bc07b6c2000b347204920273c250acf58c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F51D850-756F-11ED-B52D-FE63F52BA449}.dat
      Filesize

      3KB

      MD5

      357e5aca2de24ecc09da4771623c16e6

      SHA1

      da025984f26b933c2cc6c1ec467fd83ec0d448a3

      SHA256

      91b1a97f09fdac4ee16081e278dc8b961969f674baba95136e3d023f578e386a

      SHA512

      f999f841cd4f3a6c66dc1aca365451fe5f49586945563559847ae36ac13352e4ed6510a1fd12f0329dcb334b280e08ae48da404ec7738e9fe36886005411b612

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\kFBJc.bat
      Filesize

      98B

      MD5

      ada787702460241a372c495dc53dbdcf

      SHA1

      da7d65ec9541fe9ed13b3531f38202f83b0ac96d

      SHA256

      0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

      SHA512

      c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

      Download Submit

    • \??\c:\users\admin\appdata\local\temp\ico.cab
      Filesize

      18KB

      MD5

      f462d70986dc71a5ff375a82bd9e3677

      SHA1

      f3d9c09a0ff51d81377e15ae4e0e2fceaede142b

      SHA256

      69528b0fb4e1bc3fb8d92839d98e0717b3f680d98fdfcb9809a2f557aacab295

      SHA512

      5bd2d67bb78dc8c4275390667c135ed10c4733e46ce58ef524ea79869f740db00d2f4a37b949896edcbf1ebbfa1ab4dd16afab4418ff637322883435bb7543ec

      Download Submit

    • memory/1496-65-0x000007FEFB691000-0x000007FEFB693000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1772-66-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1772-54-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1772-60-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1772-55-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1800-63-0x00000000742B1000-0x00000000742B3000-memory.dmp

      Filesize

      8KB

      Download