Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

967ffa0826...48.exe

windows7-x64

10

967ffa0826...48.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048.exe

  • Size

    806KB

  • MD5

    9181a704b26bb53b42f1128c705c3a18

  • SHA1

    f7cd0ce1a7eab4822aab7675cc96670c545b5a21

  • SHA256

    967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048

  • SHA512

    63757f17c9830f500982273edcba240728ace78b5223ec417103c81e2c4c232a2384f7fd4da79c596b7179ddc77d303c305af45cd1dff603d2e422adb805fb0a

  • SSDEEP

    12288:4EncCP0UpnIIxU8H3Ek9aL4cLdWoRA4SWxxL2Ls/unEIZUlxOnY7a+z:NcaAIxL3EkyrLd7L9dIKxQXS

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Drops file in Drivers directory 2 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 53 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048.exe
    "C:\Users\Admin\AppData\Local\Temp\967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Drops file in Drivers directory
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Windows\SysWOW64\regedit.exe
      C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
      2⤵
      • Runs .reg file with regedit
      PID:1688
    • C:\Users\Admin\AppData\Local\Temp\967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048.exe
      C:\Users\Admin\AppData\Local\Temp\967ffa08260e0fc2b0d2299ff4b03abc2baa45cf7e788117f42be369cd49c048.exe
      2⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:276
      • C:\Windows\SysWOW64\regedit.exe
        C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
        3⤵
        • Runs .reg file with regedit
        PID:1360
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" C:\Windows\web\Inde.html
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows\web\Inde.html
          4⤵
          • Modifies Internet Explorer settings
          PID:868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\System\taobao.ico
    Filesize

    14KB

    MD5

    468fada123f5548ac87e57bae81f6782

    SHA1

    edb8f012c25906e6afd8bf335b495e16c440243d

    SHA256

    091c882bb307d57f2c7c42309e7ba8740130fef8c3ed772b0bc5e5505e37034d

    SHA512

    635ec26c88c2394dd4f2a81b9aea8f429a91adfeb37ae34e51b03f3cf8e503c123c3685938f40cea07d6146e0c7113aadbe62fa528f1f6d8b995e617fd68a4aa

    Download Submit

  • C:\WINDOWS\system32\drivers\etc\hosts
    Filesize

    3KB

    MD5

    a0bfe41ae7dc42b53a9b681a3f128166

    SHA1

    7072a312b976921034857579d2665b0d61c9f87d

    SHA256

    ad89b82292371265f2abb02819af698033ecaf6ef0a55a5c48a7c5637cb89287

    SHA512

    cbd9a3de72b41f8a55ddb918f8d5047be3582e056555d8e6350fcc569781ae1f8d35c2bbe0eb50e1bc40d7da130ff01c9437c2217ebcd07b2b97d38b2f35cb64

    Download Submit

  • C:\Windows\SysWOW64\msscp.reg
    Filesize

    228B

    MD5

    2d06a424ad1c7611ea9caad93892ea26

    SHA1

    a901e15c2ecea498f1ca8ffc5d5c32bd3f0169d8

    SHA256

    8c19027357bcb3170b6844aec44cd4c143c7b795d5df52ff89426615010f715c

    SHA512

    3199dffce9d7625d9e01d7a06c912d3629e5f3d98d3935763df6b323807d46f24a40876d78d5ae7f7ac83c90e498e7c4810d88993904dbca1036e8c06833ccdf

    Download Submit

  • C:\Windows\SysWOW64\msscp.reg
    Filesize

    228B

    MD5

    2d06a424ad1c7611ea9caad93892ea26

    SHA1

    a901e15c2ecea498f1ca8ffc5d5c32bd3f0169d8

    SHA256

    8c19027357bcb3170b6844aec44cd4c143c7b795d5df52ff89426615010f715c

    SHA512

    3199dffce9d7625d9e01d7a06c912d3629e5f3d98d3935763df6b323807d46f24a40876d78d5ae7f7ac83c90e498e7c4810d88993904dbca1036e8c06833ccdf

    Download Submit

  • memory/276-65-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1484-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1484-67-0x0000000002D50000-0x0000000002E2D000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1484-64-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1484-68-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download