Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    103s
  • max time network
    195s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 06:30

General

  • Target

    96043bfec884d19fdd6c04492465f7a93ff2507043954499e1744c7d8d495d40.exe

  • Size

    2.8MB

  • MD5

    3e774e5d3e336cac49ede70544161c9e

  • SHA1

    701dfc9e72e84b106569c0e5baad1065d44245c0

  • SHA256

    96043bfec884d19fdd6c04492465f7a93ff2507043954499e1744c7d8d495d40

  • SHA512

    640098fd16111a22c69b48ba078add7c9f9de3d008ecac297f758cae28671d158b1b9e308e5e8a9ebc892201a305802e11c05a22b4fc92a3697c3efc25311ed9

  • SSDEEP

    49152:pNI7K/aiPrTZaqdwk0c05HGiiYzgjnnRthaWQ+mvezB+/SgLES7SuSspSA+u6EjN:XMKCiPrYqdwkLcHHiYzgjnVPQ+m4+/SY

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96043bfec884d19fdd6c04492465f7a93ff2507043954499e1744c7d8d495d40.exe
    "C:\Users\Admin\AppData\Local\Temp\96043bfec884d19fdd6c04492465f7a93ff2507043954499e1744c7d8d495d40.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.qbz95.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1764

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_1398BA60C87B7287D6E8B4F7A183DD7C

    Filesize

    1KB

    MD5

    71a0fca0b01e935c69500ce780eb9bf9

    SHA1

    78678bb7fddb09cf231f97129139086bf9c3795c

    SHA256

    0247d0c4801c5b31b563d571d6e48eac65b19ad6cec344e9b54879b5533b561f

    SHA512

    e4992e538620546fcc51c30910e2fe7357843fde4c3b25f91889fd41c8de11fbe14e4e7c0764adca595ccf884d99ca0be8917e3fff1a448034c6f2077c8bf751

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

    Filesize

    1KB

    MD5

    1171c9552e67ae85d38eab2e6a034bad

    SHA1

    cf9dc63923d82022d05c08a4dae9569a79aa6d6b

    SHA256

    8e6539ab01f989826a47895a3a76c0876053c6caa5d0a38b1277c0c9708d9cf0

    SHA512

    5e6b67da26774932cef0605554b2059ee913327b45652a22e78df1453f0f3b0132982c2e0afa7183084b186de1efe350eb5d4d2cf0dd7d0df1649ad71fac9f87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be4d420b65555edfedda2cc2dd332e39

    SHA1

    952ec5da2983001b326d2dab5b1b152fd93b1493

    SHA256

    e141f7be2c1319f5aeb0ab2e541a7dc2e66733429b797163c538a655372412ab

    SHA512

    38bc3fbee4ebdd1d0e2ebba6318134f6fa51f8de8e2c0a81774245354df635f9ed6993936077d4f2d3939c7283f19e102e7b78b528586784ab2a4c4c840a243d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_1398BA60C87B7287D6E8B4F7A183DD7C

    Filesize

    532B

    MD5

    5fd6b28ee95cd48e59b375761fac7436

    SHA1

    6f199a0c02a9cc54adf5ef8eb26b196769e2869e

    SHA256

    bb44ec8da88b6f9391256c6da99f957ba74cfadb9c34f706daf040a18646615d

    SHA512

    c46d9e4b98dcd041b255729ef6858f31b6cdb0c79007733d7cb7ab70d82a7ac2b3fce30fff801efe5ad405a3abbe8eafb1e1fb90233513f2cf7fd66377b15c98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

    Filesize

    492B

    MD5

    8d38b1bdeb58e40bfe9cdf68e05404f5

    SHA1

    f2cac0bb2a1280785b7f0fcf15d4f33d2372e3aa

    SHA256

    b0fe5d9f8d00df2cfb926d78d7537eddccd47980dbc1e7e5a0ac891249af5d10

    SHA512

    d038185e08c971fd94030eabc5296bfcd399eae5de92bd3047de247dbdd771a28419751dfebe0ab98b094db3f8885f54a70485f64b6e2d0be291876a71440f69

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\performance[1].js

    Filesize

    5KB

    MD5

    ef682b4cd5e4e3535b14d893657fe3b8

    SHA1

    3105c7c654b7957d8c654ca7f2d6a0a8afd398ea

    SHA256

    f38c37fe417ca60de140f03283b25a7e15f96bba6ff48e7a792b25db1ed53861

    SHA512

    e891dde9bae6fea06db91dc478b5678c599b3c8ace9895adef9adda7a5f009df3c0a149d19e5527606573e498c0150f0af337362a9e5cd49348f5d935aebcac0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XNRFMOH\66M8WBEY.htm

    Filesize

    5KB

    MD5

    25696203d9f67e1c54347464f86437b6

    SHA1

    05b1f382bb3742e841235b8ba30f5bceba520d84

    SHA256

    844f1eeb84a30e9ff7934a41b8deb4f54b025369a36ce5344bce0bd50c4c4536

    SHA512

    0fd0476c87e1d7775da0daee35040cd075c6a75777c27d5016cc58fc7b36b4afc6419a26d197af8fab138a2c6f512ec9938c35f4ec4c0fc69767e8b6562e3849

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF53UGF7\wpkReporter[1].js

    Filesize

    37KB

    MD5

    70e44cee18d1654112561a0233cf7c1d

    SHA1

    e00c04f0a4d6970f46d487c8b9ae1720df7e3f67

    SHA256

    eed5dd71659f01ca5daf4880cd8ee8e314e8df0ddf4197dc66c461435d0e6aed

    SHA512

    bed704cb2d87c449f1e6e0339f2b61773e8ae8c8b21c26dbbb656ada7f7135a7cc6e57f3dc97af59d2660d2a8c1cf2fe432293b66e6e5e31aee843c4198102c7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZLYL77D\globalerror[1].js

    Filesize

    4KB

    MD5

    a47bdd3864c82e3291c5b19a32fc52d3

    SHA1

    80c92dbae4ba3e91ed957468ad7c5fdbaa097eab

    SHA256

    67261dfbc4ad333a6430c1896794493a11d22142e419b9061bfd38da17497275

    SHA512

    159818e36d65d9cb6f59e663da4a59ade2be779a4df20278dad508c5a4a6b9d40153da024877f17aa5b5b2ff5844145b6cb0bb05691d5457287a7081210574fc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FYTTH005.txt

    Filesize

    601B

    MD5

    2153ee8ae2195cd1807506c9f8b23462

    SHA1

    47d39a908991691ccd19785ae3851c1c554b0bab

    SHA256

    ca71b2103af46fb7c4dab7e36e4c88b54042c7354109a07ba1cbf75b0b592095

    SHA512

    f9a16bbef5f32a8742ab2de9f32679e63ec9eca32b71793d365e0f32915ccf571506a1b533fbde8b57344d1ae97624088dc2eeecc5fddc390e37d22c5dde6bcf

  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll

    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

  • memory/868-54-0x00000000753D1000-0x00000000753D3000-memory.dmp

    Filesize

    8KB

  • memory/868-56-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB