Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

e80007b22c...51.exe

windows7-x64

8

e80007b22c...51.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    194s
  • max time network
    198s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51.exe

  • Size

    239KB

  • MD5

    9613795a3c25ee2e7b6a4762e3134dfc

  • SHA1

    6d7b991e2ea2064638391cdf18dec16264eae723

  • SHA256

    e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51

  • SHA512

    1b32dd3327cf31b117604e4da413e27773e1dd2b391a336d086002739f400dc8bdc6395915c52d3ea11bf7f0572cf84752668a0c1ddcf4d0caa9e3c7aacf71c9

  • SSDEEP

    6144:OdUweLUA9uvov7yYde1wagaebW8PIOpwtF:OdZ6U1Kde1waJ8PJmtF

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51.exe
    "C:\Users\Admin\AppData\Local\Temp\e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Users\Admin\AppData\Roaming\Mozilla\SystemExtensionsDev\www.he-collection.net.exe
      C:\Users\Admin\AppData\Roaming\Mozilla\SystemExtensionsDev\www.he-collection.net.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.he-collection.net/member/exe_contact.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1396 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7WAAYHB2.txt
    Filesize

    608B

    MD5

    e405cda7bfda136c9b5ed2567c941a9f

    SHA1

    e6c6ccd8d8aa2112c5954619975e9d4a890ac3d9

    SHA256

    fc6b0de98a36a22ba4ce371f17de31bdaee5a316833c1aa633f57a47e447ca8b

    SHA512

    19968e8d7f58dce3a3998328974fecc431470c0649a0f533db373f419ddf7d5bb3a93cb1952f455b033e966d9c7f42152745d73034bf4930537f9f33e2cee5bc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\SystemExtensionsDev\www.he-collection.net.exe
    Filesize

    239KB

    MD5

    9613795a3c25ee2e7b6a4762e3134dfc

    SHA1

    6d7b991e2ea2064638391cdf18dec16264eae723

    SHA256

    e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51

    SHA512

    1b32dd3327cf31b117604e4da413e27773e1dd2b391a336d086002739f400dc8bdc6395915c52d3ea11bf7f0572cf84752668a0c1ddcf4d0caa9e3c7aacf71c9

    Download Submit

  • \Users\Admin\AppData\Roaming\Mozilla\SystemExtensionsDev\www.he-collection.net.exe
    Filesize

    239KB

    MD5

    9613795a3c25ee2e7b6a4762e3134dfc

    SHA1

    6d7b991e2ea2064638391cdf18dec16264eae723

    SHA256

    e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51

    SHA512

    1b32dd3327cf31b117604e4da413e27773e1dd2b391a336d086002739f400dc8bdc6395915c52d3ea11bf7f0572cf84752668a0c1ddcf4d0caa9e3c7aacf71c9

    Download Submit

  • \Users\Admin\AppData\Roaming\Mozilla\SystemExtensionsDev\www.he-collection.net.exe
    Filesize

    239KB

    MD5

    9613795a3c25ee2e7b6a4762e3134dfc

    SHA1

    6d7b991e2ea2064638391cdf18dec16264eae723

    SHA256

    e80007b22cdadcc4b36824d5b73a68c69113256eb8d23880fb5963d3a1ae4c51

    SHA512

    1b32dd3327cf31b117604e4da413e27773e1dd2b391a336d086002739f400dc8bdc6395915c52d3ea11bf7f0572cf84752668a0c1ddcf4d0caa9e3c7aacf71c9

    Download Submit

  • memory/1128-67-0x0000000000400000-0x00000000007D2000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1128-68-0x0000000000400000-0x00000000007D2000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1884-56-0x0000000076941000-0x0000000076943000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1884-57-0x0000000000400000-0x00000000007D2000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1884-65-0x0000000000400000-0x00000000007D2000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1884-66-0x0000000002000000-0x000000000200D000-memory.dmp

    Filesize

    52KB

    Download