Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

b69a22349d...b9.exe

windows7-x64

6

b69a22349d...b9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    126s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b69a22349d55c321aa72831d804b28c6ef364d38f783acb5fa601db6309a65b9.exe

  • Size

    141KB

  • MD5

    0b4f1c6cf4d6b067e755b9ae6b52ef3c

  • SHA1

    baab65b9695f7ab634f157181ddd660d555c3bc0

  • SHA256

    b69a22349d55c321aa72831d804b28c6ef364d38f783acb5fa601db6309a65b9

  • SHA512

    6caf71bdc12ee7cc725ce7aef6fb48abd1e53161155d4cf1b4e1cb0186f2c09dbc2af148559f6b020a9e6e0bf6c7c5bd0fa57eb3a2ad2885549ca061f0508c2b

  • SSDEEP

    3072:Utx8XWWqZGLuSX/y/32XZrXMaDTOZvKcctI:ukWKLuSv232VXMaHmva

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b69a22349d55c321aa72831d804b28c6ef364d38f783acb5fa601db6309a65b9.exe
    "C:\Users\Admin\AppData\Local\Temp\b69a22349d55c321aa72831d804b28c6ef364d38f783acb5fa601db6309a65b9.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    fadba13e0020528b5b7dfa27b8350814

    SHA1

    c59a2f117cf762c5e192af3aa956f1b3eb2eb0b5

    SHA256

    518451989f1725b3ec9954c6aef871299f731c6010a53ad7fad4ea036f7eedce

    SHA512

    70f436488aced3d06268c5cc4b4929a3aeda49243acca8f46c32a89a7998114e0d69863b12b5f4729d4cd4e6f3658c7bb8154a9fc6ae03dbe30783037aa51337

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
    Filesize

    5KB

    MD5

    b7581f6b7d7d5d489fd9fc086615d8df

    SHA1

    3b93abd0f8b88a7dca9c05d5701c7fb1c2fd9cf3

    SHA256

    6a41243cf2e991c0995f8a28cb34e23a697cfc71f752fc6f456c35ccc816dc8b

    SHA512

    e0c7620bd8c1d3753111212dc2d43afab7f7d81e157e145bede4acbcfba8b4aa04bc942f3b4dcb356c3a7953d73eac7dcacdb025970b282f9dac5e08a2ae00e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG9XQTG0\favicon[1].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LKK7J3DI.txt
    Filesize

    603B

    MD5

    dcbfdcb53a6ff8245199d71c76d4333b

    SHA1

    226174e6f593914149026f54532db2fa65a9e11d

    SHA256

    9678de171363420837e0aecac157986c55c0a04b7db91331d3b2a19b2deb0371

    SHA512

    4fa648089f6be9cc2e63b5b5d924608af154ebeea38f5c5afc45daa89d2b69d039fd3988a10d6d96d5eb683f70592c00bbc0e9228feebc119ab716fa0abf920d

    Download Submit

  • memory/1688-54-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/1688-55-0x00000000004E0000-0x0000000000526000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1688-58-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1688-60-0x0000000003250000-0x0000000003D0A000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/1688-61-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/1688-62-0x00000000004E0000-0x0000000000526000-memory.dmp

    Filesize

    280KB

    Download