Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 10:00

General

  • Target

    a5fcf1f76a427539103b33859bda936890defc70c9c85710ab6b125858841afa.exe

  • Size

    477KB

  • MD5

    07516906e428d39bf512ddb6c3a74d65

  • SHA1

    318f172f936c9b11bc060219951053909ac20520

  • SHA256

    a5fcf1f76a427539103b33859bda936890defc70c9c85710ab6b125858841afa

  • SHA512

    ae0d89966fa9242850a9e6ef09a4ff0313f3f0156bcdd6ad6d39ddfa3bbda7e77882d0b7558e4112c3648e02f2695d558d031294a1d4e8c817055d1049393ab2

  • SSDEEP

    6144:cyOBfkBSFNkquurci6T+uBSa83Y4Ma/Bk2MyuBqPCS+GPCXATD6eppMnRPWAN2Iz:iBfkckkz6T+uBLpwPCX+6eppMnRNzGfY

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5fcf1f76a427539103b33859bda936890defc70c9c85710ab6b125858841afa.exe
    "C:\Users\Admin\AppData\Local\Temp\a5fcf1f76a427539103b33859bda936890defc70c9c85710ab6b125858841afa.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pekalongan-community.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\21JWRDS2.txt

    Filesize

    603B

    MD5

    c80c9f8f47f3823575ecb26aae15605e

    SHA1

    41c82ea738f5ee7400af036d0591bfbad2f10a14

    SHA256

    8697d3aff9f0f063f4f73bbe574818ca12acacabcd392ee15b25984c34d58db8

    SHA512

    b7567606d81c531c14ab25f78186eaabb200ab8497edc952638abd56f8ec74e6e4c3e7fbe3270f872fb9892c8eeaeb9c1021564833c917fc1121e93fd84fb312

  • memory/1228-56-0x0000000000400000-0x00000000004AC550-memory.dmp

    Filesize

    689KB

  • memory/1228-57-0x0000000076401000-0x0000000076403000-memory.dmp

    Filesize

    8KB

  • memory/1228-58-0x0000000004200000-0x0000000004CBA000-memory.dmp

    Filesize

    10.7MB

  • memory/1228-59-0x0000000003F80000-0x0000000003F90000-memory.dmp

    Filesize

    64KB

  • memory/1228-60-0x0000000004B31000-0x000000000507D000-memory.dmp

    Filesize

    5.3MB

  • memory/1228-62-0x0000000000400000-0x00000000004AC550-memory.dmp

    Filesize

    689KB

  • memory/1228-63-0x0000000003F80000-0x0000000003F90000-memory.dmp

    Filesize

    64KB