Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
188s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
05/12/2022, 11:02
General
-
Target
9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33.exe
-
Size
45KB
-
MD5
6301a7424edddfe42912f1a6ff6c9211
-
SHA1
0259d08690cb41cee0858798809ac14c40040153
-
SHA256
9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33
-
SHA512
37c578ff5d25b6f99290b092168917ebdcf2a6c817aa114c47ae06e52b61331d95a59dbf2147820d6caa20db2a3ef0fc1d6a2778fadc3e8e2d8a920d3630c2c3
-
SSDEEP
768:NGW3QtraAwusc9PvkkfvsOtzhzeAvFwuqjOQ+tykl26bXQM3iJcnPZ:NTsWAVsc935fdzhzXvLSN+t95RPZ
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies AppInit DLL entries 2 TTPs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33.exe"C:\Users\Admin\AppData\Local\Temp\9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33.exe"1⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4548 CREDAT:17410 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD522f73342497714535541ec941d1acbe5
SHA1a8ea6ae446a980091b17b4aa1ecf9af8976ddbf0
SHA256db269fbcee451f7156f24410d289fb8367c51744a88caee8bcf72b13bd4fdffa
SHA5127dc6db8c767ba081a40663e70e16939fad11c75837146cac228124b765227a355db36237ed49ae8c174241eb5b9bf357d858c99a7b90958f4ccf7fae0acf01fd
-
Filesize
37KB
MD522f73342497714535541ec941d1acbe5
SHA1a8ea6ae446a980091b17b4aa1ecf9af8976ddbf0
SHA256db269fbcee451f7156f24410d289fb8367c51744a88caee8bcf72b13bd4fdffa
SHA5127dc6db8c767ba081a40663e70e16939fad11c75837146cac228124b765227a355db36237ed49ae8c174241eb5b9bf357d858c99a7b90958f4ccf7fae0acf01fd
-
Filesize
37KB
MD522f73342497714535541ec941d1acbe5
SHA1a8ea6ae446a980091b17b4aa1ecf9af8976ddbf0
SHA256db269fbcee451f7156f24410d289fb8367c51744a88caee8bcf72b13bd4fdffa
SHA5127dc6db8c767ba081a40663e70e16939fad11c75837146cac228124b765227a355db36237ed49ae8c174241eb5b9bf357d858c99a7b90958f4ccf7fae0acf01fd