Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

80daeec32c...40.exe

windows7-x64

5

80daeec32c...40.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    174s
  • max time network
    210s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80daeec32c4197d23614bfd6bb33b970fb45afbc5ad2990e1d7571735f2dd840.exe

  • Size

    56KB

  • MD5

    d6db2418b92c1df56422e5fceaebe0f5

  • SHA1

    15c0b039d8bfb1b0f9f753af73c279f1cc57df3e

  • SHA256

    80daeec32c4197d23614bfd6bb33b970fb45afbc5ad2990e1d7571735f2dd840

  • SHA512

    41f12b640f0909b8170d254255960d30ed49891fca0754379e7cc0528049a8f83cbd4b56a04edc75e78e98f9d39b1d9f15c30d71bb46d48259736596aa68451c

  • SSDEEP

    768:ECPd5jJ2AeYUllXWhwkVzVVLZcTW+ZR1kUE6dLXUlPRAR911BtRbS4r:ECPd5jw7MF+6UE6d4lyr1W4

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80daeec32c4197d23614bfd6bb33b970fb45afbc5ad2990e1d7571735f2dd840.exe
    "C:\Users\Admin\AppData\Local\Temp\80daeec32c4197d23614bfd6bb33b970fb45afbc5ad2990e1d7571735f2dd840.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://facebook.com/25bil
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:428
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:428 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://billkr4z.blogspot.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29b716ad3bb83271608a0217a5fda28d

    SHA1

    54aaf654afa37a1643c7a2f8bf1fb11a260a29b7

    SHA256

    faf67103ebc495418d7ee1a47f99957b05471ba10b03af089824bf3d962f9aef

    SHA512

    9c55717392754d129a03bdce5ef3ee73e432ec535181b875944a3b7b1d31d12c2c5884ce15e4633090ec6ca4b6c10e1a45f234faeda354a7b35a7a29acead53f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22c7f9a286cacac27d6a60dc57533678

    SHA1

    90e24d80387dcaa0adb23399702a8b250f5fd2f0

    SHA256

    db27ff08754839d6c151757bfff8870b4261ed0ea98c4a79346f500a02d7a24f

    SHA512

    4e1d0887b39aba2e566cedaaf76ea0def3428dc281d9fb2572089791b04ac83855498f8fea7ebac6d00b8e6dbd38e2011bd043b2d44328914ce7d636e2ba5629

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ec94628b9ab708c4b5513ab1f27c2dd

    SHA1

    9bdaafa5905057d5a73006488adf845dd5e2a6ec

    SHA256

    4598434e6c91c10e6c3bdbd8f8d79ef73af9b2c83f7633474b3eccf490be1409

    SHA512

    5932f348771cf32c8e87608929dae00596c993617e0a3e6d6c74b945d3b5476067b1059e6c8b7a5f3d9e25b528776430aee0c77a7b1dc99d110eb095967a73b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56f74bb829760096a04df17fea84467c

    SHA1

    f507fe919973bc8bd55a45495f451103092f0efd

    SHA256

    794eb40a812ecb2c3a1898a5ce96d7c346b752908c2322c97a12740434118e52

    SHA512

    29fcb676a68b988ce94d451337d047e6fd8143bcddd2242494dc60a85e81284f3f26d5285f9d1e3795e8d77ed2967bf662a9eaeb5300ae831aa13537a14195e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c92c971e3ac3b17ce23116180107528

    SHA1

    7bc3008e6ea2e71af4ed3044010a5035870e8f1a

    SHA256

    38a1eb44efaf8d5f70044d3de4b5ec3270b280ba0466f8811c05c6820c0663a7

    SHA512

    a3d421abcac8d52f79618e628f3ffa699f658517b6315b701108f24fc06667e8f44a2d3bf3732325e6244f34a5770f7a03ccd1861cf6b10abd945986a9d8c634

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0feb716426238d2762343dd151b6b43

    SHA1

    6f4ccb561bf913630f96e3c461c2b5af69aa75c0

    SHA256

    4080a9174a4c41f15661cb5ad2db5f20e10ef6547396ad0d8bdcedb5917813e4

    SHA512

    8dabc58c5590659cb7aa6ee0ef7bf84648f1e0f76df172afc5eaebded1a9fc2dcbb3caa38b90f24c60d402de2994c37eb31cf78b6d0f42df570e791702707646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ed54f56b4cb7bbf745405b5e7e47de3

    SHA1

    0b6c23c419768b5fc9a955b731b8ce7786e6c4d0

    SHA256

    1b88cd13d3a67824f611e5857630165ba91bf771be6c3536d54f87190e43748d

    SHA512

    9790c593c3a4c0b27007eba4c164c0b06867391ef7649a1d53efb9534bd239210beb5e26456cc92c4b33cf6085896cf972a21ea916ae6a95426497e5be46ce38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c54f6a0d7da655655a5bbc2b4527b12f

    SHA1

    b9a02a1b75200578e1c053e761748c2da88ddeca

    SHA256

    42b1f9f60a396e12606ee32040ebca94a8f183f81cb0311e191e130b7b2c2978

    SHA512

    0e9cd68e7d7432b768938bd4054f9ce2164272a24d1233bfbd9d1603ff1b55007307d6044422c1ed4a66227c5e39d93f817e3228dc97b500a639aa7ccfdf2d0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    30c99ff1819a7bd3aec86f49a94e8504

    SHA1

    26e82b389931a5a75f6d4cb72056aefc1542efe9

    SHA256

    f120f9db3d38347586e99916f71a506f069335402efa21c29a64923f5a5fb925

    SHA512

    e3ce2b0fa966077b1e6d1b213bf963bf17d9e44b2df352144e0bc2029d9640b61d23bde4e369c5b9a94f33482c0202ca39810107379205d6f7824800b61066f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C968ED41-7838-11ED-AA01-6AB3F8C7EA51}.dat
    Filesize

    3KB

    MD5

    09c0522740c17e1033a30b98bedc7d2c

    SHA1

    ded21cf22d800180c8de565d7585d350d815f2f2

    SHA256

    7d88fcbc25cbe92bab7b6bf31590f6d913c6e5aeec8565f37fd6d8d1a960529d

    SHA512

    48cb68258932a36421af22a838118ed327e56f4ea4bdc353d44455efe3fd1c35acf40b685176118c626e921935052a4648f0f4c1b75ec525feb05f4d5ac3fbae

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9691451-7838-11ED-AA01-6AB3F8C7EA51}.dat
    Filesize

    3KB

    MD5

    e57f04a2b31a758fd4ef4980884d959b

    SHA1

    45de3bb09635a6b621e48b75e3a74a3a5c017b29

    SHA256

    063793ba19bb709d02d655ea9f3dbe1a83558c2038726091b27b8e6c502487b3

    SHA512

    d534b7e38a05057bf47e45bd7a9f2752e2f79a6a1ec0181f0da6de0e7a250b1e624afccff0db67781b877d03ca8670c4a92685e53c10c696c3eae6ad592c4ab5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    11KB

    MD5

    061c791e102bada62766d2de9a6c532b

    SHA1

    28eb8daae077d22ea9529915a5d57e46ee18bf03

    SHA256

    08473e0b6fcf733053bc1c991e31afe9626df55c24957a274a99a7da6ef4d9fc

    SHA512

    ba59ce8a982b65658364f1fecd3a9d58e017c4f66fde3d0a9cf5cc302f88113bdd2cc09f6db402dacb98b7a0c2b81613053a02970f4c7341c8bb34a03f41bc90

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    12KB

    MD5

    241f7011d03906a3a7d23f4eabf1ba0f

    SHA1

    c75c4cbd2302051294fae4bb2edb3e4d7798f385

    SHA256

    38808064c559dc2f7590af40c0e6f28cddffc4245ea6ba5e26d59d90cf81605e

    SHA512

    88ac942672064f681e381f2cc98b386fcef38caacf11d4a878ae257204eabce18fdbf85c372b472912bd9cb2abc980203d1d0f2f8eef5f90a87e8404368e57b5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OH5HL4XX.txt
    Filesize

    600B

    MD5

    b693789fe2d77590dbc212df5aa12688

    SHA1

    14ba2a4716884316891c4434c75ef2540b69b22f

    SHA256

    69b1a8628fc1d81ed2362eda3e2a6f4cbe2f46054b1934c7d2335ceaa9e0bd68

    SHA512

    a7a0a749662664fcfa24489379a40f300b54bbd764ee033a8c771ec952d6b00c1d3c9af67ee8a000f7b338591155fcf2807ee6a1fde9029481aaec53e95a3aeb

    Download Submit

  • memory/1128-56-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download