Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

ba17ea4757...af.exe

windows7-x64

8

ba17ea4757...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af.exe

  • Size

    67KB

  • MD5

    51d14f3fabb33d8becc7f87d080d03ef

  • SHA1

    b7e22e9262ef1cda272723d11aad9026f6437822

  • SHA256

    ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af

  • SHA512

    2f1f17bb1f734ea9961be867e714759dd8dab844475cc703d727354403a55766ef62490c0aff12fff80367ff4d67041032a05be133871cf285ad7cd04701679d

  • SSDEEP

    1536:7hriDnHI3mTiQbgNqtn0l4xVNHOmSqLtAIfD8ogK:7Wck3bqc0l4jN1LtAIfIogK

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af.exe
    "C:\Users\Admin\AppData\Local\Temp\ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af.exe
      "C:\Users\Admin\AppData\Local\Temp\ba17ea4757a2d3c257c7dd889a5edcd86a0bd4392310bf2fd1486f9ffdc667af.exe"
      2⤵
      • Drops file in Drivers directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1116
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1116 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1304

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    b5e2365adfee911965bade59fee527a1

    SHA1

    16ddcf9f2c2f155f3318aa42db9d60138b84863e

    SHA256

    e75e8614c942591c5ef1a18db55f8cf955953c4b54363aac2953fae548fea669

    SHA512

    3a8cb41e4cfb4b106e8b121366eedd50f8653a368ac5c21224ed0090ee43ddcd5c828eda8734499e02fc131159311049b874cb79b66945d8078e4a6526587f70

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    9KB

    MD5

    f55892df2dbfe9ff5c04e97503be6272

    SHA1

    f1bb1e70aef5a0c588612b06aa6578d6fbdae74a

    SHA256

    1071f0e84db90e34db956a912ea305fe1e4eebb6fce5da2a7690051f9f06bdf5

    SHA512

    f66d2497bac6536b59db564178f9a95680124f8587a47f2b63ca84897629c52daad5ab345f54b08fb0e824b56e2a01989227330f5fd4865a43ef6aebd47e7d5e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K2D250WY.txt
    Filesize

    606B

    MD5

    8f0b8be95798e49f83bdfb33a35a8dd4

    SHA1

    389d6587529454bd34bd0da8863b57b79c13d400

    SHA256

    c9503b7e7fdc877989318d6e00cfeda690dfa72fbba10360c1515542738b2433

    SHA512

    3e1e78d9a5603cb049563a37834e5be842368a5b3a2185e9fadbed600307ee561b43bfef13c3f803a1f2835e3bc578722b78cdcf172328076899159d03d8ed98

    Download Submit

  • memory/1172-61-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1172-63-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1172-69-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1172-70-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1172-71-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1172-72-0x0000000001FA0000-0x0000000001FAD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1172-59-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1172-58-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1928-54-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1928-66-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1928-57-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download