Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

b7d3fdd4dc...a7.exe

windows7-x64

8

b7d3fdd4dc...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d3fdd4dc96acdb7e525f437596c250508cd5912b6a45366445568567af8ca7.exe

  • Size

    361KB

  • MD5

    479095d4c4cceb28970cec5e653a4292

  • SHA1

    4387b1f7964a5f6cf273319217615f2c79b788dc

  • SHA256

    b7d3fdd4dc96acdb7e525f437596c250508cd5912b6a45366445568567af8ca7

  • SHA512

    d34e23190aa742f4ff20384f931fc9636d05e06d11a2c44f7b0b5948a0a5f72b4fe8b1158f4ba5cd9094cdbaa16f077f26d1db2a7a5da259b354f786b20bb836

  • SSDEEP

    6144:WflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:WflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7d3fdd4dc96acdb7e525f437596c250508cd5912b6a45366445568567af8ca7.exe
    "C:\Users\Admin\AppData\Local\Temp\b7d3fdd4dc96acdb7e525f437596c250508cd5912b6a45366445568567af8ca7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Temp\qmzvokfbphdzvrbx.exe
      C:\Temp\qmzvokfbphdzvrbx.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\khaxuqngvs.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1716
        • C:\Temp\khaxuqngvs.exe
          C:\Temp\khaxuqngvs.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:748
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1204
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • C:\Temp\khaxuqngvs.exe
    Filesize

    361KB

    MD5

    c015e94cc4a447c0a5dfe2129a2d8a07

    SHA1

    f7a8ab003ffd5a59c525e3af6eb43cd697443549

    SHA256

    63988312e0b181bc0fc5138f9b474a2169781a194c069ff7da0c872841fc991a

    SHA512

    4e6d0875703b4e0522167f2aeec0a93b345b342829472d2faa09c4cdc01c615d2b12c4162b3b09ca792657e2c76f191637887daf3602b2feb267c74a5b41d0bd

    Download Submit

  • C:\Temp\qmzvokfbphdzvrbx.exe
    Filesize

    361KB

    MD5

    8fe75002d9880a3fe7677705fd0b7b2a

    SHA1

    f219b317805c6bd477c5b192c7c5b9fcd5c5bee7

    SHA256

    7027b367cc65f080eb0a7324842dc2a8e0bac2c67e6fd0b8fd9a8a160a0d3781

    SHA512

    dec784c424e2c037b15b9208178d44db8d59b37b1fb7a4afb7f985e019a5215a6559f3356f7b5f48a99e8d24904983116f8aa61377bbcd1f1dfc3c74d347bf34

    Download Submit

  • C:\Temp\qmzvokfbphdzvrbx.exe
    Filesize

    361KB

    MD5

    8fe75002d9880a3fe7677705fd0b7b2a

    SHA1

    f219b317805c6bd477c5b192c7c5b9fcd5c5bee7

    SHA256

    7027b367cc65f080eb0a7324842dc2a8e0bac2c67e6fd0b8fd9a8a160a0d3781

    SHA512

    dec784c424e2c037b15b9208178d44db8d59b37b1fb7a4afb7f985e019a5215a6559f3356f7b5f48a99e8d24904983116f8aa61377bbcd1f1dfc3c74d347bf34

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6SHQWAM4.txt
    Filesize

    608B

    MD5

    b6eb3dd430fa1d3b1d4fec5f1f4263af

    SHA1

    b653801b6372b4dae7d2d2acf68a796378bfd70b

    SHA256

    40cf7598abd66084bfa6b1fb159bf6974d054d06387f62650926888e6352d14e

    SHA512

    c4e717c9adfcf64f294cfe674cc448cad93f6e7991e1e4dde5d20541470a9c102911b7bbd06e9b8457a2a15fdf689ff05c30238c78ea892aa0ff5daadbdb430c

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    2910ec19dbb07227b0c03b7f86a74ddc

    SHA1

    5c277dd3403a1d54692ec07586574042d223b466

    SHA256

    234d3ab132edf34ce1db79cad979de1761dcdcedaae43eab240a6faf9dcaf637

    SHA512

    653f19fa24d127897de8967091f8a57d4715d946e4f6830c6a7a231c5e48100f41078d25be4ac789ae5b8e67555050febe4b8c20c92c184c36a5c00006d4c05f

    Download Submit

  • \Temp\qmzvokfbphdzvrbx.exe
    Filesize

    361KB

    MD5

    8fe75002d9880a3fe7677705fd0b7b2a

    SHA1

    f219b317805c6bd477c5b192c7c5b9fcd5c5bee7

    SHA256

    7027b367cc65f080eb0a7324842dc2a8e0bac2c67e6fd0b8fd9a8a160a0d3781

    SHA512

    dec784c424e2c037b15b9208178d44db8d59b37b1fb7a4afb7f985e019a5215a6559f3356f7b5f48a99e8d24904983116f8aa61377bbcd1f1dfc3c74d347bf34

    Download Submit