Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    160s
  • max time network
    181s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 20:54

General

  • Target

    3958be91dec0fe4a91d0136b4796120752f27a6cf442b126e052f2661cc20afd.exe

  • Size

    314KB

  • MD5

    0e649318a8415b27c06538f8e51fde82

  • SHA1

    fecf4a2530922a62bb00bbf04eba1febb0a2bb5a

  • SHA256

    3958be91dec0fe4a91d0136b4796120752f27a6cf442b126e052f2661cc20afd

  • SHA512

    1cd78f1ac51a10e938bab1f99e13102be3aae6f1efc6c3976ceb9abccb1051dc452d34ee28300dfe4dfbf30776a579d05206f81d704c9f9abb824fcc40d2d7c2

  • SSDEEP

    6144:sZvuCYX6bmERmQ5Jfzh1CD6q9A1fSJfYRJ+b39gos04s0yGJVjroPj:stlYXUJzh1CDJ21f47Dd4kUVnoPj

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3958be91dec0fe4a91d0136b4796120752f27a6cf442b126e052f2661cc20afd.exe
    "C:\Users\Admin\AppData\Local\Temp\3958be91dec0fe4a91d0136b4796120752f27a6cf442b126e052f2661cc20afd.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1488
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:324 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    5KB

    MD5

    5bb42d9755f82f439e24b5a68640c42f

    SHA1

    59ae5851d30d011b77f54adb7adbf3498dc1560f

    SHA256

    faf8056db980c59ec14e5b6614fc2d5e0da9bcea07e714587aff5e8fdf79bd9b

    SHA512

    fc244efe581e446dc225f0c99e0203def4862befb6fe19944d98bb053ec754183adb5767e00562b0f23dfd83a6610a8b4b6682a74b54009298005310ce3c727d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZU5P4P20.txt

    Filesize

    606B

    MD5

    4b4a267f6d47d306bffa0b924e03fea3

    SHA1

    a7ef0f2dd7800177c0286dda5f73a3ae88e4b667

    SHA256

    85ae18fe77454d05bc0d05f459083005a0fec2d674915a159f720acc758e41eb

    SHA512

    f5faf3e3382ae19b6fba5a07f267ffcb7ab9958df06a9eae9563d7915b5866aae85fe53a3af9f342ab72b176648eabb154b598f03ca4ddd67cdbcf64159bdf4f

  • memory/1488-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

    Filesize

    8KB