Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    112s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 23:54

General

  • Target

    aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3.exe

  • Size

    16KB

  • MD5

    00d2cd2b9c97b5208ee023118ca80976

  • SHA1

    f4c2bba6fb36039abfda175fc4316662360163f1

  • SHA256

    aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3

  • SHA512

    214937b6795d9ee59dc481967b664dbe8e43f953402c21fadf8bd2208d09724dc883de524c66ef6d48e75bb8119933b5f2ef5c29fb36e768a2c284536304f9af

  • SSDEEP

    192:DmGwWlwFtG5u/9JvChQYVCH7dIPlMuNW+ruJf57VaEhS7Mv:DKWotMgJ7+CbduMuNVkf55awkMv

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3.exe
    "C:\Users\Admin\AppData\Local\Temp\aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Users\Admin\AppData\Local\Temp\aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3.exe
      C:\Users\Admin\AppData\Local\Temp\aa34dfed45d8225f76ffdc57305c0f3bfb80a5d6448ac6ec225b8dabb970a2a3.exe
      2⤵
      • Modifies Internet Explorer settings
      PID:1400
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    7KB

    MD5

    128b756d3be59fd846a3a972b84b8fd1

    SHA1

    c1250b6e8cf32a2be6f3aefff7134a9ebd9ad664

    SHA256

    1885e5d1a69fc5b29df5095824f3b73c2fe27cac566797b0a5e502c1b6489432

    SHA512

    800c8eb3c547eee8bf4a963e2f525daacd387c171014453f640715ad964697b6375e2e70cccfda4f30397fb585fdab55ec739a311fb1f036182222c44fddf237

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    232B

    MD5

    801eb05a096e2e7f8cf81d4807be5496

    SHA1

    1be3c16119037cfac20b34f6fca91de4891462a8

    SHA256

    87aa667adaf76f5247c78f21eab00ff9f0a38f7a1e5447e8d8c4bce8573ccf2c

    SHA512

    5b213259e44a0e3da1ff971b2329b8a184baeb5761e47c2a1bc81df1d077032b673b6b2966691a52f29deadbe75d3e5f521ebb481a165f5ff3fa48f545312f5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e718afcf01a919492c37a17d804a31d

    SHA1

    ff5d9e36f5f77d0727e3f36283e6cb0ab10a7ef8

    SHA256

    85ea3acf1305251e87ae31fd177adfc6e856bbdcb07fed572a4ab44c00b406cb

    SHA512

    ea58aef415b0a37f0e554bb5e13ee0fd1f3a6cbf294065f730afa99cd9c00763fdcbb2fa1be24d283afe4bcced981dcb57df6b1791c48224b8dd9fd26f345f95

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    5KB

    MD5

    c437a9c2cf077ee598aeb96d8726606f

    SHA1

    208e94a7eeeb831395c288a856df1f0dd51ffd69

    SHA256

    64e29a301f7d7a6e7772511ff7f878db93d1dea9f95015c8ebd7fee6328e67b4

    SHA512

    c744bf97d60282f1b3b64585916344898be26a806caaaa7204be5f39b01368de7893b0d56cf03dc5f5485d23253cad8f62520c1a0d4198d741b9e90894d76971

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8JNVLWHA.txt

    Filesize

    606B

    MD5

    c494336f999e1b97dcbc67a9098c81fd

    SHA1

    c8dd79467b2179c5024b740c59e7a2b37665f60a

    SHA256

    7aff0b03085872b6da438b020316e1b7e9efb63d48241c0dc707d4860d8213b1

    SHA512

    77f482651a851d35fab7c0c66d978532bda7e02ca40fedc041e22d393a2f539a81e1adfee5e1fdb12148b4ac55a0193ff345d00adbde5f25e1bb634246ac9f13

  • memory/1400-55-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

  • memory/1400-56-0x0000000076701000-0x0000000076703000-memory.dmp

    Filesize

    8KB

  • memory/1400-57-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB