Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

a9373762aa...72.exe

windows7-x64

7

a9373762aa...72.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9373762aae59bab9ed837cba6b3df80c5d200831f1eb9c79701af4aad723572.exe

  • Size

    1.5MB

  • MD5

    c4d112b122745f2edfd1d2840ade624a

  • SHA1

    8393a23ca04408c150df5cf43b72c950fd75edcb

  • SHA256

    a9373762aae59bab9ed837cba6b3df80c5d200831f1eb9c79701af4aad723572

  • SHA512

    aa64a51421440a2b7cfd9110977e26a8f9cf8f41c8e8e5172f430e110dad0df3260d611216a8bfa215d4e44e20c9d31ba24d347bd668398512d9560470334a2c

  • SSDEEP

    24576:ZBrr/4p6qO4pDlPJsZtZQk5p8hulbEwfDpBzjRvdsxlTShiVPDvE:rv/4Qf4pxPctqG8IllnxvdsxZ4U7M

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9373762aae59bab9ed837cba6b3df80c5d200831f1eb9c79701af4aad723572.exe
    "C:\Users\Admin\AppData\Local\Temp\a9373762aae59bab9ed837cba6b3df80c5d200831f1eb9c79701af4aad723572.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1348
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1696
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1224
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1716
    • C:\Windows\SysWOW64\Wscript.exe
      "C:\Windows\system32\Wscript" "C:\Program Files (x86)\soft251811\b_2511.vbs"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Program Files (x86)\soft251811\300.bat" "
        3⤵
          PID:1748

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\soft251811\300.bat
      Filesize

      3KB

      MD5

      269ca4bcff76c416808ff1e5472e2bbe

      SHA1

      7d9cea09d6d5633ecb89817ac046aec056a30ee1

      SHA256

      53c02fd73eb05e0cd4153fe10db550f9fdd3ab4f0563d7289830efaaeee54de0

      SHA512

      8ec7284889022829f521bc99ddafff641c33129854e9fb4941fe6ec8ad85d1ac2e52e39012ea84f99250c5b493dd04413ae8e152f4bfe06802371d75e89ce84b

      Download Submit

    • C:\Program Files (x86)\soft251811\b_2511.vbs
      Filesize

      348B

      MD5

      2a843158e18cff58acbd98aa49574b08

      SHA1

      fdf78e410b1d98a7856a7114add6f1150c69bc48

      SHA256

      c2b28114de4c4967df161de3583671bbdbb0da60724eb79b6794137da987359d

      SHA512

      2cdb0e9829113b65b3b51c71fc9090e5c0c0147c50e5cd5a419d87e1d60de0032f061db21700e550a62660a9dc11695961c46bf637cadea46d817b175d2a518c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9ce25af948e41f972f8d717724242bc

      SHA1

      59799a3051420eed7f86ee0edecfeae041a6ff9f

      SHA256

      437da11fd69b86e074e0cb47397981aa273955e151d2459c6053230e3ca7e5eb

      SHA512

      cc203583fdda5d64941e9760e668e15968d155853f810db4ed8296263544c39c5f5d54056a2af22ba257e8fd88bac83de2986803c8de8acfbb96a7d3124f444b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{522FB271-797A-11ED-8B07-42F1C931D1AB}.dat
      Filesize

      3KB

      MD5

      e926b418689f5b0a1e5762c8bcec1de4

      SHA1

      29e8586cc0dcb702482d4d7c2ad7316f0cc8084d

      SHA256

      cbdc02ca71a40ae713f7cfc9a74fc41ad86b016293f1882dcafe5b551cbb8db2

      SHA512

      7099b8008e317bf770de92e9ad56ccb02640764ce91855b2455ed5fe0f78df7adc72391943a8b17d635122be506e1eb01f072ad49b3b6f4ac8d05d9c471f3a60

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5239EBA1-797A-11ED-8B07-42F1C931D1AB}.dat
      Filesize

      3KB

      MD5

      c3d50af94c47eeab3c08014c37bfc674

      SHA1

      3633ee13adf795ee0b307b4cb29f40d674713464

      SHA256

      2d66ae654cfaa1aecb1b4f870c5d85fa41db6580f054e956ce88bc1d40fb9639

      SHA512

      44a2ab3aea83b2ca9049a483c01c4ab36c128b623f7051a5670188fae1bb990460028b19706c43dd558de667f5202236607b2fec11cf2ab53ef162b2f0ee198d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9DU8ZK2.txt
      Filesize

      608B

      MD5

      f45dfdece29247368bab78308d29a52b

      SHA1

      e656d3bdc10a272e6b4541755172d8fabd64ad83

      SHA256

      a8ce5ed753a441e97471aa7c0fc74f2a5500275616519acbaa22d6200e1237e1

      SHA512

      c0c9ca5d46e412e36af45681813622897317ae0247d61218c2c9cfc816a3645094e69c28cf6560ded6de1571130752d9014b84151f7d0a0dd482f61d05930dc5

      Download Submit

    • C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\ Intornot Exploror .lnk
      Filesize

      1KB

      MD5

      8ae843980e0c951fabc0727ad3450b74

      SHA1

      3d311845705b48493c69f73bb0c2e1220fab3340

      SHA256

      e190831ef29787297b8fb3113292d588b80a3572cfa41c42bbac300ee02ef185

      SHA512

      fd1a92ab7f10ed25ab12c5a8e4a46de59bda8691947923a30c6782b53d4cfb0eb29c73fcbc8acf9ae6c76c64a713f9a8581991ec39d44c6cc2490711e8a80dca

      Download Submit

    • \Program Files (x86)\jishu_251811\jishu_251811.exe
      Filesize

      1.0MB

      MD5

      e2590fb7bac27dbfa512820e9139f28b

      SHA1

      209d8d0b77c7a8863a3c68464ce47f6a3f00d454

      SHA256

      4369c213390dd318aaf57b841e338f0b781b16e61713c39e3d961d6065de1821

      SHA512

      a6b8cdac512c2d05eb2270f8b4f64248cc177785acbd8d4f0ad725acdd2c894f639e7e7259066a8014a79d69f213812dc09793a2bad7a3d6bd9a511f3ee57223

      Download Submit

    • \Program Files (x86)\jishu_251811\jishu_251811.exe
      Filesize

      1.0MB

      MD5

      e2590fb7bac27dbfa512820e9139f28b

      SHA1

      209d8d0b77c7a8863a3c68464ce47f6a3f00d454

      SHA256

      4369c213390dd318aaf57b841e338f0b781b16e61713c39e3d961d6065de1821

      SHA512

      a6b8cdac512c2d05eb2270f8b4f64248cc177785acbd8d4f0ad725acdd2c894f639e7e7259066a8014a79d69f213812dc09793a2bad7a3d6bd9a511f3ee57223

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\FindProcDLL.dll
      Filesize

      31KB

      MD5

      83cd62eab980e3d64c131799608c8371

      SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

      SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

      SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\FindProcDLL.dll
      Filesize

      31KB

      MD5

      83cd62eab980e3d64c131799608c8371

      SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

      SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

      SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\FindProcDLL.dll
      Filesize

      31KB

      MD5

      83cd62eab980e3d64c131799608c8371

      SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

      SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

      SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst2B18.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      254f13dfd61c5b7d2119eb2550491e1d

      SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

      SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

      SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

      Download Submit

    • memory/856-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

      Filesize

      8KB

      Download