Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

05c4786785...84.exe

windows7-x64

3

05c4786785...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe

  • Size

    2.1MB

  • MD5

    c52647ff2d65fa34d8535d6a266d4c5a

  • SHA1

    2e46f5f175c5f2c3ba4d677cef7a445c6c9409cb

  • SHA256

    05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384

  • SHA512

    916a914c02b577f09409b6884dc6de1f73d3a5ad4f477cea3e48c2dd7d01b5bf7f32229892cc7ba2e4cf3302abf3290c026f0581798094415d903d9955f3468f

  • SSDEEP

    24576:NNEafdv5ScLw6zKGrUMR+UJTjB4uVLVMDV9H8wAZjKwKUXSPJyoR2xKjEis2KNs4:N+alvf9UMbjBpQVO1Z2wKUwyoMIlP5Gn

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe
    "C:\Users\Admin\AppData\Local\Temp\05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/1052260930/infocenter#home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:976 CREDAT:275457 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:364
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1616
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://v.youku.com/v_show/id_XNTg0NTU4NDg4.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1808
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    1KB

    MD5

    8eabc90d575606d9d653bad2c5c42c33

    SHA1

    ac5cd4799da1090ba15482f79e33db440981c71e

    SHA256

    cfa55662e31a71c0873c18223696d5317e01e9f1859d40a4c317f02370f980eb

    SHA512

    81aef1604d79526b85b0f3d1c08d2e203e5b5b41945d7e61341200dc94a490512cb9a9282d93ca320d0d67db5f23be4af7208efe2716b1bf84aba296d8249b8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    c71c958d7b527158c617f986e8b56558

    SHA1

    b1e677bf1350a02a4940090ce6b9e83adc0f4866

    SHA256

    bbf3cc4514287cdcb4ad6d5b3951450e2f0b955fa7fc219db1b9de1fabec1af9

    SHA512

    d57779ef355b6a19218dc698ab22bd9523a9bbfd71dbc6e9f86dc909f4214beb5cebbf1eb75e5025d019c157c7e454c644c747c9f60c4ab0c18453a6fcf98249

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    c71c958d7b527158c617f986e8b56558

    SHA1

    b1e677bf1350a02a4940090ce6b9e83adc0f4866

    SHA256

    bbf3cc4514287cdcb4ad6d5b3951450e2f0b955fa7fc219db1b9de1fabec1af9

    SHA512

    d57779ef355b6a19218dc698ab22bd9523a9bbfd71dbc6e9f86dc909f4214beb5cebbf1eb75e5025d019c157c7e454c644c747c9f60c4ab0c18453a6fcf98249

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    492B

    MD5

    360db649814c7b1ccb66223c425ada08

    SHA1

    eda62eaaf352fab4f7f9a3f5971e47f66f3931c0

    SHA256

    f67d738d90f7428715a87ef437aa1971dc300e63d0b6908d783b9cceb61a84c2

    SHA512

    355df22cf99315531027cfa5aeb5c07fa135fad064a0fcdf815db85df715249015b4db89b8c9dd1cbabf22714d87ad6e346dac430ab3c23952bc7777d1ac49df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02BBB011-7987-11ED-AF6B-DA7E66F9F45D}.dat
    Filesize

    3KB

    MD5

    26396e39339f9c3ba556a49676fb3465

    SHA1

    1d4981bd514c6c89de40d5eaf0fc8c1d781e087f

    SHA256

    f0219cc93edf2df322730f20b52d51a496445473b1600afc0f7b2249ea9cfa82

    SHA512

    606bef532f5cff0ee4b5979984059ec5ca24b10abf3df6240ab10543c37994a86f30e0586c9669bb05660780f2e413fddfa922c87a9f5e7e5031132af2b18966

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02BBB011-7987-11ED-AF6B-DA7E66F9F45D}.dat
    Filesize

    5KB

    MD5

    5165ccac99dc5f73e0953b1e6b8b8838

    SHA1

    93f37de139b44466611bca853631c1bea7c01f5e

    SHA256

    384ed21bb0cbb5d7d0ef18e40970b2afcf2c7dc0784d19dde697b4118e152630

    SHA512

    614336efcbd9676b4017a4962529aabfa8e8a0b94e6c8d56ba3b51be7a2754b37c24223893097fb54815c1c03c609be93aeb84c530fd9c7fae66161d3f851bda

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02BBD721-7987-11ED-AF6B-DA7E66F9F45D}.dat
    Filesize

    3KB

    MD5

    2137372afeb8106818baf4408af49355

    SHA1

    6972d28e6a7a47b23854fe0b4cdded6010e849ec

    SHA256

    e8ff7d5eae5ca028f2af0d0c551c31e15a509c27cddec22b8b577e33f2abc387

    SHA512

    d82bb9b5c2a0b2c86d78045b93e13d5215feae2165c9a4e3efe51686a57802bcefe6c55fc15d89726fb7f4989ba7803c823f0bd19aaa1de23007187e95c30b02

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02BE1171-7987-11ED-AF6B-DA7E66F9F45D}.dat
    Filesize

    5KB

    MD5

    d86293209cdc7a1ca1dad030b3cf017e

    SHA1

    d831b9d47540e32c692c724dcb7e79fd5179dc2f

    SHA256

    fde25e8edec0f1e39637f0819ddadc8a54f10f085d32328d6f4fe266002066e2

    SHA512

    40670457b79107067102932f736988291305ed5c44c06d8bce1104a529d448caaf29df26e91160edf48e21708af668088d744f484b79c096633507f974e225ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    13KB

    MD5

    c8289d94deb0797ec8a6f7cb3b0d522c

    SHA1

    c4ecde00ba742ab3e62fee32234ddedcef7705fd

    SHA256

    6d1a8c17c696879993fa6dd915fcd89e984c5e054f2e80f6dbfc228cdfda79e4

    SHA512

    79dc6b11228be6d4f0eefd21017f43429452b7d492c9379b8fb26a08f2f5bb749317149e90389d3c67dd4456becb0ed9226792a0dc511d4038042317d4a7be39

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    19KB

    MD5

    bbd5a3c69e3c95389e3a892868576e52

    SHA1

    4d4bd582ab962139b45129fffa3189855d6033c2

    SHA256

    e3816c407f682e45b92a5428efba2cf69a2f36298231d804c63463b3d85168d0

    SHA512

    396b377abb400e88a10b19c3f99e466c984dce3048b9bc261ee8f66fc4fff55f4daa2a967bfcfbbe5bcdbba8c41d9eccdab11c0fd2190168948ff256b3a8366c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8BT2ARHA.txt
    Filesize

    601B

    MD5

    26648ba6f0c8485b75f37542c0f1b3e7

    SHA1

    e23f97fae616435f38d2d634b93ed2a01d21040b

    SHA256

    8aa068068606758bb11cee42b380abce2446ebc9baac08bce704af3402e0fd13

    SHA512

    5600c8cd5c7cc6f36f92bd221ebe0b89853b3a1d9d90c3a817b9e5870f407132d11fd5ec2510fc58a0eb569cb8ad1aad2191861cc5cc9bd32ccbb4e67a5fc61f

    Download Submit

  • memory/1976-54-0x00000000754E1000-0x00000000754E3000-memory.dmp

    Filesize

    8KB

    Download