Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

05c4786785...84.exe

windows7-x64

3

05c4786785...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/12/2022, 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe

  • Size

    2.1MB

  • MD5

    c52647ff2d65fa34d8535d6a266d4c5a

  • SHA1

    2e46f5f175c5f2c3ba4d677cef7a445c6c9409cb

  • SHA256

    05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384

  • SHA512

    916a914c02b577f09409b6884dc6de1f73d3a5ad4f477cea3e48c2dd7d01b5bf7f32229892cc7ba2e4cf3302abf3290c026f0581798094415d903d9955f3468f

  • SSDEEP

    24576:NNEafdv5ScLw6zKGrUMR+UJTjB4uVLVMDV9H8wAZjKwKUXSPJyoR2xKjEis2KNs4:N+alvf9UMbjBpQVO1Z2wKUwyoMIlP5Gn

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe
    "C:\Users\Admin\AppData\Local\Temp\05c4786785552e050d87011064b4818277ce225f937e096668dfb7a3dce38384.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/1052260930/infocenter#home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:540 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:17410 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1160
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3388 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1876
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://v.youku.com/v_show/id_XNTg0NTU4NDg4.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4392 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    779B

    MD5

    a9c215c05cd31f00e83d8d18a1dc3039

    SHA1

    e61e665b03cfc75962ef1675df46820d5d765d65

    SHA256

    eb05cf7e5848a5584ce913039edd6a84da48e2234e61b4fb583fc59efe7d0b25

    SHA512

    7a915c48cd4e3595a1a4d20b38861031c24eb494dd1a3e6e9b2c60ef76c7894f1c989d6546d8adc8bbfad7b8d58f6d8b6c2e57d34973c36a9f5acce876cc29a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    8b90c80540ac0b7f86a00f00c7adb0e5

    SHA1

    a83d1a28ce3a71303dc0eb7359182812d74539c8

    SHA256

    47d6c62ae69a38a716da5db2d4b4c95193dc1dcbebef3c55dea8c0cfb13ea256

    SHA512

    546494549dbf6e3c8fc547c3269a3564c6ba6e34ba66df238f31f6b53a35f9b46f5973deb38c7a686ee89b484b95cb0be1c4b49b5c771d38d80d42eb66885cd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
    Filesize

    1KB

    MD5

    1519171ba0e9b6aabdd22495c93b43f8

    SHA1

    da916b57522c4c4cbac2aedc3354bc6c69a56270

    SHA256

    dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

    SHA512

    7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    246B

    MD5

    9b9375615ea260b5ca8a7015dafb9c2f

    SHA1

    450bc6eb8ab7ba73404f085877ec8736999c3e78

    SHA256

    8163e332bf71779e249bd9981ffe686f0ef3522f33ab0e283368cb666b4381c2

    SHA512

    aee3e4606bad2820586d9927cba39593bf6f5b00966c886da229e7f63d9fcc92bc3e47f3c3c6eca1ac21c0789b538983a44110f237ba5765f5fe15388c1533fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    679993550dea680fee5a45ab8cb944eb

    SHA1

    5b2792f7b851cb088ee55c77af69657426b15b11

    SHA256

    87da4d5e146a5d2faa00b30330c5752a25f924996cb098e28dd5668ff1d4529e

    SHA512

    6acd72dbb2436dc345497a0af2656c23c9795404a76456212c49ddc7f1ae7d21d20f40a76253d0d3b1164a55db60f8675cf9df168098b96860e772cc5fcef73c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
    Filesize

    186B

    MD5

    d4d467709407dfd556c466550f8fc97b

    SHA1

    6203f7363111f3d486b645b6081aa79d17eae69f

    SHA256

    0ba3c2e58b70b37431c904a406ce1fde81b979ab1386f90083f705c15b096725

    SHA512

    ecfa6d61e45ce8d6884f5ecc0f8c2c015a982ab9f68379d7c82c2a5015bca6baab250fed22e52d16b43c7a0616f4fb7da70235032a7fa4f39c23232f26de06cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2009F466-7987-11ED-89AC-FA09CB65A760}.dat
    Filesize

    5KB

    MD5

    e786ebd2f4d506934795323f1c25d4a0

    SHA1

    cfc6a8b6c07535fb8d000eb27ed9e874f2ded395

    SHA256

    d72b33fab5f55b886f692aae16c7eb7e54ae9690251259c52a280003f99d6a0e

    SHA512

    ee29f72f44c496936c21118568026a00940773ca89932002d762de637520c118b5d6a90e24feb1d3b09bb5bfbb84a0074e0fcb64a93e3594c08fbfb2a3937fff

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{200C4F5D-7987-11ED-89AC-FA09CB65A760}.dat
    Filesize

    4KB

    MD5

    3456b7f7d21a68867cc07bfacff5f841

    SHA1

    fcca36f7217a99bfd9f951b5b2098c81fdfb75ed

    SHA256

    96b3afc3cc5a1a9d5c268d85441b775eb6f4bcfe5356447e8ba7343f1c7586c3

    SHA512

    044d29a7614fac26e77b37ec77cc5543bc1f61bf66ff8f3d3a15fdf542005e41269dcc6ec9062b3a365f111a3509977f8c038da8d0734e014f987c1c1fc6a052

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{200C4F5D-7987-11ED-89AC-FA09CB65A760}.dat
    Filesize

    5KB

    MD5

    c64e73fb988a8df4e293ab3a01e402e9

    SHA1

    edb93abad3832be016c28626a31d2c9eccc2e5a1

    SHA256

    4a484a3e2920b1f436b6a9d16d4e6e73094a5b884c3f9573143147c5764b2d22

    SHA512

    fec14cffe0929f7bf44776a388e8fcaa18912a55efd55575b0ea095f63092750531a986ba0aefd8afad87ec06fa7b1c3c9aae9f31efd78a839f06587f12b51e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{200C766D-7987-11ED-89AC-FA09CB65A760}.dat
    Filesize

    5KB

    MD5

    04cb4d15eb021f867cd79fa741f0af6a

    SHA1

    9961c70effe51eef275a319fd8762fbc774b3ac2

    SHA256

    16be737df2d34a1de9fa028ef3c201a22a9f4f4530aa917144b06426f5ce780a

    SHA512

    8195bdfa90e7d55fceb1c10d4fd55cd014895a87bed82ea257c9cf69c5884f8ee6ebeb9d40698b7749163548fe5b82a15092399f17bfb30ee376593f268f7c2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat
    Filesize

    9KB

    MD5

    83cd9bf3a7cd7c06aaa657c7f793b909

    SHA1

    440220ab53df5fa3b34e183a9da2cf10f6df14e8

    SHA256

    b864226eff553b3bbe37a30e8bb843c323a5dd7e097c1b188592cb4faa2ecef7

    SHA512

    13fabf3af04ae9be4709c8796e5e6df54eb10b801b5df402a611e6a66f139a396a93ffc90d2e40b3ffb73b93d4cb816a092d6715c81dcba64899d4aee87fc9cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat
    Filesize

    15KB

    MD5

    6fbe46d618a699b9c1942c85790c0ec0

    SHA1

    9631bc4b0067ec61487d1f48cbe6800add04fd4c

    SHA256

    1896f50f757a229bbbf5574aff56a5a8b8c60adb9724318547d4d0fdedb7cba8

    SHA512

    75a6b0900d6ee589b6f8efb84b96cd591df412735813f55f92d5b1f1521956b4cdb4bba19a5dfcd96cac58cb8fa80c9e57017f6d1481db65671c91abf44dcba4

    Download Submit