Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/12/2022, 22:15

221228-16b2vsbg53 8

28/12/2022, 22:14

221228-155yjsbg49 6

28/12/2022, 22:11

221228-14aq1sbg46 8

Analysis

  • max time kernel
    106s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 22:14

General

  • Target

    Xbox Achievement Unlocker 1.4.1.exe

  • Size

    2.2MB

  • MD5

    b31e4faa516447ada1d619b228bba545

  • SHA1

    1ae515c22cf51f10dce259c69456788bd3c64ca7

  • SHA256

    e6555cb6c0d1fe378fcbded709d1b4bd063fdb6a5c130b2572c00893a130ebd9

  • SHA512

    1ff2921966137b3c9ace78eb1ca2b26d05e22827d9f39ceb9f5b02c38490e9acf5faf91c80a76e7afac65dcaf3bc69dedae66bf240f5c0a29c471b2a8d59104d

  • SSDEEP

    24576:KXpb1zoC9C8jG254xWLIxJULeHA62LASkG4ZjPSduVNTpm7PppZy6o3qB7jW5JMc:KjsC9CMU6AA6PvAo3qB7jRtBohaK

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xbox Achievement Unlocker 1.4.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Xbox Achievement Unlocker 1.4.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.8&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:268 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fd60e5aa212401b378637ecc742a48a5

    SHA1

    70e2d77614dee27b9935fd74be1e72f129d22cb4

    SHA256

    581a15f935e84c4088172a04d461213d30b839688953428b6804bdb8aee676b2

    SHA512

    12e9b97657ad7af21db13eb9779d5cdd0f3667f602888cd385914f6fb84d3f1e39b898d6d198b7b3bc5312367b9d9c921381cba34e2e27266614021489efebd5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EAWUO89P.txt

    Filesize

    598B

    MD5

    16510c8fbb36b573aec2954230ae1ced

    SHA1

    3bf9cc1d7b0d28641b49886aa0894a54e685a6f9

    SHA256

    d501e046e9805de89bef7775676fdd13fbaf9d0c6dfb2f178c7303cd99bd3d6b

    SHA512

    50c044035725e58cf4deace7297a8a9aa36508088d1c9cc3dfc2d037d860614a069e1130b6aa46e8258922035d0ae583e5ac1498c194446ab23c75f83f967e3d

  • memory/1200-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

    Filesize

    8KB