Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
Instalador...ia.exe
windows7-x64
8Instalador...ia.exe
windows10-2004-x64
8Instalador...os.xls
windows7-x64
1Instalador...os.xls
windows10-2004-x64
1Instalador...os.xls
windows7-x64
1Instalador...os.xls
windows10-2004-x64
1Instalador...ia.xml
windows7-x64
1Instalador...ia.xml
windows10-2004-x64
1Instalador...te.xml
windows7-x64
1Instalador...te.xml
windows10-2004-x64
1Instalador...ta.xml
windows7-x64
1Instalador...ta.xml
windows10-2004-x64
1Instalador...do.xml
windows7-x64
1Instalador...do.xml
windows10-2004-x64
1Instalador...do.xml
windows7-x64
1Instalador...do.xml
windows10-2004-x64
1Instalador...or.xml
windows7-x64
1Instalador...or.xml
windows10-2004-x64
1Instalador...as.xml
windows7-x64
1Instalador...as.xml
windows10-2004-x64
1Instalador...as.xml
windows7-x64
1Instalador...as.xml
windows10-2004-x64
1Instalador...ck.xml
windows7-x64
1Instalador...ck.xml
windows10-2004-x64
1Instalador...ja.xml
windows7-x64
1Instalador...ja.xml
windows10-2004-x64
1Instalador...do.xml
windows7-x64
1Instalador...do.xml
windows10-2004-x64
1Instalador...as.xml
windows7-x64
1Instalador...as.xml
windows10-2004-x64
1Instalador...ia.xml
windows7-x64
1Instalador...ia.xml
windows10-2004-x64
1Analysis
-
max time kernel
99s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
28/12/2022, 04:39
Static task
static1
Behavioral task
behavioral1
Sample
Instalador SisFarmacia V4.0/SisFarmacia.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
Instalador SisFarmacia V4.0/SisFarmacia.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Instalador SisFarmacia V4.0/Software para Famacias - Archivos Excel/Categoria de Productos.xls
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral4
Sample
Instalador SisFarmacia V4.0/Software para Famacias - Archivos Excel/Categoria de Productos.xls
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Instalador SisFarmacia V4.0/Software para Famacias - Archivos Excel/Productos.xls
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
Instalador SisFarmacia V4.0/Software para Famacias - Archivos Excel/Productos.xls
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Instalador SisFarmacia V4.0/src/Reportes/Categoria.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral8
Sample
Instalador SisFarmacia V4.0/src/Reportes/Categoria.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Instalador SisFarmacia V4.0/src/Reportes/Cliente.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral10
Sample
Instalador SisFarmacia V4.0/src/Reportes/Cliente.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Instalador SisFarmacia V4.0/src/Reportes/ConsolidadoVenta.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral12
Sample
Instalador SisFarmacia V4.0/src/Reportes/ConsolidadoVenta.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Instalador SisFarmacia V4.0/src/Reportes/InventarioValorizado.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
Instalador SisFarmacia V4.0/src/Reportes/InventarioValorizado.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Instalador SisFarmacia V4.0/src/Reportes/KardexValorizado.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
Instalador SisFarmacia V4.0/src/Reportes/KardexValorizado.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Instalador SisFarmacia V4.0/src/Reportes/Proveedor.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
Instalador SisFarmacia V4.0/src/Reportes/Proveedor.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Instalador SisFarmacia V4.0/src/Reportes/RComprasPorFechas.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral20
Sample
Instalador SisFarmacia V4.0/src/Reportes/RComprasPorFechas.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Instalador SisFarmacia V4.0/src/Reportes/RVentasPorFechas.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
Instalador SisFarmacia V4.0/src/Reportes/RVentasPorFechas.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteAlertaStock.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral24
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteAlertaStock.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteCaja.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteCaja.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteCantidadProductoVendido.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteCantidadProductoVendido.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteDetalleCompraFechas.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral30
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteDetalleCompraFechas.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteDetalleVentaDiaria.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Instalador SisFarmacia V4.0/src/Reportes/ReporteDetalleVentaDiaria.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Instalador SisFarmacia V4.0/src/Reportes/RVentasPorFechas.xml
-
Size
14KB
-
MD5
5c0fa0ee9e0a85ed9695ce963fb337f4
-
SHA1
a087bb76c9dfc709c32565a9fd5eacd040af2da2
-
SHA256
51fd99c2c85ce3e18b9436334d30141ff97d96831b6937caf6d0d5815e4dff25
-
SHA512
975c5c108a0292308dff742516e9a3246ec0628a4fa5726313933097a757258e2a27a34ebfeb02f12eb85c3a8858b9b5c5bcde14258187237a14dd890908cb65
-
SSDEEP
192:tL6RDwDuDlOwDy5ydsM/0Qx9WHl1Yv1Yd1YMVoH5CR:tLmSAkydsM/0Qx9S9G5CR
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000636d9749e3e0a380727ac7dbccceec00163c1791723e992e0bbfeb1ad504e2e6000000000e800000000200002000000093525796f4aacf7370f70db8caa83c5b838a5b5e40ff622349f5d2e195d0ba6f200000007a12359eb5296caaf828f7ae6811af16e88e0437d0c397ccd653a77ad1a5392840000000c6b9c8c27fcebaa8a3dfd81ad0ef24f76ac1e4d0361fbd288959bc109429a3c84da05aeff5200411878f0a5a1b090898c40963887acbe11e65140ae728a211c2 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378971087" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{541F4AA1-8672-11ED-A843-F2E527DE56F1} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ca5f2a7f1ad901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000989722a1252defaabec3256e52eab59d1d9988fd343d65c5e54f7b7f23b809f8000000000e800000000200002000000063c126fd14ff3e88903a61dd0bf84ee1c64e5bc173e4dfb2c44a67c0825b2888900000001cc9d10b1a9a73a4d4cc23aaacb159654f5625dfae81787f3f350b8017fbeb30e928a009fabe99b8f9b4c67d805ff2deb076f5ee0d1b4df523792d7ef948e6c0cb3a22603fd92db9b08b33a96da210b3ed2a54abda0a61b45a14ed74df37af65227fdb9421d363179465f1e1419db2b3083be605e0e09c64710d309243cddb4a3aa557f06a4e1b8f639baf7c1477478640000000cb0836ae5a91ea7bfaea0bc02caf8306ee518c8741d29cb30b1a1d254a6ac671d4efa4c93872eb2335b6f6f53a6d569585d8327d15cf56eb17d49b870389f3d4 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 544 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 544 IEXPLORE.EXE 544 IEXPLORE.EXE 1004 IEXPLORE.EXE 1004 IEXPLORE.EXE 1004 IEXPLORE.EXE 1004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1780 wrote to memory of 588 1780 MSOXMLED.EXE 29 PID 1780 wrote to memory of 588 1780 MSOXMLED.EXE 29 PID 1780 wrote to memory of 588 1780 MSOXMLED.EXE 29 PID 1780 wrote to memory of 588 1780 MSOXMLED.EXE 29 PID 588 wrote to memory of 544 588 iexplore.exe 30 PID 588 wrote to memory of 544 588 iexplore.exe 30 PID 588 wrote to memory of 544 588 iexplore.exe 30 PID 588 wrote to memory of 544 588 iexplore.exe 30 PID 544 wrote to memory of 1004 544 IEXPLORE.EXE 31 PID 544 wrote to memory of 1004 544 IEXPLORE.EXE 31 PID 544 wrote to memory of 1004 544 IEXPLORE.EXE 31 PID 544 wrote to memory of 1004 544 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Instalador SisFarmacia V4.0\src\Reportes\RVentasPorFechas.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:588 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:544 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1004
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD51da405349087e593660570cbcfcde1c9
SHA11ba13121ad9d153143c43a1325d42f278fcf0d87
SHA256eacca3c1e938e88cbabaf5dd7e92bc65016c0a3783185f611facceb341c126eb
SHA5125d3962a663a3a8c1264ace22f2dd94fae2aa53c66e73b539605e460d892ff515abed510ca9f2cb7b7701414c95358016157dad567077a0278002fa4c3eda3514