Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

launcherfu...00.exe

windows7-x64

8

launcherfu...00.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    62s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcherfull-shiginima-v4400.exe

  • Size

    5.4MB

  • MD5

    c3db052da531710367faf5e011475715

  • SHA1

    46f599e4e1ece582006739debe0a522925a9cd13

  • SHA256

    7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

  • SHA512

    67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

  • SSDEEP

    98304:qpTJ89MMbcZsgsDlilods/txVGHTJKsTnEFnAzvDfBzXEYNsJ5Ono:aTm9MMbcFililB0HdRTnEFnAzlEQsJ5H

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4400.exe
    "C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4400.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1896
  • C:\Users\Admin\Downloads\JavaSetup8u361.exe
    "C:\Users\Admin\Downloads\JavaSetup8u361.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Users\Admin\AppData\Local\Temp\jds7123785.tmp\JavaSetup8u361.exe
      "C:\Users\Admin\AppData\Local\Temp\jds7123785.tmp\JavaSetup8u361.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    c74b9af3d6411715572f207cb1460251

    SHA1

    59858bf060791f509599db648a2abc44a52900a3

    SHA256

    a97a05517d57f8b6411280e12c5ba17edbc8a8e09d6c0e27b949144c603a620b

    SHA512

    7fd69f09e6b303c08d127c261e78c0925642f1c04549d04369a641e0c9ffa1b029984b6c41d8a694186a49a53326d3e8042593b1cc2ed36374832c75bcc0ab62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    377d46a17730914bd41dfd584f717877

    SHA1

    e6c04ae50a86858349688820d4d9f191c8675cc6

    SHA256

    80c141c67106337992832b0f16b58930bc6feb987d9329f0b31086e37d6551f9

    SHA512

    64ef0b125ab5459e80fdc70aa392e4900b2dd956fe0448ea7bbb2ee4a49b19b777d3dfac93d98d7b6c8c1b98c99df9ddb40e4223e56644f61cef3bcaa79cd341

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    430B

    MD5

    aef13fb4c5d9e86e0bdd4b2f3d0fe92d

    SHA1

    007d6125b4afc94c069da1657c4b1be70f6c820d

    SHA256

    7e81764e35d589b402f7258f018876fef64f4589035043c24274f9a9c63f99ff

    SHA512

    8727196194cce637d67b631784e432f2a585db40cd1db053db6e7ed412a3aa5eb5a7ced10655146aa771a4d8044b235c441fc4e38c6297ce48a06973ec56a411

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    5KB

    MD5

    f83be8a0e104ddd89942a6e71d84286b

    SHA1

    5154c81106d4218a62d0fb8b95b8a4bfbacb7e74

    SHA256

    c4f97221cceb8ad3650bd39273b733cef9c06159543ad30e03c82c0271ab863f

    SHA512

    3a435160532b2d530025f1c6efe5b1e127e5b5e54474343089021ab71188f0ca606e4ee81cc3cdfd5f323b28a10610add7bc0f5ddfc57e18fdf9752d37c48886

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jds7123785.tmp\JavaSetup8u361.exe
    Filesize

    1.9MB

    MD5

    442dcacd62016db76c61af770301626f

    SHA1

    1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

    SHA256

    8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

    SHA512

    3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jds7123785.tmp\JavaSetup8u361.exe
    Filesize

    1.9MB

    MD5

    442dcacd62016db76c61af770301626f

    SHA1

    1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

    SHA256

    8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

    SHA512

    3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jusched.log
    Filesize

    1KB

    MD5

    c215a25b91a7e72b335c6b1a125c0a8e

    SHA1

    9362afa8b043895abd6fb497e4ca98952e2ae719

    SHA256

    33602f69ec7e94dfc39868a164a42abdce31a309c347c1ad117d4c163842d9fd

    SHA512

    4bd0c65bde3a0f8c434ce288529321bbd2877455927bb5050282e5c7ad6da543f44a8063aa6de69d4af52286aa80014ffc3df3b273334c7ec7409788562a2e62

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CL4HE160.txt
    Filesize

    512B

    MD5

    8d232c85ea7d19ac085625d3e0aa8563

    SHA1

    1c9da6480c7976746796d14e2b67594d7e6050ab

    SHA256

    f1d7f831ec8c7545f596b1bff82bc3d8a406b5e65b370741578eb1b2d41dfab8

    SHA512

    9e88ed176d32966bccf2d335ec8407245294ca78b2e0d6c1eebd8a85bb0fa49e25ae5f9a7bd4455b96534765ffb65879a35c12e9fc04c7ddf607887c8dcf5182

    Download Submit

  • C:\Users\Admin\Downloads\JavaSetup8u361.exe
    Filesize

    2.2MB

    MD5

    d3809baddaf7b1e7d94484160043328b

    SHA1

    e1979f5248d3b20858b11386ce22b1ccb0a9bfb5

    SHA256

    e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079

    SHA512

    96350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6

    Download Submit

  • C:\Users\Admin\Downloads\JavaSetup8u361.exe.ff96zge.partial
    Filesize

    2.2MB

    MD5

    d3809baddaf7b1e7d94484160043328b

    SHA1

    e1979f5248d3b20858b11386ce22b1ccb0a9bfb5

    SHA256

    e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079

    SHA512

    96350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jds7123785.tmp\JavaSetup8u361.exe
    Filesize

    1.9MB

    MD5

    442dcacd62016db76c61af770301626f

    SHA1

    1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

    SHA256

    8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

    SHA512

    3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

    Download Submit

  • memory/1808-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

    Filesize

    8KB

    Download