Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    09/02/2023, 10:47

General

  • Target

    a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe

  • Size

    1.4MB

  • MD5

    487650228b28c84c13d305280bfcea7b

  • SHA1

    7b62228e19cab4222b351422d1485705b0e9e255

  • SHA256

    a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781

  • SHA512

    9942a65446761e9a27b29d24982c859fcb31849623e348dcf1a1aac879bd56737b44b5b0f80df6a9db52a66510e8c75c58c33bdb5638365378ebd6eb7ba64654

  • SSDEEP

    24576:JHPn34MhTCilQoR1Ke2xnk6c/gfsGfhyQemrNDgPUzCgnextHWUziJm4IFMesbTK:RP9RbGGc9eTYmEbTrL1OImr0Imr+pYZP

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe
    "C:\Users\Admin\AppData\Local\Temp\a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe"
    1⤵
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1304
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x57c
    1⤵
      PID:2032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:892 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1148

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

      Filesize

      1KB

      MD5

      2cd3cf7aa6b7a0ac7fed4b19c2dc929c

      SHA1

      dd555788b684281337f96b84eeda2cac7e601932

      SHA256

      3d78efeeaa268e61ceb0ac843756fa16a08c2e09f00f04bc6d66c95c350191f4

      SHA512

      91e25a40f027cace3d1e50e9f68c73f39131227dc7add8011eaa77ec5d779825591dc3fe6d1bec5888105b4a0316828d7fb448a0888cbc7166371ec9b137ac2c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B

      Filesize

      1KB

      MD5

      f1cfb3bff3738dfe066b8c1ab6cdbadf

      SHA1

      095c3269653775729821eecf252a72110ea1fe19

      SHA256

      6c6eab72576626ba342486fd3d2a340b3b33aca8c2ee8bc310a5490b5ecddab0

      SHA512

      8034d2f75f1a660e1f5901b81d7b871c4cf0d756b7bd08223cef695ba10ee1494981f64f2320ed5b75f890145fb7b0849f8b58aeee70f70f7ca25cccf0f61ae0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

      Filesize

      1KB

      MD5

      89d094d810dca01b21f469fcd951b641

      SHA1

      8e5bbfe246020491fc4d25a6373597a1b3b9ba77

      SHA256

      c4d29724a6ce2af1da9a51fe67b4417ef715451d6bd787f28008fc251f05450b

      SHA512

      a6f1278d71eabea36b39b0c40385db748b70963ef09254df9ec24e4d18e17126e6088062b4b4acd1f1579a90320dd4de53ed99674c49cdb9b7571f82212cb0a1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

      Filesize

      508B

      MD5

      b46a5fd28addff3794c5f7eda73777ae

      SHA1

      e3b97057c38ff8327ceabb02ac0e8e33b642de8d

      SHA256

      d6efb6c48d3198f19d68077faa3e6a93feda8682eb563d3bbdcdc176589b25c9

      SHA512

      2e0b2a895cff5363e33467666e23dbbb978b94509d3b9a8a89ff432438dc7d6e5a3c12b94a213e43ee6bde6dbeff7b23414de5f78f8b217d1c3ed6a6df3c8e5f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B

      Filesize

      532B

      MD5

      d44fedb9d84740c089f060fa76c35ab8

      SHA1

      e0c34e0470fa5280ebfaa6a0398c8c6257627696

      SHA256

      a048f32288e0bd0d407960b88686e01f54e0918a1aca44e2a66b74b1240354d0

      SHA512

      051e8b2cc5c113b5a3aa810b7539155b62bf923c76f0ca2483f95684416e805d421220698e1bfa252b01d8a10b6f5dfeba9d44d649207f29ea829fe73d74c5ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      55b709a9eebd747183d5298702685ca7

      SHA1

      05b60e6009663e81cd0ce26e854fd9c1560b1abf

      SHA256

      84fd79afe051f87f19e96f935a5784c432fc2660f9d87f19122017d9fffeacad

      SHA512

      d9cbcc9565cebea0c74cd9a6037f23b71584cc6401981dd8afa826e98eb97e8a3fa856816c85e81f13ca25268b911a2f7fac513e64eea857aef09f5e9b388d39

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

      Filesize

      506B

      MD5

      092baf3d101fbf4b6c19f558796d73f4

      SHA1

      6bf573ad41f284066297737e3835b8cf80139054

      SHA256

      46e2d34d03dfd2e19e18091209656d1efc214ba9a41ff3016034dfdf8f5d6d20

      SHA512

      9b125333cde380ebf73968bae565534e1b657fa5660b5662d7c72dd88dce2424d4b4ae4ba90f19100dbab527e32da1b71bdaf4de5f6672f9fbf12dc4291a94e5

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

      Filesize

      5KB

      MD5

      aabffdc80e90eb81f9f2012abd478a4b

      SHA1

      6da203087c0c7c70e3df85e0d2845805d3164f7f

      SHA256

      36434be775924d98f3233f056823d3b48124b5bfe57faa6b63e2ff410ed40824

      SHA512

      0109bcbb7860278a29a6a1894414549f305c06d076561c95cf7e106c31edbd783b01638f0029af3772791279274de3230cf56e0037b735f0afec108a55b03ac2

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9P263H93.txt

      Filesize

      92B

      MD5

      627adc37db9733412bfbb898b1b28970

      SHA1

      4a677dd88b1fbdf0d87d5ac9e4d48cd4065776d3

      SHA256

      fe4eac332d81ce6092125589feb9d53e8e2f771eb742c28c01b44131efbf9235

      SHA512

      40e6578127beaeebed81167e5ffc5942bbd9812a17d3f35f43335421aba97c2d00e3146d7219cfb91cb622989f7f985bc1105906e5ea093902d7b55f10405045

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I8WRFYPK.txt

      Filesize

      603B

      MD5

      2b82b598ac3463df232a6bb09767cb16

      SHA1

      e737a49f1522b1b1660971c07a21eed7b2e2cfce

      SHA256

      d6454af15656ba3f7e7fa1e0837a3524d88ea53adb1c1c8d8d479f58ef64a3a5

      SHA512

      3ce8ed1be08bc70abc36ab6b23e35969d3d69b033f58b1c7c9e959bd83f16614f82a534e349e069c9af3eb8b503bf694578163a3f9080d89df93f5c8e1c66085

    • memory/1304-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

      Filesize

      8KB