Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

e19e7d9505...83.exe

windows7-x64

3

e19e7d9505...83.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e19e7d95058ec766f496866a0f1a1795850bde4790c0879076f8779725d0b683.exe

  • Size

    790KB

  • MD5

    e2dffa0d241d6b5d576471731d35856b

  • SHA1

    c549c711d4512dda209509330a3a80772ded1d46

  • SHA256

    e19e7d95058ec766f496866a0f1a1795850bde4790c0879076f8779725d0b683

  • SHA512

    1c2a49081879da7f6ce1458d999091e3dc74c3d0c3535de3cf9426f346a6bce22ac106e6efb32c0ea884393bb84525a46d8fe079d02f63ed46707fcc68388807

  • SSDEEP

    12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXo7t:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6oZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e19e7d95058ec766f496866a0f1a1795850bde4790c0879076f8779725d0b683.exe
    "C:\Users\Admin\AppData\Local\Temp\e19e7d95058ec766f496866a0f1a1795850bde4790c0879076f8779725d0b683.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=12
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1152

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    471B

    MD5

    1b52bce0d5eb764e6a9161d387192246

    SHA1

    1a0afca76a2048b7ef3ff2616ad75630a122eef8

    SHA256

    b23acc86950aec7879e44da217352e74407d4016ae3f1b3ac11d06cf6f316578

    SHA512

    edb07a8a0f23baa69893e8fdb5d9065d5127171d65f61647ec33d8cf021009029105afa917945880d434ce0e4483f70319fc500fa762a97d991d68d464ef0141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    471B

    MD5

    8e94c67afbc8bc5bf72cae2b7112acb7

    SHA1

    a43bc7e3997d1e2a791baf773db98a0ebc753b7e

    SHA256

    5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

    SHA512

    a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acc4f1579546d0aa8d3456e0b6207abf

    SHA1

    e6e578d982ff8de1ffc2162e87c4bc862c484c9a

    SHA256

    f4bda97383f6263c1b6bb5f76ab506b270fb18d5412beab48b0310e887000d53

    SHA512

    7b38cc678cebba2e7586a4fc632db52fc41cb7aa2f36d9d800b0998c8cc95e014d1527d8899cd2a65cb38c42c4ac69bc632a189d2473da06760ab963e6e91271

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddfe41c033778a759e92f8f0478abed5

    SHA1

    a91305666976eaea50670263c9c22d0039ab34fa

    SHA256

    4e42cb9f883346eae61c4f582a500651bb32ce6c2532bd2916526ba9619e2c91

    SHA512

    337936306f7f6b17915a75e51eba630b9aefb9462eb46596e9210c748bfe33d30d0db4a02548b776b2bd07b938d290f47d7a3c36724ed489bb0c3419e20066fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47063782aba0259307fc76147da16aea

    SHA1

    3eaa9c424555145121ac5c9f0d3a2545cbf55652

    SHA256

    35324a9bc3f43cf4ddd9d83cd21e3832b0f516919d05316b649f0977139cf4e8

    SHA512

    4280477d08196f9cad2dee67c55e943c3ff66f1d71cb452b53adec6eabd5f66c5b569a14ad086caf4a68f275b6317880888786336381e2c3f47831d9185dc07e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9132ef3b7c020517a5a942c0a5052c9f

    SHA1

    03f232aa22c06344b558f5ff19314d6217d83809

    SHA256

    aa1aee936261d0104a513b97b58daaa1ce9387a517e49be36ee0fc555f053125

    SHA512

    31cf207399140a938c7ea9357e44b32382f626ed83dc88b8a279d02daf0c44aaf98efdd06bd40cae7fb31a27761096d6c0e22e00d02dce1d0208e9e3eac2e039

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    424B

    MD5

    de4035b5ed2f020e593666bf7e81d8a9

    SHA1

    4acdf7b1503d07a3186f803dcefb294b1b02f308

    SHA256

    82c876ee93f09a7c2f70e753ae4bbced22201e1cd09cd4be8cb2c764c9d2af07

    SHA512

    4ce557660b405bd7295fc3ef4a95e52d8274507388736c760b73a3ecea62d983f78d311ac1ae538173bea310a8a68fc6ca0c46a58f4c89023311b68aa5ed6ec4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KO0MIAQB\ad.oneptp[1].xml
    Filesize

    137B

    MD5

    ac89c1f118e6d5e71ebc61ebc8dd2a82

    SHA1

    b856c4c2c8011b2686eef3ee34f7521ba9a0d209

    SHA256

    fdf543f1e38f442c8bcded43685ceb03f19bb678bc52e16edd66dffba43bdab3

    SHA512

    bff9956dce52f1e675f3f48faf89b4e12a66f8c53dd8d3cb388882ee7e624f9f67154cd198168bfb6c143042a75d48f162665f93b5170ba6e5cf2426276f7cd9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
    Filesize

    8KB

    MD5

    b03b257957f878743ba91e2ae65bbcd7

    SHA1

    e7b4211cbb2cb6b7aa115ebcec26e5d70c4107ba

    SHA256

    c5e6fc1a464a3b97fa20bd21668cc9590e05398adac6f2948c684f46485c4c00

    SHA512

    01849412ef19792991e0685c2bf859f80f9071dac24e65142c022c021c648e6b5e46f7f476d4c291930af58dab3f36847d1a9fa8891ecfcef01e37ccdc8ca781

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\2.3[1].js
    Filesize

    84KB

    MD5

    c0dbffd0e4a955e6e5839d7b34403e08

    SHA1

    191e3c0e8b716e11a2ad8c3181ee616bc8d9b6da

    SHA256

    86db8e690bcf18e7a952f4ed85b37efa8404d377d309e5d22878f44b2ba45b9e

    SHA512

    a8eb96bdc200d535adc6cf0da942c1ddaad83dd93fdf8f6b6ee68a29d85602b50097b04c7ac4c67d029d7baa8a3584ed4ac4026163ef49dec4c39bbd84f8cb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\favicon[2].ico
    Filesize

    3KB

    MD5

    baaf7611a4a89d0821822dbc61cd85f3

    SHA1

    20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

    SHA256

    da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

    SHA512

    2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\iwt-min[1].js
    Filesize

    23KB

    MD5

    be15dd4e71a35e54bb29d50dabe457bf

    SHA1

    519c2efffe3158379f0c6d21e75a7729295bbab5

    SHA256

    a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

    SHA512

    e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\a[2].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\flow[2].htm
    Filesize

    10B

    MD5

    e9767be8092050427ffc3a2f1d4b3b7b

    SHA1

    1f83ceee4822c97db8fd9ac8bd150bf441f826ac

    SHA256

    9c28a83690b8fc6015bb21b820735507402d8869a7bae78c3133bcaad8622433

    SHA512

    1cb81f712ffc7e80783c440b56ccf8e58b151e1e88b18a590a6a7ccee9f21f2fbae28d2411f81e746e72a40dddbf6c4514b70c65d7f49492d3c464d8c62e4e4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\616_htm[1].htm
    Filesize

    242KB

    MD5

    07b76a9119bea5649a1df7658e7bb83a

    SHA1

    4ab4e0cb7e1f8005d2dda70c20301368d8119455

    SHA256

    64e0a24d129c9c670261f923a62a9e7f8d5ff56f795b957df2ff43579b8ab2c9

    SHA512

    90386c6bca81060bb80820e0ae94897465b1a475ccf323b7df7e86cf8f615ca75861b13824944850c57cd82972100d928875663771f5777ed3765ff6a86697ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab21B5.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar239F.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FL88DWGY.txt
    Filesize

    604B

    MD5

    7e0d3d22895b2e22a31e0a79777f951d

    SHA1

    135071d3c958c485360dd3a982de86e1fa1f3e1c

    SHA256

    5a07ec51556c3522ade6139d4c56428910879d26c02347da3fe0f6a148dcc1f7

    SHA512

    5e7a23286daf70e240cb79256612162ac0d8f4347de5e1fa3ce303c0289f29e876afeb03337e8151915264abde8ca076854775309c4998fb938f1dcb839ebcd8

    Download Submit

  • memory/912-77-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1152-78-0x0000000000620000-0x0000000000622000-memory.dmp

    Filesize

    8KB

    Download