Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

[email protected]

windows7-x64

6

[email protected]

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2023, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score
6/10
bootkitpersistence

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1756
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1960
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:976
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1188
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:672
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of WriteProcessMemory
      PID:984
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:540
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1160
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:816
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:908

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        61KB

        MD5

        e71c8443ae0bc2e282c73faead0a6dd3

        SHA1

        0c110c1b01e68edfacaeae64781a37b1995fa94b

        SHA256

        95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

        SHA512

        b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f78dcaacf4fa7916f9789a3e8b26fab1

        SHA1

        562df6f8c684e96908444e458983d06d98c982ef

        SHA256

        8d1e2cc4b61e6deed52cfe04a49226c9d7b8602ef5292fc3e8ef49e56d24c421

        SHA512

        8322aa41e691ea768c7a6a8159f1d73ebc6bc6360b1270fdc6dbe6d0824078e32bf4d808d0417d1620dc37d1756cd7c752be193d6e3e7aaa99cd2d2a4bce2e30

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        4682ebf782e326d31e3fb6e424805f69

        SHA1

        795912744f6e4bd38a14e3361de9e6cb7387d915

        SHA256

        900e447979741b3965a6054c343ffe82345ca31e1804b3155abf84f56236f2a4

        SHA512

        7b3b61994297b090d2adc1c7ff64a063d784c7e9dab43536aaf8aff294d3b73be76b79c84d27f6131ce99d6d4848c2d6cd13bfe63250ff3b1d929e362a54c7b2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d43c1abe57b0c53df766d6c72bccd2f0

        SHA1

        1d2ec971ca12bf91b8f539a470e2bdad080aa0b7

        SHA256

        ece1bd97b37a33ca24bd26c29ba1dd8cc2ba3917b24ae7f208c7f51fb96163ac

        SHA512

        cabb6af8a6f886a2da966bf8d1c22497e2490c1e6f9bc867ba8df08f9093a08605e4176b21ced3b0aba31b8046891b8a3903dca1a2f5cae5e2c47a21b666b86c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0d4badae0d2edba6793aeb5d40061fb6

        SHA1

        5f978eb891f3e837553a54d7d9c206d9650e51a7

        SHA256

        3c8348a5e4b3a230ad0d92fb44a9f4c1330691b9389fd557f13778c3bacc5187

        SHA512

        7dce606a458d232397a0f68d6ff258f87f9ad2bea55a0d06ecc56520bd61a019b72e92d55698547e392e4d383a14c9d4a22da4cbbcaae3efb73984605f424d44

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        38c4aed34a80fc3f781269f7f5a95ad0

        SHA1

        68d2525aa779972f2c9fcd1d1e0468ca0367571f

        SHA256

        897a2b38bc3c56eb1ac2145d56b25f9c45ffe91658cebd9dc8445425a62c89b2

        SHA512

        b18334e524306571cc882d86e25f2ceac0de42cd3d60e0c57fc20669ceeff435f50ad76b5ef5d34c0c7048579698094e345c466938355db6862403af3a0bd7c3

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f42ef8c3c4a506f25385d755f4fce11a

        SHA1

        366c2128e1a7a2e83546d8c2c6f04cb0db5d9984

        SHA256

        53b76ec25bcc41c22072f8d4a6eadc85e9c5a68252987d3fb5c28d2d66cbbe85

        SHA512

        a62e037d3a904c73ca4d3a43264bdc6dcc8a55bc1691e198e28c3e5eeab30f683f2b8430f285c8a6d7129156216c605b3cf6d76531faf5680e98a1d795f3b49c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7e9ad65a24a2673f7855e0e7537e9463

        SHA1

        2629c7075da960f653231cf8b454bf83b1ec43a6

        SHA256

        dc97289c0c12b6e9eddaa6cb31237237c87a59a3873214ef4f831a7ece21b381

        SHA512

        a9dbcbbe0b2c343e22f6f5201d2ac9b047b4a4fb3027deeaf5c0f4464eb3decbb92434c2ba7758953abe86b6c8a4519d891837453173326c6575f5c360d00782

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0ff250ba24d1493aaac77d85d4def08a

        SHA1

        fda8d390fd9a9ad6ce446f842f8160e6cd13d87f

        SHA256

        f102b00f895460f8c8edd91671123e6cab3060b3291da7df00dc402ef2b5a5c6

        SHA512

        b02e995ec7f7c01886af8b0b0f802d69ba24054329830247d415bd328205193962412b4cf4025ee58058b95b1a9aee200d7701213b420c323b6f59f227b7c1d5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        5e862580aecd5671c61c30e26704cc3a

        SHA1

        543a07333f56d9e3635a62daf34b0355126d777c

        SHA256

        39da587497e865aa674ac972a0aa87ac3bf033bda14a55bec5258f9dc97e7188

        SHA512

        e3ca4d7dcd203d7f141ad6417598b700c5ef4d13607a965e41f7e877fc28517a5475d2a23f8134dd15c9b053c5031653413f8d0fe5d80735dff522f35afca52a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\idyde9r\imagestore.dat
        Filesize

        9KB

        MD5

        b2a5c370866f1127f946e446cb7c8080

        SHA1

        a15be260088766d17c7f402348e9c306241d6142

        SHA256

        459781971e6253f9d07cc7fd0824a829173c4b142fba1bb499d776bce565b09f

        SHA512

        5218445f1bafa607d5c1feed992cd68295e16aee8bf80c6b4eb287ad92f6c00acf65f592641c4b27a967ae583dc9eb378717d9c1286cb8c9c70851840a73192a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\favicon[2].ico
        Filesize

        5KB

        MD5

        f3418a443e7d841097c714d69ec4bcb8

        SHA1

        49263695f6b0cdd72f45cf1b775e660fdc36c606

        SHA256

        6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

        SHA512

        82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabDD68.tmp
        Filesize

        61KB

        MD5

        fc4666cbca561e864e7fdf883a9e6661

        SHA1

        2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

        SHA256

        10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

        SHA512

        c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarDD69.tmp
        Filesize

        161KB

        MD5

        73b4b714b42fc9a6aaefd0ae59adb009

        SHA1

        efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

        SHA256

        c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

        SHA512

        73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarE368.tmp
        Filesize

        161KB

        MD5

        be2bec6e8c5653136d3e72fe53c98aa3

        SHA1

        a8182d6db17c14671c3d5766c72e58d87c0810de

        SHA256

        1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

        SHA512

        0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\~DF8A01235E16C27D17.TMP
        Filesize

        16KB

        MD5

        8241e309864d8317f6412a79f4aa04f0

        SHA1

        432b19086ce79495f9d17605aca4c659963dc29c

        SHA256

        62f13dfca97e89c23ea3282f190c33a58804c2e0bb7b6790385ee864fd05232c

        SHA512

        9f75a63317ec030dc4be00579d340f5a9837e032813cf00e6f3538d50869faf8fead3fb3baec221d01408ec0215f1e5f432f11e753de1508f0a8fc965d1ac0e6

        Download Submit

      • C:\note.txt
        Filesize

        218B

        MD5

        afa6955439b8d516721231029fb9ca1b

        SHA1

        087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

        SHA256

        8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

        SHA512

        5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

        Download Submit

      • memory/540-578-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/908-585-0x0000000002840000-0x0000000002841000-memory.dmp

        Filesize

        4KB

        Download