Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Aws2.2.exe

windows7-x64

6

Aws2.2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2023, 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Aws2.2.exe

  • Size

    696KB

  • MD5

    54c63e845b75fd07f48739e5d2487ca1

  • SHA1

    e0a8c295ea69905c83aec0603ac0bccc9fb981a3

  • SHA256

    d11fa3c76f2c301bd3c2dc33c7736e6c0ed46e989d7ef76369823c33ec0f7496

  • SHA512

    3f671c41c112ad7b0b4011a7dafd102de8912f1d81c8bc4e21a5ae7de560f6fdb0bb2a770647b7e60c8e082989a8d60ca00cfd00eeabe9091908ba47e86713b9

  • SSDEEP

    12288:fXMhkFCmmrYcJ5wc68dgeSpAp10BWEhQaV+aGEcC7tC5bT9kZetKg3dBdHDit1w0:EyFCmJcTwb8xXAWEqlaGB0yTcgKg3dBI

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Aws2.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Aws2.2.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:936
    • \??\c:\program files\internet explorer\iexplore.exe
      "c:\program files\internet explorer\iexplore.exe" Http://10.127.0.162:80/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    98b4411190640145144749dfe98c277d

    SHA1

    0522f04146c8bfc0b5577900c56621d451069e37

    SHA256

    e4682574bcf819a2c6117db1a3f1d6f96e8eb623986da03fbc193c572fe5c79d

    SHA512

    45af15042d173e3561be6577d0576ac98acd26ef899f9a90ffbe5118bec64c915b2ab82d3c9c8b4ffe59a320fdd7545d0aec287e7b9c5bdc41840ed87ed91dd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    410d1543a9280b01e6922342a6c9fe22

    SHA1

    e0a77aa20eb84f4477b4493ba07007110fc93ca1

    SHA256

    cf4039f17f102abc27845743ce026712e8afb44382f94455205f853aa2a366c6

    SHA512

    e0752a751f837a495371d0d67f076c988c8f8ecc7406822abb8b0322eb42b03aae02455f1721cc4a5e5d7b47983fc07f4f9b47b594d86bb42d4839490d0786c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6269e7177e776f6a1d50a2bbef6ff3c5

    SHA1

    117a98d0089ecd09587fee34fd441482e69048cb

    SHA256

    39ba7ae7bb2bf324267dae3d3073061a14d4eac62857f7c966af8477ac25054c

    SHA512

    ca2d6fd2e6bacdc1c438058cf9dd5d732934b55ea6497c035ceb30848e2ff43cb812104736553c5cb64ed55f06c7f98aa59c845d1e6cafbd6af60fac7de03cf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2b190a467b22aea19efba3c0a62b9bf7

    SHA1

    377251bdb5eb04db2598ba41682db74d784dbb06

    SHA256

    392738b3c66e7fee1bed16a5b91e317b84156e2bfad503f93457e9e3ab9179b0

    SHA512

    97339c91da125032f35e5dfd926408ecdfc36b46b1c9a1e88b712aa989b81646cd7720213f7a35653e995a97f0d3b0f21601877b07fb766fdb606d7dc8311681

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    70fee9bbed3585b241c5f56779dbc9ac

    SHA1

    90a0b823c09af49af4aa1ddfdc1afd6432882b11

    SHA256

    89ed25b360ee890a25495c211d22a2838c04ebbcebb26ddf900d28c276d82297

    SHA512

    9afb0ce5fdc7a21f2dc945f263db4ae3015fe3956f90eba6e590be06b18e571c23e63a8c3aede655b145f6ed170ba5bd6dfb02e5de3729c636d79ad620ca7193

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1454c91498ed920954e76d7ba59dc698

    SHA1

    6b8d60ef0c01df6751d9d88019437f0158556c11

    SHA256

    4dab453aad88304b721f907abc42bb23de8f17d2cbd73d12fbea876574b40894

    SHA512

    417127c60585f4e69814382fb2a5f65cde49640344bf3b4094e63ce1e3e0472e5d2f5c15f7e33b3c5712e0e59ea4a9d9e5ed368c567eda326dcbfeb8c0d27040

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2f04bc3f36b2b49689d47d6b746e85af

    SHA1

    21a1de8412b16d4c051d89cf6299e9def1d2a71a

    SHA256

    755d0cd4423390c9cb3e258b06a6718220b0b457746698009115e2f1f44e6056

    SHA512

    56ac871bd17bc4bfe13298f065114124f3c71be2a85601a2ef5818ef492866eefe0f7d31194c2d0f05497aae585c0041d8cb62df4379ce52a7cb140ccc0b4c9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8e5117b83b994da8b86d443dac66266a

    SHA1

    2654ab7ad43630de79c5c3512763fd29647f240f

    SHA256

    bba64cffc836d9f257bd01f734911832fcacc12dc8607441f08c4483bf7be6ec

    SHA512

    3290af8e4050908cfa9cf5e395f4cd5499994abd229da450f18f22a6c825b07e5ca9e29dc08ada4d5cecaabbb6e09de10dc73f93887130a5b9ac734b11c88eec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    bb655a58277bcbe239aeba77f5ce0563

    SHA1

    6ecc92b87fabee76d785f3ae7fb74ec7e008c1f9

    SHA256

    522f7c19f416d163f4941e1ce2af42402d080aba6d28b1a97c8bfded4a78a0a1

    SHA512

    9463ce7e926022384a4b16dbca6ccf551aea1fca613602ae292511f6143f85a4ec6edf68bffc96512ac1c2dd9f133e09578a3e8dbb8c8cb8db4609a34031f0df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AJTUMOT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5AB0.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5FD2.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FNWBTBLI.txt
    Filesize

    606B

    MD5

    5ba578f677282b5d93b90162b18a2aca

    SHA1

    40fa7833bdbd584ee3649c043d3ddfba4af7fd55

    SHA256

    fe6e9cad260da2936d9ac59032f07f21a230fe45f37d3ea26bfad35cac716abe

    SHA512

    c22e3d3834c00ea8dad8dda148160a572934d2c8e2c9efe77f3e1146e9e97506f5108021c63053e5796eb2a9f7b1810117f2a22b2c6adb49ca251ea9c9898b3d

    Download Submit

  • C:\Windows\Aws.ini
    Filesize

    47B

    MD5

    f1dba6a1b1ccbaa77dfbaa1c82070f01

    SHA1

    e0d7bcee9f3873ce18eb921983fe36991b9a76c8

    SHA256

    c39a916801c2260d283464a5bed63476afc643f7c832d6b93f542cf67b42a48e

    SHA512

    a8a4c771a669e95ac3fc521f0b1052c9ce67724072301dbb4dc3cd4eec88d1e77c6e5d4ca8356a540a77c66ea149ece1644673a51a9838d4c66d0d8ef4bf580a

    Download Submit

  • memory/936-62-0x00000000751B0000-0x00000000751B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/936-54-0x0000000000400000-0x000000000059E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/936-76-0x0000000076F30000-0x0000000077020000-memory.dmp

    Filesize

    960KB

    Download

  • memory/936-75-0x0000000000400000-0x000000000059E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/936-74-0x0000000076880000-0x000000007694C000-memory.dmp

    Filesize

    816KB

    Download

  • memory/936-73-0x0000000000400000-0x000000000059E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/936-55-0x0000000074B40000-0x0000000074B7B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/936-77-0x0000000074B80000-0x0000000074C00000-memory.dmp

    Filesize

    512KB

    Download

  • memory/936-59-0x0000000074EA0000-0x0000000074EA9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/936-60-0x0000000000400000-0x000000000059E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/936-58-0x0000000076880000-0x000000007694C000-memory.dmp

    Filesize

    816KB

    Download

  • memory/936-56-0x0000000076F30000-0x0000000077020000-memory.dmp

    Filesize

    960KB

    Download

  • memory/936-57-0x0000000074B80000-0x0000000074C00000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2340-72-0x0000000002620000-0x0000000002630000-memory.dmp

    Filesize

    64KB

    Download