Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

22cf9fe9c4...39.exe

windows7-x64

7

22cf9fe9c4...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2023, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe

  • Size

    8.0MB

  • MD5

    18620785ff64219f20bf5f1f6e797342

  • SHA1

    afb51d0b92677de87042da47c6505f0a9f78af75

  • SHA256

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

  • SHA512

    399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

  • SSDEEP

    196608:5EtZkQkQsSkrQzw6Dqs/y+cNBKbQ4hrivFQhZI26G/Udrqn2:itGQkLNz69a+c684BAFQvF6S3n2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
    "C:\Users\Admin\AppData\Local\Temp\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      C:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\45f2dc0fed18a8ff84aafe498b741f33.ini
    Filesize

    2KB

    MD5

    49322de86c414042b7a13f8282e55141

    SHA1

    1ca2e6be4a8fc1c6ea62464727044cf8f3cb8aed

    SHA256

    643b5eb3767355428866a8f243dc129f12e805ccba5e8a649ff1e5ecd1f31a29

    SHA512

    b275bfba91cfc05635eec21d02ee2e29a92a757d18b6db02ee85cd858fa082759d947df1a3d57b37042a3f86381f6846024a65ce58f517aa5a5baa637775d174

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\45f2dc0fed18a8ff84aafe498b741f33.ini
    Filesize

    5KB

    MD5

    56adfd0c123e2b4ffb67a1f29833f4db

    SHA1

    12c9aaf42ff420d8f7f6bf2da5897914cfcfca73

    SHA256

    c2809df6b5f01443b434cb25ef8116f0f8c9630b060c608b89d7db05a4009184

    SHA512

    c087c200d796afc7112284f151882178918109aee0e41eb8190ff018ef9e7a9b1098b68faf79d95626fc7af2d7e80a95f874437bdd95672bfd8ad85b5f6448a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\501a60192a4cd471f4fc6eea94f44bdb.tmp
    Filesize

    11B

    MD5

    3113680af3d27410ad9736510cf6694b

    SHA1

    2afd3a340b72411d3ce6c085f3bdc9bb28a304ff

    SHA256

    f018c9cabb7a61ddbe5be91a75e3c7b823922ec876323b96710a353b98c4e0b8

    SHA512

    77b7d8a99d44c7de747c536ccdaee90154d469177f3d545b84f36e6022b102c65f885b52abdcea10891c76cb3c7298e350a9f19696af9517876e85cae2f832d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\del.tmp
    Filesize

    102B

    MD5

    297c92bec11aba48c29df617048da371

    SHA1

    7358a4c412f6c2c0dcbafba3df691b5a691d7eaf

    SHA256

    2d7d5d0c19bfa1aa9e1fb97d41ef68c566f55aac61e514735304f9053c026396

    SHA512

    c22d7e0fcb112c0c30482f21f546007e9a20308f879dab240367b67c862204cf0cda6f53f3aed0f56078891bca7a54ae70b4d7bfb8a0eb23a15c1bc56ec79d59

    Download Submit

  • C:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
    Filesize

    8.0MB

    MD5

    18620785ff64219f20bf5f1f6e797342

    SHA1

    afb51d0b92677de87042da47c6505f0a9f78af75

    SHA256

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

    SHA512

    399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

    Download Submit

  • C:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
    Filesize

    8.0MB

    MD5

    18620785ff64219f20bf5f1f6e797342

    SHA1

    afb51d0b92677de87042da47c6505f0a9f78af75

    SHA256

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

    SHA512

    399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

    Download Submit

  • \·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
    Filesize

    8.0MB

    MD5

    18620785ff64219f20bf5f1f6e797342

    SHA1

    afb51d0b92677de87042da47c6505f0a9f78af75

    SHA256

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

    SHA512

    399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

    Download Submit

  • memory/524-10-0x0000000005F90000-0x000000000672B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/524-2-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/524-14-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/524-15-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/524-1-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/524-0-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-144-0x0000000000280000-0x0000000000283000-memory.dmp

    Filesize

    12KB

    Download

  • memory/612-150-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-143-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-18-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-145-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-146-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-147-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-148-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-149-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-23-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/612-152-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-153-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-154-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-155-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-177-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-12-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-11-0x0000000000280000-0x0000000000283000-memory.dmp

    Filesize

    12KB

    Download

  • memory/612-202-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-204-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/612-205-0x0000000000400000-0x0000000000B9B000-memory.dmp

    Filesize

    7.6MB

    Download