Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

013e80dc8e...a8.exe

windows7-x64

7

040677c072...cc.exe

windows7-x64

3

0ba3a15c5f...6a.exe

windows7-x64

10

19d029dd80...b2.dll

windows7-x64

10

1ac4f94c2d...83.exe

windows7-x64

7

1efeb07862...bb.dll

windows7-x64

3

27861dacdd...03.exe

windows7-x64

10

31860041f6...ff.exe

windows7-x64

3

3c49ffd8bf...86.dll

windows7-x64

1

41edb742c1...45.exe

windows7-x64

6

4ad4c837ce...e1.exe

windows7-x64

1

50682871a2...53.exe

windows7-x64

6

5f3bfe76bb...b6.exe

windows7-x64

784f3902fd...12.exe

windows7-x64

10

816c0e4deb...6c.exe

windows7-x64

7

81b49d3c61...a9.exe

windows7-x64

10

82d1e979d2...67.exe

windows7-x64

7

8ba3f20419...4f.exe

windows7-x64

10

8d8576432c...fe.exe

windows7-x64

5

962bbb1929...e2.exe

windows7-x64

10

96f295d08c...d1.exe

windows7-x64

7

96f2bcea04...28.exe

windows7-x64

10

9972304b5c...64.exe

windows7-x64

10

9ff988d7ea...09.exe

windows7-x64

7

bfddb59433...b0.exe

windows7-x64

3

c0ca77690a...a5.dll

windows7-x64

1

cb0f8c9180...69.exe

windows7-x64

10

cfbcc54f36...29.exe

windows7-x64

7

dd0f55e997...a3.exe

windows7-x64

8

ded033da36...58.exe

windows7-x64

7

ea55e146fe...59.exe

windows7-x64

10

fffd0cdd49...d6.exe

windows7-x64

10

Resubmissions

14/11/2023, 17:31

231114-v3qg7acf42 10

14/11/2023, 17:21

231114-vxdw7sdg61 10

28/10/2023, 19:29

231028-x7cs1age56 10

24/10/2023, 13:29

231024-qrn3rsdb6z 10

18/10/2023, 12:04

231018-n8ybnaeb31 10

07/09/2023, 12:10

230907-pce1wahe2x 10

Analysis

  • max time kernel
    30s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2023, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfddb59433bec29faf6210449f73503f38e61234c09be3f405be8196d9d6f8b0.exe

  • Size

    137KB

  • MD5

    34796bb71a194c4efe6154b46db6f4e4

  • SHA1

    d1518518198c23fe4226ed61b52c4c7844246fe1

  • SHA256

    bfddb59433bec29faf6210449f73503f38e61234c09be3f405be8196d9d6f8b0

  • SHA512

    6fbd87c03417aba7875ec07f42dfc078dcb5e36cdf3f80657d97087651a77f49a2345336e841a486e89c66c8e373fc7e19a572ab5124dad51eb01829df5a2472

  • SSDEEP

    3072:62BuFSglbxkKbjDOfuCtihXwnTP/vhaBxVGVq0OP:62BuFSglbxkKbjDOfvixwjhaYVE

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfddb59433bec29faf6210449f73503f38e61234c09be3f405be8196d9d6f8b0.exe
    "C:\Users\Admin\AppData\Local\Temp\bfddb59433bec29faf6210449f73503f38e61234c09be3f405be8196d9d6f8b0.exe"
    1⤵
      PID:2028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      94babffe0a948f7e5716e87d3e997031

      SHA1

      85a660d74db4ee855ec381cc17ee28481ca648d2

      SHA256

      5761ce59eacbb035bf5b7ee775eac4e4eb202475cda42dad8ce2872d3b2cb4d6

      SHA512

      fff4cb35699990152c0182d2a1290103b2f2617b0aa0c79c6472d1df55a8b70800280e8895a8ec12c2feac2bb0cd7644efaedbf8cd0b3ae3c8357ecfc0047b70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      32a53b7b59c3380d90213a3f76ea68be

      SHA1

      9c7005173a77aa432f420ced000c19e4139bd167

      SHA256

      2a5868200c693b603f9666aec380df3a6b6dd84ee70ac5f4d5ef0945ac0e80e2

      SHA512

      943f811254b35c8ee2794b3b6d358e918853c920b8dcf42517d59cadd20265f2430da8f7c2ded1d16713b6380ddda9fdf2a21d696693a149c14dfb6e02fe1184

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a3e1720667ae52b7defb2ef0da151cfb

      SHA1

      621f190b6d11cdb4c9878b27298897bfafbe4ce1

      SHA256

      9ca6e9ec451a1f375d5b452742c2e883b33b838a9e565334474475c3220438ea

      SHA512

      8c868998348526cbe68c9a59997d8b13644cab351f224575a0460dabeac6026873679f8adcb3d02be174551ab94b0eb552eaf681961ef7a1487e8e75a062efd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      beda4756f22df9ff553b19c4410fd66b

      SHA1

      8b544c0acb5d397b13f5a88b9f6547dfc3e92805

      SHA256

      35b99b3667d70bdf7b9d216520a90f0e3dcb14baa3c46264648f32ed3578e3a7

      SHA512

      d217c3a443be25cbdc5ef3ec67cc47b1ba73451907a4feed5e680999a507d46eb02f2cba31cb9266eeb5a7d54989ff15d36e99e52febbcac66d6afe2fc8e9555

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bd2e6bb4b8d94ebea4e2f6af60e8f852

      SHA1

      0a07e6146f2f78840b61bbed32c036e369a2534e

      SHA256

      08c4be32c3cef3df8a3cba9bd4e79aa2c4d52bb3696a5e8095fe73274d4e25d2

      SHA512

      861c231b96afc62c9e3c6a9be3a587b248329cd4ad6d91f39d7fb8dbc86b5595b2f2e9c233578b8bdcaa9388c3d1b6d6480c58bbc4fbd4211d536affbc616366

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3d5334209edb0803b3411e6ce73a1d42

      SHA1

      787a037b66bf6d43cf6e8d5161d62783fd4b26b2

      SHA256

      c12dbc1a03d96e1adab9c4e6a363861b95a16e4bc6a6de2c4a01706fdf3567b8

      SHA512

      5998046a79d74ec6dc72c11429e077f7ff6cdcf6b7ee9156439dd8d6a2c22703b5b593dd4adfccc42f9519ef3d3f3672b6b0dc7d434e6ab926f966dca9b93d3e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c393fcd3b58232fa230dfab30d571346

      SHA1

      5942b18dc834facb528c8f056b007470d3d359ba

      SHA256

      584e2bea881c08b52d00e8a49a1522cca1ca2cece542eb88c96c605c43c164ff

      SHA512

      8146a60e16688bc210fa4085259041ad2ca39c410441da5963411912ff77fc5394d1ed2d1676d5c9cd3b6c02bf1aec36b938494e6d9dfa372bf91b2e0b02ec22

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d5d7ad02ba59f4764011ee7dac7a09af

      SHA1

      6d4d7fe07f2303f6071ef79161e54d8049f7d4b8

      SHA256

      447c398a1b9f39b259ae78d6a46cf1cd2cce5f6173615540c03faa4bcf047015

      SHA512

      792092e8c5e12acb006d11c1bbb0d73532fc744e476799f74ddc45d7d508c41125d6fc92728ed817c3dc30c419190db8d2bd4e66ee1cc667388c7d9d465849cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ccf8f79d7de670a9ca6c4bee3e02a46

      SHA1

      1b3a88c9c80ebad0f85cd4d2b820d9feb5046990

      SHA256

      1cfc8f600a400dd77e00329770684da48b02643d3bad4a26c676cd4616175ff6

      SHA512

      d4fe973a6588d263e2376bffe5417e03ef88233e331c2747e8f3cf02e34d023bf7145162f009f0c587effec642cb27f2549e795a9526a0da13c37af65896d0a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAF74.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAFE5.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit

    • memory/2028-0-0x0000000000460000-0x0000000000468000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2028-10-0x0000000002770000-0x0000000002772000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2028-2-0x00000000022C0000-0x00000000022D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2028-1-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download