Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

11a73e92ab...07.exe

windows7-x64

7

11a73e92ab...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11a73e92abda63441b770d350c5b1607.exe

  • Size

    58KB

  • MD5

    11a73e92abda63441b770d350c5b1607

  • SHA1

    e7cf35bac96dabf03894283c73ea96872597f7b1

  • SHA256

    cab4edff3dfee7b58936f9e01a1d06ab944b58bdc9a6442cff6f2625267d3817

  • SHA512

    4d85ddb115a99802c0ca04d6077f59d6810caf466c941af76cd4cd48c0608555f76dc5ff8cc38e3013b1ac197d28c320c014641b0db80999b19bb29c8de38cf7

  • SSDEEP

    1536:dhk+fFlM3uFqYZdQjxBP52N4yJIbYEp3qMtjqMqMjqMqlqMn:dJMaZdo2NjJAYEpG

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1224
      • C:\Users\Admin\AppData\Local\Temp\11a73e92abda63441b770d350c5b1607.exe
        "C:\Users\Admin\AppData\Local\Temp\11a73e92abda63441b770d350c5b1607.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2396
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2848
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2604
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\fig580F.bat"
          3⤵
            PID:300
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 140
            3⤵
            • Program crash
            PID:2208

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        ea8e175ac0a7a6b470e3946f6e7ae75d

        SHA1

        99f7038c572677b7ce2c8af46e05928f6423311f

        SHA256

        2faa569880b780418399be797a93b70a3c53ad7ca6f273515085779efeff25a2

        SHA512

        a8a9b6cefd52a32683dd4adf930d7d39298bb8003ba4da498adb4d91962c295f17f8c1fa4ed6dfaeffad0290abe1f09941adddacce439d871f29cf815ef0b607

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        83cb755dc0c57519d4b1ba7e03499837

        SHA1

        272baee928fa8d73b7a2b420e4c8c4514d201345

        SHA256

        f889e469c7bf87ca0dacdb4d93ce812c3a6412baf1b28fb7d7ac0c8b83833423

        SHA512

        5602af678f30399ab39abfdb8f750b545986c9bd3acc0d5964fcdc0d915731418803521730e552917ba140e012a6008866fa805a418b7469b5dd6d301e117ac7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        3a9cd3d8f56639efc07de8d0988a83f1

        SHA1

        d381fa98b4344b01bc3d90b91acc8c68eab04f72

        SHA256

        53c3f340491ae8121213c01db2e1d29617ae552b3e6d4a9e55d1a664dd1d79cc

        SHA512

        8758a35f11eedd9d8ed89b59f5119f3cd37017c5e200a137394a87f238d8ffc4e1a9e8fe879b956068ff80164cc6a2917e48f1cd0e618a96264fe3338b88114e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab6173.tmp
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar6212.tmp
        Filesize

        171KB

        MD5

        9c0c641c06238516f27941aa1166d427

        SHA1

        64cd549fb8cf014fcd9312aa7a5b023847b6c977

        SHA256

        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

        SHA512

        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\fig580F.bat
        Filesize

        188B

        MD5

        9d19473bde8f563a4f485a43d1abbd53

        SHA1

        979b594c01890d30bc75b2765547b4eb4c38fb55

        SHA256

        de095e71896611d324ad2070483e3a591259bb2ccf4425921c9dc01fd0ee821d

        SHA512

        d6de9486b6383224727b67129c025594524ed4a69b494648532d46c20ab0e1c7c6d8ad831e20b219fe106cb8ddb85448e8433652bb1a6d195fb28c610ba5f81a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\fig580F.tmp
        Filesize

        39KB

        MD5

        266b0eb83dde2f8121a7e0b26e3014b7

        SHA1

        e9af9e74322baa87198c10dd5cd2c671cd976742

        SHA256

        85810cf5d4b07c1cc7904843ec7a128653813ad07c936291b9ef7afe0bc6575e

        SHA512

        468401c7ef8e8025bdb1ec025fe0e43e861f6795f72d83e29fa4c9b8795c6b01508daa4410d28f2e32a588e46f71f67492dba9b7ebe707004c0288227788e2a5

        Download Submit

      • memory/1224-22-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1224-25-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

        Filesize

        24KB

        Download