Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

1a09360022...2d.exe

windows7-x64

6

1a09360022...2d.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a0936002281fc58559d27d659a22a2d.exe

  • Size

    109KB

  • MD5

    1a0936002281fc58559d27d659a22a2d

  • SHA1

    b07e453222d0e9495130627a07723e19c47deada

  • SHA256

    e500256df42739711a7766aa026d48a54e368963052e847faf188b677001783e

  • SHA512

    bcb4dcc270507714660ec502c79b8b8c3f5646b39a132089c121870c5c4cac46b5389b0510cc2fd8616f3c886468e5208bae36a49285654e423c11db7716d31e

  • SSDEEP

    3072:fUgSUQetyhhEYUa767xmoa+ByriZJe7NUsTld424:fUghAjVelV9ZJEKs0J

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a0936002281fc58559d27d659a22a2d.exe
    "C:\Users\Admin\AppData\Local\Temp\1a0936002281fc58559d27d659a22a2d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "http://www.yeerea.com"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "http://www.yeerea.com"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2420
        • C:\Windows\system32\ctfmon.exe
          ctfmon.exe
          4⤵
            PID:2316
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ec7b7abcc185ce19fcfc5a7ced9a022f

      SHA1

      abbe60f878f5c281ce4bd90d42e69dcb6d4e6981

      SHA256

      aae0c60ad3837679236733d58cd95db202e5495cca26f059684d39f468e5bcb2

      SHA512

      561ce97d0728a51d341545bc20ccb0d8492795d583a87184c3f4476b2de2ff874545e19806bb7e9faf20b05749368bc117aaaa7a1a50465b65a35c433a3bc8a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1f70406bf3336bce5cedd530fe557e4

      SHA1

      004c6ddd241c834a5468ec1fe60862d81ab01470

      SHA256

      b37f2a7dd64ab0799840362a36ba5886316e3e81aa2f28f216bd755d2a1be769

      SHA512

      559db22cfef109426be34cf6b5376275f47261cd75c4e48782c7d52f04600d2d0fbf26199d0fa41804c0db1960239e82733c1a790505cb581c1f081af62a7a90

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f4479d8011cf577d70f4a53600683e7f

      SHA1

      cbc9e003366e02799a52982cacf245261b06879b

      SHA256

      503d889da808228f888916d9e597aa70539619f9709126d1451e2e5cbfadbf9f

      SHA512

      f6d7aecb9978d047e556c8835cef877c8b8875e8f17654025ddeca2336b00cdde2301c939f3b903c935f447db201f7760ade9bf6b804656cd56c0643636e0f41

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d60aa468b081f910e6183fd59ada3e45

      SHA1

      bc6c38c6782a2c4a9d2130165dcbd9b71bd4b254

      SHA256

      9136ddf33425f7257207a597b5fb945e4c332ec1112d0b27768387a299947c37

      SHA512

      3094a59b6351438a910cb74ea2845fb0efe9dbd6cfd0882a6013f22e8bb065bea1c847e9d61b4a070c1df8c8c8ec0632ec7d8e70c246a96a67067b996a690a0c

      Download Submit

    • memory/2864-4-0x0000000000400000-0x000000000041E000-memory.dmp

      Filesize

      120KB

      Download