Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:08

General

  • Target

    209e4d0587ca0dd12bdd61bae3f84d87.exe

  • Size

    56KB

  • MD5

    209e4d0587ca0dd12bdd61bae3f84d87

  • SHA1

    31ada5ee435b781061d6d065b2d4ec60e6807f90

  • SHA256

    b964009584f24112b67af871333acda4e7652bb463a68df16b64564e78b5abf8

  • SHA512

    e958f3b3d31577ab2a5dc9cbae38d5ebd9b10c4c5c2f07e978ccb925fc9f739528efc311bb28b766bc2c75ed53e594433b53675745df3f0b0c46dbc38700ed69

  • SSDEEP

    768:Cs8ppOCMSnt4nOiucrM7xSAsgyqvPIGXMSBjX9tUivGXXsFJjhYQ:CnR2OIy4uytC7OkP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\209e4d0587ca0dd12bdd61bae3f84d87.exe
    "C:\Users\Admin\AppData\Local\Temp\209e4d0587ca0dd12bdd61bae3f84d87.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1748
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1300
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dcb6acbeb3620f82179ae58074c84f1f

    SHA1

    4352908fda0791d4d5d634b293dd04b546dd8658

    SHA256

    07c1f11d80e39bf0e3b40367352c4f6d16cfab1180b2cdc998f8fa6e1a4074b1

    SHA512

    4aee6893e977ad855d7ed7a603b28475f72616542cb9a1c0ae65a5ac1101da7b123433ef04f39993e722c8f17ee0c04404244f4e33944df04cf65e0172db31d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b77a8a3520466c83df90a3d9b1462a17

    SHA1

    a8009104bf35619e07c613eee907fe21f74fe457

    SHA256

    ee111c21d6c950e91948622bfb269ad2e550ad8ff85e4da29272fd93c4280d5b

    SHA512

    998aa5858ed3809a918115e19502fc208004fd70210d0b68733ddb0537a68f9b5d37a28a38652ac0576e740dc2d45f2805a8254db5dfe589ea507570014921dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fb1c0ac7006693b861230a400e76c93c

    SHA1

    282e4191563a3042c04fde6ed32fd31a1ef57235

    SHA256

    73a8d02dbeb53e6a3551fe69d135d5c95de16e983c51dbb8b14b9022111357be

    SHA512

    b543322a365e1feec6a5686dfbad212ed2a2b0c35e1462471dcbba3def2bb0e9c584db61c046fe68af34c56ad96358fa6272b1a13e00feb2866e391ff43622e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7769570d2deace0b3c4e283f2fb0cde

    SHA1

    73deb775740705342c3b73e6b45d7a6cdda4799d

    SHA256

    6e8408f7eba4e66cc89d5ed0c1884294e88faffafcbcdada554a5df0076b36ec

    SHA512

    85f83b99c79a48134ffe521f8300ee3ef611825fe7d851d34744e344e41ef7b869a6b88875fd18b87979a1df7377d4a13e5319d38a0b4d7631591d0cabea3669

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0d1b0cbd03c9a650a7c99b745635da55

    SHA1

    e2ad3bd26f5a151213f981b668baf5392631a6f1

    SHA256

    0dacb6840203d958e56cdf58b7f6a2fc09de6f33961d43674f2271f835b0b0b2

    SHA512

    ad47cc990802debd9cbb7b33d9d003133836af9b0f17ba9a296e9ef8d2dbeda5ffd4053b79e0d37bb5171049d214c80e29c5502fcf26503c7b3d7f065f0701ae

  • C:\Users\Admin\AppData\Local\Temp\Cab8FA5.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar9054.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • memory/2400-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB