Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    36s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 14:36

General

  • Target

    76129ba287ea51cabe3b3f621c8f71af.exe

  • Size

    716KB

  • MD5

    76129ba287ea51cabe3b3f621c8f71af

  • SHA1

    e20aea452d879e07ae894faa80dbe8b5fa0e3c86

  • SHA256

    e9e41dc3d159cc58a911a186708a114cd035d8e6467578382233ffc97873011f

  • SHA512

    7f318cd302dcd132daf47278ca55ac1fceca9b0ea0706c4df6e76f6d9086c05a1fac409114c213fedec7b4159ee63b3cee2394638dcf243d7d9d169e8cfc436f

  • SSDEEP

    12288:0Th5z8CoM7Bv0dKdHlS/cnX0Vi6l7wrJsoDibhe:0TAClMdoHlS/cnX0g69wrJ3Dmhe

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76129ba287ea51cabe3b3f621c8f71af.exe
    "C:\Users\Admin\AppData\Local\Temp\76129ba287ea51cabe3b3f621c8f71af.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.9jyx.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eea809fe0d876b7d89f348085629e60f

    SHA1

    802da04ec0ccaa6c6eeea5a6f3a816ebcccb7ecd

    SHA256

    c79c46087ee5ccc0302e1bf8c4ee5111fb40d9b367f51cd7973fd52d56d3954b

    SHA512

    7dd62635c9cf873df9df706358a44f29ef3c6a0815cac34a1742bd4a5db1bd427d1396a50390e4b323c40d581cdcbe39acbd063721653e8a8b0c763c87cdc3e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    af25bddd36fc540367ed85303df953f8

    SHA1

    7ec7f04cca822a21725ba1fc3e1a9f63fa737872

    SHA256

    7409f169bdae30b7dec9b8cb955653389db86627c19691a5175f4ea0116577e6

    SHA512

    84e239e9fb3ac00a0f91afb92456b3425aa35ebf8d92ac8854b56e702777c892e0b85bb7962325f5c49fe4f0f78c429748c98505b104ac734f5b8aa92b7f6022

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9974a2d6ff40f44008da66ac5f17eb69

    SHA1

    dcfe5e4cd3a0f4aef07a8de66d7fc1efd455f968

    SHA256

    edcf468f1b508d4367662aed99e13bcbec3b49630a3e5c308dfccd49e0de66ad

    SHA512

    975b725a66a7a482f07e42fe7a86682e8ca908b92456ef5b3d96ae5d67dd1810b2410b0b0f08c77b14868bcd0047b286c49d50cb78a33d13f167b5246caea38d

  • C:\Users\Admin\AppData\Local\Temp\Cab7E95.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar804D.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06