Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

063159b0fd...d1.exe

windows7-x64

8

063159b0fd...d1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    063159b0fdc7f018ef67d9fce5a474d1.exe

  • Size

    39KB

  • MD5

    063159b0fdc7f018ef67d9fce5a474d1

  • SHA1

    52e768e6f7e1158ea9048c27ffb9c7c3f4288cdc

  • SHA256

    c604f076eccd12399592a23f3f7f3bcbf6963937f356be19767ea92c9bcc3de8

  • SHA512

    d8cc3e286840f81ff2ff49276355ce9d4aea38f32a532e5a961af8dd2a8a640b2af8963cf58e8ec7612651f124dd7e9d8c863f55d5e1b04cece0068f2f3844eb

  • SSDEEP

    768:AFQ6iz8orPRcO3qlZ9MT1Xl9eGn8qSKdNFz9A8i9lo0o/qeU:cLixbqlHM5XHeR8NzA8Iq00

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\063159b0fdc7f018ef67d9fce5a474d1.exe
    "C:\Users\Admin\AppData\Local\Temp\063159b0fdc7f018ef67d9fce5a474d1.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\063159b0fdc7f018ef67d9fce5a474d1.exe"
      2⤵
      • Deletes itself
      PID:2508
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\jjjydf16.ini
    Filesize

    110B

    MD5

    84cfe80eeb0798b904f2343f29307f66

    SHA1

    0ac39599b78605e815c51abf3c3aa6963f72b86e

    SHA256

    c80370e44b7838477d3d2a01f5e0b7af464594dc7a35ad91a5209e7dbbf4d598

    SHA512

    fbb907a8b56e55e5d6f644135b5bc505e43dd5860ea2380dd23770bcec5249bf3b4c22ae1d04b491777c780fb2448cf3b5a1a4aed8efc302754dd390a7dd7080

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    32KB

    MD5

    8fe278bd8eac660d0161a869da96b8d8

    SHA1

    eac6f73862d89fc8c49b5331cabe89b6a57019b1

    SHA256

    e8a6de34603eb9e91ba82f555080758e480ab044ffa9c140028706f916eb2c0a

    SHA512

    b180b8df22e421493dcc75a2caed123f7c7756295f691579ea5c426c741f80e381b4960b5cbd6b5e87547d75e44ab654d1c4704fe34b4b743a57f334bd05846c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94ac1c21c77c5dc9c198eb55800cae4c

    SHA1

    f7f57a76927beb1fab8445de386a7f34d6988e8d

    SHA256

    fdea905e2383374599981e7c215f669ef4e54e31f40e6168ad1ea3f70c7950c9

    SHA512

    c4504843c0b45ab60848a80172dccb5dc20785b7e6d0d118b00bdc3ddc6a560f3cc2b86856ba2695e03f84791783e0adef2ff14e8df0bee9e88e4314b476bb3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • memory/2236-0-0x0000000000130000-0x0000000000161000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2236-12-0x0000000000130000-0x0000000000161000-memory.dmp

    Filesize

    196KB

    Download