Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

110801d848...7e.exe

windows7-x64

7

110801d848...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    110801d8482b4247c84882dc032e377e.exe

  • Size

    25KB

  • MD5

    110801d8482b4247c84882dc032e377e

  • SHA1

    8e6d1d5adf86c6b8c55832a0e9a43f0f82b78cdc

  • SHA256

    ddacdf7a7d7f171f6e4717b215289b58675194149eea69b9637f726871065759

  • SHA512

    80337537aa25cd9c55adfc29e5b3e4331187b6402c8f7e57a00136e7c7e7375912c20968f85c27ecac5b7072c4c20fd44954db557c74d3fc633f0c7a4354d294

  • SSDEEP

    384:2AhlgI/HULp3PVUoWkq1mcKP19SUMBGpLGQNPC2a+VkjFQwEcKoYSr:2AHAp9Ulkq54PSUHS+62cT

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\110801d8482b4247c84882dc032e377e.exe
    "C:\Users\Admin\AppData\Local\Temp\110801d8482b4247c84882dc032e377e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\hhnPDEIGTv.js" "C:\Users\Admin\AppData\Local\Temp\110801d8482b4247c84882dc032e377e.exe"
      2⤵
        PID:3052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:1192966 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:341009 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9320a162380fa01a8ed88dbf26eb199

      SHA1

      3831bf0ee71101bc8370fe794adc1cdc8260fde3

      SHA256

      b045ec60e9f94ad2a3085fc478f76cc0ab20c69b1a25a00414aa06e52be50763

      SHA512

      dab4e6b94ebaba90c945ebf673898a462a56de3c24460aa28171dd4f3de02502cb50e77b08f77e0726e36a430cb4e94f9739e0461006e55c6c1cd2c588ab2fa8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9cbe471f058529bd252bc963ae58d9f

      SHA1

      6d88a5a4f9f25eafb89c2c06154ad92fb60d6bda

      SHA256

      05a944c1893830b8c5e765ecdbcf9b82e7e1fe7a307ba388f0dafa5e93502ede

      SHA512

      72526676f0e7c47741d0e79acc492359193d158c98224a9b57de0b2d42e0c18b2fe62d84ac67a54744aa3dd0636004201de35b74967937c1dee4834781f42c98

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      881e22382cad21fcac6ef4fa6dc08d85

      SHA1

      8e04ea3e98fc9cadf4f91efee1bb83398358b47d

      SHA256

      5e019a9baa0f05af78ef43f0c66b874a36c63b66f1b6af1b59bc62037876fdc3

      SHA512

      c5193e1bdd5958fc935bc769b0def79edc3e6980a252942e474748bb474264e50d32a0acef9ea34720f7e0f5579da97dcbdae5d274c85f033925c5880165aec0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ba085eee906e706ea9b47af7572454a

      SHA1

      044236abeabd012a0c75274946799d449425da00

      SHA256

      9e832fa80528fd2119df258a6ee37ff4201150b40d936835f6a6a0047f1060d1

      SHA512

      dea1c24ae0789cf7024110fad9c0f44537029d6a3ec6371237967452d5d846828f2e64166de80ccf4f9022804bad72f57aa2a644c022647047a813073f17fab8

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\favicon[1].htm
      Filesize

      291B

      MD5

      b73189024a094989653a1002fb6a790b

      SHA1

      0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

      SHA256

      014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

      SHA512

      1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBE41.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC4F8.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hhnPDEIGTv.js
      Filesize

      12KB

      MD5

      33c60858171478c3c5266122095b3e20

      SHA1

      729787ede9f390ddf2250bbd1d15848e1e2be454

      SHA256

      795f8ac902fc77d73ec28c7fdb14501c39c769ca0b3738500c39b82e896ecbdd

      SHA512

      f4d5c016efb01555fd6e43f1b0a50cc45029e32a6f581b850458ef85b3f7b8727fa5b6645eb07e136a9f78675cd653cd8f6a5c8ad342992352d581db9be3b7c5

      Download Submit

    • memory/1996-0-0x0000000000010000-0x0000000000027000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1996-3-0x0000000000010000-0x0000000000027000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1996-4-0x0000000000010000-0x0000000000027000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3052-62-0x0000000000270000-0x0000000000272000-memory.dmp

      Filesize

      8KB

      Download