Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

55745c2c0e...e1.exe

windows7-x64

7

55745c2c0e...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55745c2c0e6655a72702e2282e9804e1.exe

  • Size

    1.9MB

  • MD5

    55745c2c0e6655a72702e2282e9804e1

  • SHA1

    f4639ad4aada1d8fbee586d94194f5f986979b10

  • SHA256

    e670b229ff2549024daaccdaca7a939257f09a9c30fe901a3ec6ead6afbe2b3f

  • SHA512

    8468d274b808e85b4738445e16a95735a96461d674606125c6f299e1239975f409ea2c2e7ac8f8b356c4e4f562caf7747ceb5cf1ff218fa7903deb1de5af67ec

  • SSDEEP

    24576:KTAd/yqMt+GyjAyKtmrUTejQg0jgRYOeNgGH15MhzM0nO4Cwtkrhoj5bbwCKaeQ:K5qMtfyKSae6WYiG3M5M0nCojaceQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 53 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55745c2c0e6655a72702e2282e9804e1.exe
    "C:\Users\Admin\AppData\Local\Temp\55745c2c0e6655a72702e2282e9804e1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.soft778.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    53579d962500d7a97927327bb7d72323

    SHA1

    940616ca2b93dd4ca0790002035edddb137065c4

    SHA256

    61b291d961eecc37b0e3592e8f385b4d25148475628dcd3c73344e3346fd31a6

    SHA512

    d57adaab28e118ee82cace7006f9991c646d5dfe0092cab0ecfb1350b965a0bfa3ae58e1133e5a8ffa7557a3be1204bb987e5bb80b993f2fb3a3ebc421b1a84c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4a2ad9e48f0d5b57ed5c9cc2a10c0b0a

    SHA1

    189ea16defdc52b104549359b86a930c0b9e69c4

    SHA256

    18560efaaf428d8920624328a49f86ec5455dcc3091e15f3fb58e3b6847b916c

    SHA512

    745b5c03422b905f867a32636bb72462d24ee94c6115305743f67202e803b496a4487da982903ff368747a78f7038b98a3bc1ba980e0942c192d8ebc1bdc7cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    bf24a81c08c2839ad232bb3c782e2853

    SHA1

    8fc70805ecab94eb331524d3d40c6108da087010

    SHA256

    bdab25e9a7aef24bcb475867c1f07d9f7111a9dbcd0d1ff9cf64c81af2733154

    SHA512

    e039a60626127075a49982aed351923e172627423fe63d713a24a9e205be5b77dc07bf3e955aefd4495601c7002e9020616bb8b009ce4e2008ae88e4b69fce97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    13e6e87fab7a0106e353d0865e88e2de

    SHA1

    c71a9b376bf48ca3abee29e7898f9137f2ed1b5b

    SHA256

    bfe6b429e855d1497fe6d1a42b1f9c55ea2ff5bfa442516593352410eba73de1

    SHA512

    a20bcde45aa7795283fa9e58852a4c8f0483b0cf84ab9ba033fd535b70d797a5d6fdea66a4eb11c29c19fca1408ff5a0d5d95289a3eb7a367f390c8907a536e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cb9da8446a8e69be1cf0e569922e7d4b

    SHA1

    6e69d680386e06d7576f9474f33e442d01b1f862

    SHA256

    8b4b0c3e53c5bf594c13b344a08854ec89e106cdd04676e4738614636179b547

    SHA512

    8a27f05af327d8864065a557dfc2fda887e8a1973cbca4599d3f930aa666cd103ea8dd0cc5c3b0129f728d73dfe8144896bc32c82fc61c20b36e43bdcee3c1cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d542c18222933b041a008a9408583e5a

    SHA1

    62ddecb7f68d814816a98760c4abed3254fa2180

    SHA256

    91b703d66688d3d5da48f4f2ccbd73358b47ccc07361edf726d262e06c90ab8a

    SHA512

    606cdf8e62c5ac0c73715533400b76aa761153368169bdaca1dee77009f2b766e266506bc2f2941abe9b73580b089d3bc50bcd73162a26c502a3110b3e86668d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    815ef367883a50215b7cf6c1acc20de9

    SHA1

    3e1159fd3640227ef4a9a840f8618c936fd57951

    SHA256

    a78422bf05aa6e41663822c8d520adaba9063cc5d661476c70322a74f048f765

    SHA512

    565c2920cc92030db4c6ddd6de1ad4c212d5621e1b5a9bb485d54a89fdbc11c153201d5e7d67514e91458558b73f3e934b17b3311517624304ffb50404648878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    76ab477237c5d74eab47cb1009cd282a

    SHA1

    db933b24573c07afb3462c54f77f2c96fa96642f

    SHA256

    5157387818a713ca89bda22eca2f2a8a20416df12f9df8ec23cc877373e82180

    SHA512

    b70076b604571fddb20ce0469bbe374679446a0885225fdebb1afb5c8587994dd9e0c75b3cf010f7b0386ab784b14938a4ff88e356e8d26bb2cf7237f9ad0614

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM7ABAI9\common[1].js
    Filesize

    1KB

    MD5

    53336b1dd0453bff8ad5356bb61bf0a1

    SHA1

    cd228ea49a16668578e35b38c0dff29130660436

    SHA256

    a7bbec4f8f475fa985b96415c2d14c8bbc36697bc9a79a5f2268da69c8d1c054

    SHA512

    dbaad8f59f5356c29c8bf416fe2a8ddc86511ea03ea353b5492d1ebaa3cd2fd2bf45ac343ca00b98882f66892753aaff3e0309d2adfa3d85bb8603dab52a5d7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM7ABAI9\favicon[1].htm
    Filesize

    809B

    MD5

    e512d1b1b7749efd426af10750843c28

    SHA1

    cc6bcfbfd4df17d5c49c5197ddc977dcc703a684

    SHA256

    42fc25a0be2314136863217c451e6a4eaa562fbe742e4a34ed932b30aa00097d

    SHA512

    39eb8c5c6529831f5e39fa093eb5d426feb8f7b42fcad3642a88d02f48f2636bf2d91063245b91ddfb2cfef659909e4edaa840bd1a9edc5a59c23084bc294dc0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT9W3YKY\tj[1].js
    Filesize

    986B

    MD5

    39ba2f6d07162e930c02c9d2fecb9ea2

    SHA1

    3a731ba1f0b2c7a5afbc4a07b615fda18bb7318b

    SHA256

    e1a2f3cd51a09eb5bd882620664997d87359cf0e917aaf343d6e3f1dfc03679f

    SHA512

    f5cd1ed25e9086de823fd2aeb9be1f2d2e520e749e6cd40b6e7e735fb376afc07ee890afea87d3c535aa151a835303b9e986db613301ee10f68959410172caae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_4\eAPI.fne
    Filesize

    32KB

    MD5

    cfaab61b294486ef64fe45424283b1fb

    SHA1

    aa183a9d10f1002da32c62d55e580a44a6445044

    SHA256

    a4ad600e4891974a8953d8834984b6324b3b7eee9c53dc2d62d698850dbfc39b

    SHA512

    21f3d4c20d0c7fd7e55e5096f9223cb758d8605706caf1e25d3b58671e74f57a4de22198a69efcb6edb42d6591c6d0bfaefa324824f262eefdd27ea688c057b0

    Download Submit

  • memory/756-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/756-48-0x0000000006EC0000-0x0000000006F21000-memory.dmp

    Filesize

    388KB

    Download

  • memory/756-53-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/756-23-0x0000000001DF0000-0x0000000001DFC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/756-26-0x0000000003EA0000-0x0000000003EDF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/756-19-0x0000000000880000-0x00000000008BB000-memory.dmp

    Filesize

    236KB

    Download

  • memory/756-15-0x0000000000290000-0x00000000002D3000-memory.dmp

    Filesize

    268KB

    Download