Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

b92429256b...9f.exe

windows7-x64

5

b92429256b...9f.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b92429256b2c1a46cc821db9c983569f.exe

  • Size

    64KB

  • MD5

    b92429256b2c1a46cc821db9c983569f

  • SHA1

    1c8a60b6cb35d02cd823167b59ab2c7a577b7a13

  • SHA256

    e61f7e563040dd6d43699759a56e137634226fb122f1e91917ebbac327343071

  • SHA512

    7d5124daee44dcdeff264c0e5d179cf7015b939e8f0f4f8658d4e9a2e6559c427caa85b6d98ba8102fbd05cc12ded0a4253ce74b248fc60f06527c569fe9f4a6

  • SSDEEP

    384:eXx0opJm4iklgeFvn68Kvu4TqxsuUh7PZUFeawnQ1L3B8s/HKEJS1dgSGTA6Sq27:Ex0opJhplggUkl3B8S3JsgVP27

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b92429256b2c1a46cc821db9c983569f.exe
    "C:\Users\Admin\AppData\Local\Temp\b92429256b2c1a46cc821db9c983569f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\b92429256b2c1a46cc821db9c983569f.exe
      "C:\Users\Admin\AppData\Local\Temp\b92429256b2c1a46cc821db9c983569f.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kankanhaoba.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67Civai%2F7Mbrt%2FLG68XUxuu%2F7L2osKLG68XUxuvA1r2owNa9qMbrxuu9qMbrvajA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3036
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2688
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2584
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42778bb2aa2c5bbfe6ce651b583e6269

    SHA1

    405c0e4ea716eb0a5d12e994c5d916fcd73acfdb

    SHA256

    c753eae0cb73b2cbdd1bc5d8605d145acd98c730921991839325a35a5d303efb

    SHA512

    0df10cf80b5cccbd0d716d81e57856cee964a26d906b42956bf8dbec0ff488e8c0762f69cf8437e9e01bad64f462bf4d8601bb86ad859dd98fae17bb4b49b524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2b5041794add9ca2fae8c70577a09b6

    SHA1

    f545a2cc7fcb65bdaea8f6cf3cc9aad80672b4ba

    SHA256

    6b7250f8cce9c6f5ecca6376d48276cc18567ca099f9199032c4254c32e73c1b

    SHA512

    9e3b633f25211851cc8c0c8bf1e80b2df5acc938c699e111405ff0eab0845f2bef2a21fd273b9a2ed308c62aa7e1af840b727c2f7af42c397cd570f1aae82e4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4403dec8c9e203f2eae4e00880f70da

    SHA1

    84053893549754d15cd3becfed48a672a37a7e61

    SHA256

    249aa0c8c31da96ae7f153ebccb013fc567533e9d47a3750dcae5746420e29a5

    SHA512

    c39ad8f9f44be486405229060336a9d7e1d109236b5705850f93f8e7542646bc791d6ff43eba1f5796613f73096b10228ffd0c88201fa9310d75e737349fa2f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aea37fab68de010bedd5be76a87572d1

    SHA1

    b1a957cecd4903670e1fd16053b7fb9e7cae3fef

    SHA256

    6329580f4a7cc29a9bfb04a302e56db8858af87dacdf8f52aa34d0552ec53a93

    SHA512

    8515f76eb7af734b2f64dcd95017a8cdca575eca3502f8f0afa142ca10a9a26e4f19e0f326d79e187ce3e1dfee9863418ba630f1f431e12ee62eb306ba04c2a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18949c9c52b6b9c4e6eba3c45e2c743a

    SHA1

    77d8d589eaf1d72bce41d74d7f94382503024da2

    SHA256

    21babd3eb8956d1ac6d1827265966e71e52273baa72c3d56289e4db79e8a7acf

    SHA512

    91a850ec2882daaf7a132a4cdf553b84e7e0ac92aeb741c8293c513da3d09387e3227e235dd8dd4e4b47a536d016c9fcfd595d9a470ca56dfae40e00dee126ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c66cdd9a2e3080b6b66aba08398308ce

    SHA1

    859fddedc5e56abf0b78820363766d424b0b993b

    SHA256

    0ce23b8f03cff886b5c6420fa685bec32d4602b7877e5226e84dd6958c4eea33

    SHA512

    3ae0a387fc15cc07ac34d55a8434a152d64cfa6c113ac656fd96f7edb387a842d2c3753ac4b1fab2bdd7bc9d753a8996cf2f591648c1a3b8020f7e61311148f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4111587d8f94780b25b9896bc5c93f6b

    SHA1

    678f99d2a121d966ca1a6b11bdcbce6f878c43e7

    SHA256

    a700ef9add6625cc002d1b0af98f0fd7840b66acd0b78dc1bda3a946a867ef38

    SHA512

    d0cf58076ac83774f5a589f289d030867c3274655ec907e484e15c5436356c0e2a2634e7ebc4a89580407f464ca1879046e59e9073082a3ebc7aad30069d2da2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a478663f00d63269a3abd7d2a11bff3f

    SHA1

    164053065ca24a309a944178209a8d957a4ba46c

    SHA256

    b69a25d94f08e6622232f22c4247ec1ad3b11d2801c335a94a61561840bc1ccb

    SHA512

    45d68312225b1c8e03955ab8d87042f6774f2d16f401c7908d9cb095997e898546e3f49d959dda4d9621625d921fac6cf12f2fd7dcbeb148618cb88a27430565

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94487477fe6729ed433570681c6dc13b

    SHA1

    f2f336a5a827266f27991978d5c5d9505b2379a2

    SHA256

    3a26ca7ba0c29ee80f4344f8153fb5542754e951ab6b720a9f5e9aa1539f1353

    SHA512

    20e93767650f749b63c90ea0d8dc3e6cf6308a0fe196ba285cbf4c34375401bb56ae82586e3388108d28eca8ecb85b738bbc690ba6652c443595f5bdb9a125e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d991f2fa66bc2c1a866ff7fde28105e

    SHA1

    6d8718089620e75bfb07997afedb12c02bdeaad5

    SHA256

    73830e11b1d2e6c0b964c288920ec06a9b70973412700de70371690838bef3e4

    SHA512

    0396c9302e8da31b556b905873e69c5c2511700518fcbfb148b6c6e107e43b7dfe4ae8905fa62a2ca4348b8dce8bf7944b164b6c7541abc880eb472c2d329b65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b85457c040e81f7c770447d05ad2ab8

    SHA1

    feef9b13b98a33971acc90418db24d3ab629829a

    SHA256

    711f223a048e7dba65c7151226921ee6104df77bf7c05e792c73773f997cfd2f

    SHA512

    88dc7517e88f7441560034d16b309d6580f8bfcf95729459981d196d30d9ab482bf93124859c2bf94bad800a41c1923d6008506d0e5c557ab542561a30a4d1f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74931382d3301bd12a9fc54c018680fb

    SHA1

    2742585b34963b5716c8bf6a2eaccab94a3dab79

    SHA256

    5e708dd0b184358195e86f45b17cbb537cb5ee5293a0e393cf1c8782cf4a5b11

    SHA512

    256c44e88b83c4914f0eca45732cee1db57dd58672d88b108dd75c77a0243d373d621e362dd4e361994562a90b5697d957cb0ab1dc173314de5facdb72015466

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e95d6cba555b308b9c38991cb9aa1969

    SHA1

    2034a29e839087ce6d73e206c4c4ce80c5668ec3

    SHA256

    c5425a4fd31cf8d33faebfb42c99fc1bbb4bbb52b9799f62060a219fc974fe53

    SHA512

    8783e9014bb20b1321e6c3d063b9afd9ddfd71cac301df862ab283defcae5d762c82b5cba507cd3239c7aadc64c868e22bc24c3366cfc8a43fc072309d33cbab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40e05065da72e7cef20acfc04d26190c

    SHA1

    b971b7bd55be496e40ea7e2849f0cde3868e3e46

    SHA256

    ef665c5dbfd62b01a91322fc8ddb45d3fffa43a1683d17dda53a296896b281e8

    SHA512

    33648802b03addbfc3f058a619a1c07e45610ff6c1ccb9c5741f355b57a8794e03152f0936bd6ec14dfbcb1ca798f7ca7938b8937488f017e229db9eb0b10244

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71DD37D1-DC9F-11EE-995F-5A791E92BC44}.dat
    Filesize

    5KB

    MD5

    627795dea550e86227274772a749bffb

    SHA1

    70276b0bc1adf732c5965f4a1be148a040d1d754

    SHA256

    143aa408a11bc771bf86fd040dc63f79abbacec7a67e9e680c3ddab1c90f53aa

    SHA512

    0e2edd7ae6caf1c60a46ced271c4cc37eab834053fc8621f97a02377dc138e123347ec5764cfb436a7848510d0f1462a2a41b00e80820593f884a6e46f070c69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar34AF.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2044-11-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-4-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-6-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-8-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-10-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download