Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a7df73fe92...18.exe

windows7-x64

7

a7df73fe92...18.exe

windows10-2004-x64

7

$TEMP/rjjmanpw.exe

windows7-x64

5

$TEMP/rjjmanpw.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    145s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/rjjmanpw.exe

  • Size

    128KB

  • MD5

    c8ad9f49632247cf36173e5c6f225882

  • SHA1

    1bda98f1c454db6bb27ea50d6731a9034f588758

  • SHA256

    f0e1a2a2c83d352691c0b5b2ce9c53920d3a0457ddf20e3648b0f01ed2d24215

  • SHA512

    aad1232869c55e09fda2567ff979631102d217ba7245b35f627d805250b0497fc3c74fc8e2d3938c452abe4e7a2311effa0316fce9f7c8c0a030d44b0a99f6da

  • SSDEEP

    768:rwhdQoTa4JZw4DCLUhB7L10lrPGQYhn6v8iQwUGGdupZLOsguUL2aERrNbakQn:rw8oHJFCoWFIzwUGGE8DuKp+a

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\rjjmanpw.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\rjjmanpw.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\rjjmanpw.exe
      "C:\Users\Admin\AppData\Local\Temp\$TEMP\rjjmanpw.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1952
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2068
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f95eca4e3a659b94c0f4162b97208657

    SHA1

    d3f57217895aaf7ba6ccddc620b405b212c9a7b4

    SHA256

    bfd3eded0e0ae5e8068b3377ea97b82bf5b29c7f3839fe4e6a4849c82063a885

    SHA512

    170a32510a6ed7ee739fce0a0e3518d967da7167f8a0d04f5a6db9c296fd766af87895c8545252e952023344124f11e4a643da5e2b028cad06c435fd023e1143

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c6adf9255fb60853e9eb6ed9dc7f09c

    SHA1

    ddd66329aa1324899e05951264161e5481ac43a4

    SHA256

    9c1326754296ba1c0d7f595d69df0f064b47b38287b73746f1ce75a583818209

    SHA512

    969acc3c86c3370cf8925d21898167218b9c1f5c229e2293ac64b5c421df603c1f8e9e52b53c8f1b74de14489294573c49a6878687c6d2de76e0852226e50d6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e735e99c4d0e61d962c3eb2090db55ca

    SHA1

    5881b380b8c41e2eee98d374a89ba2a8f6979fa1

    SHA256

    4031ef1fd852a605268d284c64f7a4692786e21138d6b0721b51971f590c4ccc

    SHA512

    fba44f7236add8473275e3dbf3544a2a68729d2202ccd3361a75920a1e41ab157728f48ddd1af2fdf626e92e6fd650dcc6adfc9220e9422b87be662799c67628

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aec2eb871ce8afbc30882ef954b87bb8

    SHA1

    510b9b997f6cbd2dd79d3f7da0e7bbcc9c8ff7e1

    SHA256

    127cc391caa851a67e69388db86eb167a5548b4f17ff32b2737cbdf1de6e09f9

    SHA512

    ed73a9931b0829c37bd810bfce0c7a7932ca4f64055169ee4521a23289e5b144f571b3d596a27fbab4bf2f16e7d57be1027df5f5393feb38e3b6d8900be4a523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87c5be79a5345f9e7613cccaa0de1037

    SHA1

    89d1021931e02b33492c87bd169806c1aaa600f6

    SHA256

    d2ded2dc1c111884f7f643eb8b71fd30aa59ba64a9c1b85144337b2b3d5f5d9d

    SHA512

    818ce745fb747cd61a77f4123547fc11e43f4c867a8fe9a4b0a829b9456a2328edfa894fc2b3563b4c6c7c0f1bc79fc64604d769cbe2777930309bd0d0312112

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa6012bd58b27cc936bf75dd8b8ca118

    SHA1

    226cf61b7a4c2289667ff5f4e9f3cf86cce5d7bb

    SHA256

    202a7ce5a7c19b46b77170efbe63f66b1be9fa1e12c2b1b811f02cb72ecd6603

    SHA512

    02959a5e7d38fb5c8b3cc42632bb500a54e6818c29ac72e5b24b4edb8688d622c1ed8cab26d5a11ff8e8d34c506dcde1756ab8f981e2fd54df4d2e1d1b2b44aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a551475535e68c115af647e42fbbbc4

    SHA1

    5b842bc3eede38426835c4a11a858f42ea615b26

    SHA256

    44757478e37942862ac07c5648f282e691f5115d7542efa9bc60522216b1edbc

    SHA512

    51853059193ac8b0efb8f1def7178f7285f21339b5c6eaa259feff387721347cd713af26f7da671a8e8f61846d101b849194cca581178733b2c770a2e5b83ca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    944873b5eca8e2cb566f937371c4a169

    SHA1

    6069118176dbdd919c5900fbbea44de0c535c4ff

    SHA256

    5720f753d5126ec1bb5ec567be52504d35239423b7f344c758e5a97040cb8af2

    SHA512

    e15668a830fc1dac63e1dc6a11bdfa6045097091016c69b2759e820620992760fed994c7d23db974f8fc7395a3e9becdaf50045f00ca99558de0e4e3209cf88e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1244574e6cc3e883c1456b5dd2f11cf3

    SHA1

    bc7fd9d8a9c80c9e9609aa0452f6b782b87cfb4e

    SHA256

    4bc82d3f549a5e7f4726566f2f12f15052b7f135da788e95fb2fa34ad00f0e2b

    SHA512

    5f6fd75f45b9cd057d2ad2200dcbbcd0bc92fe24f48eca5c01b89896399e4e533864814074d2890601073d3666a15654ce1527155955f78a72415240bb4556b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a7cfd83c916e5c87e8ad1a7797a5dfd

    SHA1

    fa10b5642d378b1a1edf4c613424d8c39db492ee

    SHA256

    7a5d73af86fd67938bec42bc78e0f24fa774ebf49cf8e22882c42be5b70ba355

    SHA512

    f4cdff780a4607297523bebd64a6dd4085b7265ea2b97db4b88af2e4c470fe13a406df89667e3474178f5639efa578762fcce4e61c6db326444353ef161ff541

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8afc428e3b8067b1caafd2dc9f72c90

    SHA1

    dfe9867474202f39f4e57fa60751d435b07e959d

    SHA256

    b219542ba6ebb85b177bceb7a0c24c249e32e69ca8970a6773b2bbf1a1918ef5

    SHA512

    ba1d5b3349e55ce85256114069a6ab001ed8ef517be56932fd2ae610d05af19da53ed99ba6b60c4580eff881180e8ea3897dddb4370d5d67dacb96d9efe64778

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8b0d289629c36e2214cb7b50950f267

    SHA1

    30a19d4118311015affa60f0a1c60ffb544551a3

    SHA256

    e90d15f43d6dcb8b75fd11075f1091a3a35efa6cf7e66378c511d072d5cf5f25

    SHA512

    d9f624002d6a891d8b3dfde2b51cca1644f0861c86150179272a42b610c18793ee211b1c3bfd5ce2a64e3acf49a64dd13ae1d8660c2a095b5eb1afd238fa60e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6a07c5e7b748eb93897dbd9dda58900

    SHA1

    16e80237862e55dce954ece56b9fabe2920fbda6

    SHA256

    cd15f7fab5ae82f292b7b0a87cb2d062b57c31676d88171e965ba5cedb490919

    SHA512

    c02afee9d8bac5f44164c258464479031d60d57780433f45161190e141de956a671c1dbd177753d271f4700cdb7b95341447d94187d9b4773a78118161372e05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92a1135bac3021f09f5786da05b32e34

    SHA1

    75279637762873f2d0a4a4f0d0d45aef705a81bd

    SHA256

    72a9da1b87fa74c13a86f9f102dc4c435c7d5ca15ab883562a4d66ec47f90a3a

    SHA512

    50f53ddd4e95a1cf24856d1b0c7d68a34d978f17534f3a847072c4a2e8f8bb4b8523ed8d057b88e7a24732ff757effc060481857f5808db81fa3b9c363bf60c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f38fd50c53e8efb23bfc720be177b555

    SHA1

    1938b827573144788e7bd5ba81c930bdca5072a8

    SHA256

    e38c4f584dc4e6d2efa860dfc26a4d3ac3185ad9fec081a3520bb68a4a4e6b38

    SHA512

    8a6be3c46a31ec8bb70cb0f0556bada16dbf13cf769f5287f5a5c4d16f54b2b9cfac5991e7016f514ebaa3d60622c677fae34a0e5c2d0b1515f251eb61a1e8a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f3cd82194c844afdede57f396627c18

    SHA1

    0ef8b60e7d57eb2f477aaf8afdde555f0d90d1e0

    SHA256

    3263267aaf1dd81e7cfc8b6763dbe36dfd7731443e496db421db571cc2d9d193

    SHA512

    723582bd55a5b266dfb158b1064e799f3ca8bc310eedf2d2562dfd25181cb5071c07c3191e0816b6a451cd7e1ecb302a2ed1e51a5efa17bf8ffc1d88511e6f38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a14d543645497cdd184aabbfdea69a63

    SHA1

    056b598df4fa394986f77a373d0a0d926627823b

    SHA256

    bb3edf3f94adbe209ec01289a535db297e4c7856c399aa81dc4ea352313ba7ef

    SHA512

    e8f2be687b4bb30bfaff9fa48a378f1169bd2a9017ac8cf31ff51c6f647d0c8b9ac7933d97fafa51120cca28dc1c65b89ef06da650ef293e582cfd30651918b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd033e97bd64f9ee8771d89ff7694bef

    SHA1

    43fa572295a41c1cd181709e471873b9fe313ac1

    SHA256

    7e97cdb7ebf5c9853004dbc49f2875152591756a74840214851b7dadaa000c2d

    SHA512

    6793ee969e3b04d9745febcc6d9b7a782c764ffe8858a79b17f4f9c4587cb546e3c50f6c28ef0f4bff8fcaef66ef67fcf296d2546140d78346f6f5e739916d12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    651ae1238646e8f6fdf6491c5dc64c18

    SHA1

    fdbac7149b5bba056e7bcdf25bdb3d34ce1fb54e

    SHA256

    d11c4e20ecc903a2ed6aa1938568572a9748638a45f9f035b7fdd3f9c9ad148e

    SHA512

    792d31eaa20907cb25b8266847c6752f3864af66bb91f59261fdc7a6986b83d76c25d30a9cfbd3bedb6ec2c6baaaa2569ea6f54809ff6c9a133cd9a40edb6567

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a677a5bc354cf33b67a788ddbc15ae5b

    SHA1

    385426e4cc64b0cf71061f43bf3b81c9a1187963

    SHA256

    552b6ab368247f4a1452743dcf5f3f17c78f554c891336b94055f5082798f60f

    SHA512

    2eeb1daabd85a56dd2d879a33978f331e86e8a836b7a9d6930fdddb729234e2f5869c5eb484d1abb3c301b84b0c2c2d59166c5ec6218637c7a2dd1520c2b874e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab986C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar98CC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF17CD17722D02A296.TMP
    Filesize

    16KB

    MD5

    b8adbadc90c2e277f5f85519f86458c1

    SHA1

    9386106c080288488ddebf2e9628e31c2e84e450

    SHA256

    651ded15943331472ece483b071586fc916d536c3df6303a524503d2f137eab1

    SHA512

    c8d35a50014c0bbfb543fa6ccf5ec3e5f24207be1d4644731eb80019904d90b8d39f075e14b58b5c8f31afcca8170904e7f6e7f639530c7f956735432104d120

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
    Filesize

    3KB

    MD5

    deb71048110cef56ad9ca21b56f02bfc

    SHA1

    187af18b9751c2b994e38100c4736ed37be703c2

    SHA256

    874d36cd489cb909b8ced323039bfa171ad3ea714551d37f820b44208608389e

    SHA512

    f358d5584d02c75af6cc3c9a8ee8333601b7824bab020915b73ad8c556c584890fae2e85d91dc23e248bb702bed2928e134f36be40231792b8bb67458427c188

    Download Submit

  • memory/1952-9-0x0000000000280000-0x0000000000282000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1952-4-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1952-2-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1952-5-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download