Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

http45.151...xe.txt

windows10-1703-x64

4

http45.151...xe.txt

windows7-x64

1

Resubmissions

24/08/2024, 19:10

240824-xvmgnsvarc 10

24/08/2024, 18:56

240824-xlh3wstfpb 4

23/08/2024, 11:21

240823-nf4mza1bqc 4

23/08/2024, 11:13

240823-nbkz3azhrc 10

23/08/2024, 11:10

240823-m9qsjashrq 4

22/08/2024, 07:12

240822-h1kgyaxfpj 1

22/08/2024, 07:06

240822-hxesaaxenm 10

22/08/2024, 07:00

240822-hs54nsxdln 10

22/08/2024, 06:36

240822-hc93patara 8

22/08/2024, 06:32

240822-ha293awfnl 1

Analysis

  • max time kernel
    55s
  • max time network
    57s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/08/2024, 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http45.151.62.96setup.exe.txt

  • Size

    29B

  • MD5

    688fe12c2f39d3d739a04e6c89b1b22f

  • SHA1

    e2ea25ad47861e77b912026839666d3a99f5c90b

  • SHA256

    35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c

  • SHA512

    f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\http45.151.62.96setup.exe.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4236
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3736
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:3884
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4020
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4028
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4960
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\63PRBD0M\www.bing[1].xml
    Filesize

    1KB

    MD5

    c6a6502bd95f9ebcd7d4cb916e78771b

    SHA1

    0b30f7a1cf5ee08b7ae574e352d21bde08c50b46

    SHA256

    b7321b099ab19aac9922d90026581aa330101160f37bf7adcbeb49d2961f13ec

    SHA512

    9860af7ee9ad9db8adc95ffb6ee26f7acc139acf7c92adeabcab36cd96e92254196ac4b58094ef4b31ece73b9d5e7fbca69baf63f92e0d6dc1ef95bdb431d015

    Download Submit

  • memory/3736-0-0x0000019D7C520000-0x0000019D7C530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3736-35-0x0000019D79BD0000-0x0000019D79BD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3736-16-0x0000019D7C620000-0x0000019D7C630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4028-45-0x000001FD4C500000-0x000001FD4C600000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4508-87-0x000002725FE00000-0x000002725FF00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4508-137-0x0000027270A50000-0x0000027270A70000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4508-132-0x00000272705B0000-0x00000272705D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4960-58-0x00000198424E0000-0x00000198424E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-51-0x0000019842430000-0x0000019842432000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-50-0x0000019842700000-0x0000019842800000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4960-54-0x0000019842460000-0x0000019842462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-56-0x0000019842480000-0x0000019842482000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-60-0x0000019852C10000-0x0000019852C12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4960-62-0x0000019852C30000-0x0000019852C32000-memory.dmp

    Filesize

    8KB

    Download