Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

image.png

windows7-x64

Analysis

  • max time kernel
    99s
  • max time network
    103s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 11:33

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    image.png

  • Size

    43KB

  • MD5

    40d95a52e17eedf66f4a584d59eca648

  • SHA1

    1f0de068125bb1e82ed24915a6eabe3afee82c85

  • SHA256

    cde0b8ad40ebce1e66b1fdf42e6f6af355ca213b3a8b5018b64f62a5d582b6ad

  • SHA512

    d32455e174f52891912fdaa825429908adb4034a9a860d36915e0ffa90de5255d1aee19d0e30020b42c5514a87a4980559c0432b42cbabb083d1347f2cba2700

  • SSDEEP

    768:y0yjtIOYocrQh3CrUh4YfryHECNobCuJz0nNH/SeoK9X4Bjq25xGBVxE/Ge3:yLjGOurg3CriKhybCxnNH/vo3qAxGPxo

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1492
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3016
  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:984
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:600
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x500
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:712
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1096

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        10873d62e26a0c6f32d0f518d13b4aaa

        SHA1

        4f6f28b96af40191a44685e77b2862119563bc32

        SHA256

        c6df6eb514f8b39097768613b5c72e13033064070df057d0c7b1b89162124f7c

        SHA512

        6dd86edd8cc545fbde5f8abf835855877c6ca7d8fe0f9d2a96fd80aedb4eff5632cdabce1886530bb653eb043582d0053c2a0308e8b5f9bb32dcd6b10044c891

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        6ae6267b1032454626b4182064035015

        SHA1

        cb8055197edf89dae8cf762b21ff0c36363574c2

        SHA256

        eff45fb91c7b89151dd824c2ef43fcf6899e7cfd6852119b9390798be1539a2f

        SHA512

        f672e3a77ade0c0cebcd2be2c7135fef4e5af8d6023bd06947129068cf6735b3000520f6df9d4874673c80191b3852bc2203329712c28be64c9f6a31267e86b7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2736dc73d6f5c8efa3b4af1975ddf216

        SHA1

        ba1d0a111a65f23861911a8613cea14516aeb856

        SHA256

        bafd218d4c264ccc9d2fab016d8918c4b0e7d4b1bea0b293e8645b69340864e6

        SHA512

        dfbf07962754ccac3ad244322c05cade523aec93c74331c63924aa25123600078bcf4fb1c7cba72c2c23d8c2c906f9539d4be3f076b72fad589927a6a38f6f68

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d5ea3593bdab31c8eae1094b86958014

        SHA1

        cb94c59e141201179277f432fa8f67531f5a50af

        SHA256

        4a334916a52be1e3fdac0418c9813f3cd35843051869c8aa8e41b179ef8525bf

        SHA512

        bcdbe2c74bd94a2bb5caf6405eb13aa7951b5f3c528d8864eee489fc485644f793a68f525c8a3f6b9e31d8ccb3696f67ef0f05d7cb42b38d40159f826447ed1c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        471b816e612ea714733541b694339e7f

        SHA1

        828565277ca7135bf65f1ded738f5a148b3d71aa

        SHA256

        7b0267953339c6c91cd8ecca5aae9953430c7bd1f28382557ce756a597cb0aa6

        SHA512

        94727a248712101971f7de84e2c9a96a3484c52171daf331ed01167479b4f24f166fb06b2ddd2c766d77e4cc35d127e2f8886da278c9b1ffc75a3731c3be6765

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ab1cb060a547626e14f33d8afa308758

        SHA1

        3bb27c09c73c6dcb35ad1fc7fc7082586bf32af7

        SHA256

        9da58f8273088fe31511b8b48e6ef657c357eba74da4349ed31c377cad66bcab

        SHA512

        aa2a50955e2ab7d35be7b7dbc6751398d1cdba69860a8fb50663be2cb7b3fd93e5ee703c3f481e3a7c97804d5f38105880535c6eade30dd2fa48dfb4b92f9757

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        a29de91311ce33ef692e12429f0f8f21

        SHA1

        cfe00e17790e2632ad64c3d0b716fb532df91c45

        SHA256

        b1bb3bbfb5cfd450c95eed0bff54fb06bb5175d514ecb63b9deb5119ff111faf

        SHA512

        d6ef0c979ae8d954873c83160758517c573757f4e49b41024f996d62808a9b1ae6cf014f1a67495f9e7bf51b9c660811014bbbbf4c6b23021975f9858d92265f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabA3A2.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarA47F.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • memory/984-439-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/984-440-0x00000000727CD000-0x00000000727D8000-memory.dmp

        Filesize

        44KB

        Download

      • memory/984-451-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/984-452-0x00000000727CD000-0x00000000727D8000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1492-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

        Filesize

        4KB

        Download