Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

Old-TLauncher.exe

windows7-x64

1

Old-TLauncher.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2023, 04:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Old-TLauncher.exe

  • Size

    4.1MB

  • MD5

    f592e97f080ae5d323cc0ce2a329a949

  • SHA1

    fe998bf6f2f5321af9f756a7a06a01290a97c55a

  • SHA256

    5a00afa820039b55d570d5cbdae0ce1167272d314592ad9e951257755ea5bac7

  • SHA512

    21b7e4699b357c174288defcae979ad20fbfe83ce56becfeaf44f27fb509c562962a0b61c3d70cb67b07342a393c77547ccbb83d1687cc36a1669151d2fe780b

  • SSDEEP

    49152:hoQlo2tuEXgq23ttxCpG7szUMS2h07cNF+zNCkweZQT/nmDHYkmMhOq2zSxxAy:hoh20Jq23ttxH7szY2y7G+zszcv7oy

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Old-TLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\Old-TLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1272
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f665684b4dd7eae57d5373f34d14394

    SHA1

    9a92af8a00603281f9cc2960145aa8d531be17cb

    SHA256

    bf20ec74977f5e0bc8b8efdbf0e77730656fc191469fb533ddadeed27a91d2f7

    SHA512

    85ae8cc32c13a97c6a25f0366e9008ec8dae4dfc506f39c27b555d5c2384bee08c71cad565ebc565da30bb8ddbf5a88aae6c288b58ddb65c4a03e27d145bf336

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a1f5ec06a6d368e08aa4023a0a3a05f6

    SHA1

    4ebf411d3435fd5a81ac9d196fd0a86900634a38

    SHA256

    acb4f0fac9ad137fb21b12254cad0063efbb9625bb69fbc50e0243f49c15a79a

    SHA512

    54389fa51f6ec4b5cb61807b87914d7738f811215b36704155f45a5f4fb2b6b57c21f816cc7df748a42e44377dca2cb73d97715e34e1da5df7720ae9b7ffea4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c77b4217ffe83b3344508de0a1cea5fb

    SHA1

    2de052d28168c62a54b9717d253636f58d0629ab

    SHA256

    6202f7a614e90d51f8a2c531fef4abf4a20b388e544aef7307b51cc6ed6ad075

    SHA512

    7a0d5454639d004c6e7e46a8fd95e61572d23531a8a808e4ebb9732a44c7b690884a7dcd8c01904687ec3efc29b4dfde4912d5405bc3329b3968e86cca2b6906

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d3c4f1bbc970c185fb14e481d15cce15

    SHA1

    4f4b8907d38735f43a90bd97a95854a02718fbcf

    SHA256

    c2fc0d6a3ff2782806b1e497fb450719ee906d6db5c07b721f2ce95f84123a4e

    SHA512

    9eb1cb330abc48f6e6826d0e2f6586266062a0d0749f886503c804b3516d5585318e8ff056dae93017e18349215aa4c6f3bab88e46cb8abeea6e6ec967995f97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e2eefdd40d54ad27b3a0b0eaa72bad07

    SHA1

    205ad07bab4ea5e183a866623e68fb5a1938562b

    SHA256

    14aa39ed009d6b0a1a40b8c04cd2d8212a2ce21fcd84a559e6bc2ab58868afe8

    SHA512

    d875ea33e7ac6c867d6bf5a8fb0d6aa09dae504f5de8f925a4380273beb53bc58192e41b9960f9f2fb6b51e257da12556c9ce09fbe4c0312c28f1ab3ee9396af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2d7fff66b1bb62675eb405021e745e54

    SHA1

    6eb93cbcdfefa1157fd43b95c4135d54a142ff80

    SHA256

    43a8b91af1a31cf156f099c02f15820d03483b1269afdd3e6f2c5f2d0d8cb30a

    SHA512

    7830b4990b277ca0096d945ac010dc907627727eebb03787c2b4d2d50578621b2332f5d30cbc30e073a16a8b6a5438b0efcb18459c4de3121b04b7569534b344

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4ef87351e46fa8eb12ccee46dbff4c8c

    SHA1

    14c6fb0a1071b681f0054466b23787905f6e05e5

    SHA256

    5be2c3a2f855024929da7c7e1c2019dbaa89f144255725d70113428933b790e7

    SHA512

    8235f730c76c3776525b12b0d340438aa68396f8bc9197047ddb87c52a1a26ac87f6dee029e3751e820f6b9c55d35a9dba4cac7b5378488474a579576b5cc2bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7a4da820ad2a9078188f877d9f73f38b

    SHA1

    869960373236749e963af276cef34d95b8c71e1e

    SHA256

    2e051abc7b635b04bf298de374e0d3578ae6fd4c2c35bc3ed2fd786180961c36

    SHA512

    4e0b6f3fb5a9fc7d0e4012446da398c96dd175c43961cae6f50eb15a7ab23a000964d6c0671be5d4dd5769b4c6aac65b7c518d6765e393563c99cc163ec71cea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    24fe841e60a9f75e5db6938e8aff2bd0

    SHA1

    4928605a72b1b50a570a38ec6903e30db46179cc

    SHA256

    424e44ab69d4548c4665e783c5d64db37b9fa8c70a394f6db5f2f30ac8af2186

    SHA512

    aa95f671c69bcf31c733209a2de9ceb3650cfa1ada0a7990c6e0bc29bd1cb30bb1fb1667346784aed0d058f01b76f07ba2c2727142178cbd4ec6b12fcf49ac6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8e79c097fa347c1e5ea834024830559d

    SHA1

    30b4da5d34b9bd5388e51349e15de032a8ab3d6c

    SHA256

    69e67fa55a9b09146f3e50b3d3394aeac1d532d534f2769cbdb1ba6259aed4ab

    SHA512

    f5ade36019bf45a2991f64246722e80f2222a3131b4eb50c5c3fbc7ba104e17b0266856b0e5858691231f486f5bcd4a76d6e9d3f749c1234721d23bd2dad6ce4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\idyde9r\imagestore.dat
    Filesize

    32KB

    MD5

    884e79e1923912e112e59109f337c49b

    SHA1

    b032a87e7e3e9a3bc443b8654ac6ba8a6d0994e0

    SHA256

    30e5e96ba863d7aa53b309b0858e5d7c551746bf4515f3824dc71f999576fdeb

    SHA512

    9b205512b2debd672df4c2f193c8b5de6de1cb6920da0398755835f206bdbcf522a129d2ae7e7b8e5fcce0065ace0cc7711cde13b7f0bc4619f5270a741de2f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\favicon-196x196[1].png
    Filesize

    28KB

    MD5

    a75485f99fd7e589f7a784e87c0eecf7

    SHA1

    389cc19d374a79ad9779fc0b4165a36b84d55554

    SHA256

    d38a40b5fe5403a5b6d0a3f6892c99718b31c9a62d3287c1c7292d7ed36ba44a

    SHA512

    3f594a05e0e6809d47bb1c3d016ae0374b452c0fc6d44f27bc8be447f4dbccdd795e67b5e5356356732708b3ddbf65e1b9479fdddd1ba965618dfa6eed93e11d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD369.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD368.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD4A8.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HEZ5FH1N.txt
    Filesize

    600B

    MD5

    ea9fe6e310904b1177a160dbae5c653e

    SHA1

    19ad976a4ab424f1eb00165e4c468c68eac36498

    SHA256

    6223f9aaba05eba44f84bc9067b5ce9866262102601153f07f007928b0d94d0e

    SHA512

    bfc1b6261231b6c34a7331e1b2193fc982f1ea6e8e16b90ebe980663a2773e58d784a61dea7c45d162444e5b4c00ab73cf8182ae6ee14cf8c7b7ae3ccfbbab32

    Download Submit

  • memory/1348-54-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download