Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://yynnlcos.pag...

windows7-x64

1

https://yynnlcos.pag...

windows10-2004-x64

1

Analysis

  • max time kernel
    261s
  • max time network
    277s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://yynnlcos.page.link/tsCrXtgT31HhfEt79

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://yynnlcos.page.link/tsCrXtgT31HhfEt79
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Windows\SysWOW64\msdt.exe
        -modal 655700 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDFE19B.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:532
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:1660

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      340B

      MD5

      0a320d7a7c77822e91d43a2d831eedf3

      SHA1

      f06640c78720be09b5c2f449fe19e324f830899c

      SHA256

      d4d0175c7472be30e4a22cedaf1d53a67efac1a8248a51eb9b2cabf4d7873385

      SHA512

      1423407175e9b26313f953601634ecd96bbc96efbe8b1311785dee2fdfa4d57a7301642149dc4c4b503897198c419ab816d2c384cc5233da0d6fc276d5f4db25

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\NDFE19B.tmp
      Filesize

      3KB

      MD5

      1f3e2a24366fb6eb04cdb4eeec15197a

      SHA1

      5344ecb7deaa62c3711eccf1ce9a06ac8cc78c01

      SHA256

      4e53b210f87a837b1336bd5349bab32c69f881f06e06916d20ae9895b1de64ee

      SHA512

      59e141415ee1c961164a5b5341e5535b2b19b9b0edd34dc4b1153d0d74722b1a1039dfae636adec77b0b4c89ea4a25e21fc0515c5c191fb14d4de02e2bf7433e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6N6JJ1NM.txt
      Filesize

      603B

      MD5

      b8e1aa1d255647be92aef821248e17e6

      SHA1

      e0d6ecdd152edfd333b10e424d566756cb687562

      SHA256

      03f804b0c9c9346d28288e815ded0e5044e58cbef192ae1d37fc15598aace148

      SHA512

      b8fb62bcacaf32613349eed9f9f7dcd2f03f18869f8b752bf2ebb5276c5ee3cad3007a170758b38f81be7baabaeebd6cc5582376863888594ddc15daf1e9793e

      Download Submit

    • C:\Windows\TEMP\SDIAG_7cb8ddb9-536a-48ea-8f0e-6a45e651dd1f\NetworkDiagnosticsTroubleshoot.ps1
      Filesize

      23KB

      MD5

      1d192ce36953dbb7dc7ee0d04c57ad8d

      SHA1

      7008e759cb47bf74a4ea4cd911de158ef00ace84

      SHA256

      935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

      SHA512

      e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

      Download Submit

    • C:\Windows\TEMP\SDIAG_7cb8ddb9-536a-48ea-8f0e-6a45e651dd1f\UtilityFunctions.ps1
      Filesize

      52KB

      MD5

      2f7c3db0c268cf1cf506fe6e8aecb8a0

      SHA1

      fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

      SHA256

      886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

      SHA512

      322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

      Download Submit

    • memory/532-57-0x0000000076711000-0x0000000076713000-memory.dmp

      Filesize

      8KB

      Download

    • memory/532-59-0x00000000708A1000-0x00000000708A3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1660-62-0x0000000070220000-0x00000000707CB000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-64-0x0000000070220000-0x00000000707CB000-memory.dmp

      Filesize

      5.7MB

      Download