Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
7first rele...am.exe
windows10-1703-x64
9first rele...or.exe
windows10-1703-x64
1first rele...om.dll
windows10-1703-x64
3first rele...x.html
windows10-1703-x64
1first rele...4c6.js
windows10-1703-x64
1first rele...ff5.js
windows10-1703-x64
1first rele...6c2.js
windows10-1703-x64
1first rele...139.js
windows10-1703-x64
1first rele...f4a.js
windows10-1703-x64
1first rele...3ed.js
windows10-1703-x64
1first rele...2cd.js
windows10-1703-x64
1first rele...6c6.js
windows10-1703-x64
1first rele...927.js
windows10-1703-x64
1first rele...563.js
windows10-1703-x64
1first rele...d05.js
windows10-1703-x64
1first rele...1cc.js
windows10-1703-x64
1first rele...ffe.js
windows10-1703-x64
1first rele...dc1.js
windows10-1703-x64
1first rele...de8.js
windows10-1703-x64
1first rele...ll.bat
windows10-1703-x64
1first rele...ver.py
windows10-1703-x64
3first rele...rt.bat
windows10-1703-x64
1Analysis
-
max time kernel
101s -
max time network
154s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
10/02/2023, 18:45
Behavioral task
behavioral1
Sample
first release/client/Dream.exe
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
first release/client/injector.exe
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
first release/client/vroom.dll
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
first release/dashboard/index.html
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
first release/dashboard/static/js/app.2b8ee4c6.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
first release/dashboard/static/js/chunk-032c9c15.2ef02ff5.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
first release/dashboard/static/js/chunk-22405cfc.f311c6c2.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
first release/dashboard/static/js/chunk-24a3044e.8621a139.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
first release/dashboard/static/js/chunk-3eef3288.862d7f4a.js
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
first release/dashboard/static/js/chunk-4e17a028.12eda3ed.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
first release/dashboard/static/js/chunk-68855d7b.29aac2cd.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
first release/dashboard/static/js/chunk-695025fe.a88436c6.js
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
first release/dashboard/static/js/chunk-a69d7bba.1c4f2927.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
first release/dashboard/static/js/chunk-c7105d2e.9ab0a563.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
first release/dashboard/static/js/chunk-caec2872.8d3ccd05.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
first release/dashboard/static/js/chunk-cf066fea.108091cc.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
first release/dashboard/static/js/chunk-vendors.9ba20ffe.js
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
first release/dashboard/static/js/group-admin~group-tickets.1919adc1.js
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
first release/dashboard/static/js/group-tickets.e2727de8.js
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
first release/install.bat
Resource
win10-20220901-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
first release/server.py
Resource
win10-20220812-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
first release/start.bat
Resource
win10-20220812-en
windows10-1703-x64
General
-
Target
first release/dashboard/index.html
-
Size
65KB
-
MD5
e5dcb26037864fc566bbcda10ccb0e1a
-
SHA1
46a8cc89002d56e8adc99b2926288e760a3e1cea
-
SHA256
93ff430da563603c4456331915b838619f254aa9d0d827d623a5d2ad6aa2deef
-
SHA512
99f3ab876b7e0b7e67975cd827a47c4bfcc0182c0b696a2b4cb1a21cc0a98ef2436112b9953a876c12b189085791d1eab3b3db5d303c8efd05e6736ac05b930f
-
SSDEEP
768:ZVHDzuDYrUslKetSgSHSzS2EcQehnSNKLA6JTKedP:/WDYrUcKeJEcQesKL3KedP
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30cb3173883dd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31014280" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31014280" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1778273324" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382823352" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1627733827" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35c91f5a1c87c4182fb2e88ef8499d20000000002000000000010660000000100002000000049e92319abfaa16ae691e50397555b08e1726000d8e0e79203550c5770d48b95000000000e800000000200002000000061157aac85c0136e080a8553b913d27c89470f4f917de28f6fd6e3436d71d27a200000003eb068926a20a53be0ee237929fbaea58c7f01cd35bc00dbdc9ff4ab2f2d2c2d4000000042f22ecc75ed265e7e3eaf37b6b0b9b94cdd0745a49dc589b9ad77ad77fb2e1ea90eb2de0b07c60e974b5e5e04995d9b609ca3652037f721c3c96f54b38fb885 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1627733827" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31014280" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0fed373883dd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "382839959" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A080ADD-A97B-11ED-A973-7A36BF7F232E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35c91f5a1c87c4182fb2e88ef8499d2000000000200000000001066000000010000200000000a2d04d86b6144023e642ed4a499fca9a7ec1570ea21f0212ac23650ea219769000000000e800000000200002000000050fea502c59bb52aaf9c5114f3eba0f0de4f4ad3aeec818925e8aac29f541d3e20000000e86bf0aaba46716723a6778a2d343e5cd1ad5f5d9d327fd0aeccc9078224d70a40000000e493497cf1f16a9e48ab99a64ac37ef88eeba6ce5b8b62055be9c112197201b2393de0b3001187c801efe71675d27f16837d62ac5663add7a5f3aa8eb1d4965f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "382871937" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2196 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2196 iexplore.exe 2196 iexplore.exe 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2544 2196 iexplore.exe 66 PID 2196 wrote to memory of 2544 2196 iexplore.exe 66 PID 2196 wrote to memory of 2544 2196 iexplore.exe 66
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\first release\dashboard\index.html"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2544
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD51817d9f8c83af5a97f742f07f32fac7e
SHA1fac61ba5502036b356304703939a905467a7bd04
SHA25607448a3b03c29db66b8782361cc553ad689bc75964c8070d2cd795d0c03f5268
SHA512b9a071c1eb497a26f837c6826b6c7372cf1403d68a8b7adf1251f069492ec1539199303d13fd46e2fb85692b193ab87492624ed34a51b9cfc92d67ecbd638686
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD54f13b3a850ebdf2e0baa5113e6353a79
SHA198e23fb72a6194a08396aecab7537aa7fcbc6539
SHA256dc84ce119d7e4ae84a5b59c59537cf19f9976e53ea8841332e1b374c734cf4be
SHA5129fa1d8c5c612bf0bb9200da2fb707f9ad2ddc3663e46a55cf792250dff6fd6e6ba8e7191cddbe772eae06e6231e157fb49330ca1314410a3a6a2b8f0d1075399
-
Filesize
611B
MD56f2494022090814ac97e38e2f0f4b18e
SHA1413d20a5f6d204c3d6c1def0942804c419fdb3cd
SHA256c6e6761abaaa7747eef71948621bc332841eb7e3d331a451eb6e5f3d22acff4b
SHA5122d9e396fbaf46b1deba117798ffa9615894f5b928688846b049f590cbf4485b8ca0d44a8a0f4c11bb12f5a25ca0c8c4c6546f3ef12c9d5e85157d32f59683c58