Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Payload/Ze...roller

macos-10.15-amd64

1

Payload/Ze...bImage

macos-10.15-amd64

1

Payload/Ze.../Zebra

macos-10.15-amd64

1

Payload/Ze...s.html

windows7-x64

1

Payload/Ze...s.html

windows10-2004-x64

1

Payload/Ze...min.js

windows7-x64

1

Payload/Ze...min.js

windows10-2004-x64

1

Payload/Ze...n.html

windows7-x64

1

Payload/Ze...n.html

windows10-2004-x64

1

Analysis

  • max time kernel
    98s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2023, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/Zebra.app/installed_files.html

  • Size

    721B

  • MD5

    1a221a25114ad48a19b0c8f39d846e20

  • SHA1

    8a6fd7717d5d9d3fedcb0b8e056daf948f4ddf0e

  • SHA256

    338e1888db08d89155386a4bc671b26ea6f90d18fb744d7acb6a2cf5c887b1bd

  • SHA512

    6962589684b51ae10c935015c0368246859f47b26a310f75fee423126f4f9a1b4fd3e2ad1b22d030f73e415ef2c958e8fa7240cc5b2023695bdd08427a4a8f32

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Payload\Zebra.app\installed_files.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1716

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24a7a40eddbb46874f6aeed2f3f0a4c8

    SHA1

    3fd3980c578ef2dd21f8fac3b39bfed1fff48aff

    SHA256

    e6e1da0e33c2673969d7c3a80f395d0097b4f5e32c628691a6ff364ebd2d19c4

    SHA512

    47db60dbb6a31f9a10998eee89383b9bcf99e503807bd3be42447afaa28e1fb6b96f0283460c496e3c46bfeca263dc5b48426df62d42ee41d9f9ff81f5092944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d52f48350202cb5b14007a1cfbd4bcb

    SHA1

    b833680ad07b4be0cfe299389f12e15d74c0f975

    SHA256

    ad9985696022975d9a441806c3167b8db38eab0fe5ff8758b2f2f67cf6a22064

    SHA512

    cfc6ca5bc2a36b034b945148bc3aeb28f60c67231cc1ec612cdfcc47241ff2066866e6829293f5d3c6b0768fa4c628d8b313f38e838a58009ae0ad09edc2ca41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cd513959041bceb6cd9261b21774444

    SHA1

    edb4a6a03cc0c68960ed4a1c06236cadc662d64b

    SHA256

    141d1fa60419cf49aa70af42940dfc476ebb284b4da95d7bb7ffa79e364e4d32

    SHA512

    8124d6f6ee6d1c16f028e59fdd1bfbe223b6313b41f34e043358c7c2132711b0a8f83518116d9f93a0bc7d77fc2b382d844651bb44f86d78b04c5d5b340d1baf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cc68527e0f75372f09c8b2c34e4425d

    SHA1

    e1624901ae398dd1242ad2058f54375ec66ed5bc

    SHA256

    2862b01c919c5c526efaa8214a49e4c7bedd75aef3c121ec8907fcbcf7ffcdbc

    SHA512

    f3a065907c2d52b7f13c20b45c6880b18bb11a95333c86b824fb800f6b0afd69fafaf6f30055a8744f54e09bc15599bd471222b8800f505dc54349aab1682dbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a3239151d14ceb6aa2d7f3a51296814

    SHA1

    be5868e9c0cfda377aebfb84c8f9784e99b19dcf

    SHA256

    17a6cf9301ac77d683b75726c3b51392f01e84c30cd380e4f1500ed9230256f4

    SHA512

    74225256d2191be35de67dbf6956038073925ea60ff203895c222a492fff5e3efb4c55f268925c87564d89780860c8e4cdeecbae0ec53d44f8198025e63ebc64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4823a930329b2d61b99153965d8d24e7

    SHA1

    d6c190ac066a5757fa161db7e8d28e9b72499868

    SHA256

    71c708df15b211f7d24b2a391571ac99381652166a9fc06a6e7dfdf47845ac29

    SHA512

    db0874361f1e05e377d43d897c9db526e645b0dad63593a731de7ed6665f9e3e6b407dd934988e7632012625ba424797c6716d5e3829507ea0c5bc1957b29311

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a1df29462c3076f3c4e3995f4d30466

    SHA1

    140dbc81111029fcd7942039526430c1250a27bd

    SHA256

    3b85aa398175cd094cc7e623d34d58d8d707c721feb4b86928932f13c6321d95

    SHA512

    9fe61bac1ed29997bb7470e302bb8bca8861c79a12a5b53954e1020ed039cb5535f7542425b1e3dc0a92c3068967b0620a620371df272391f21f8d60363efc8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d75ae34818cbd6fca2f63b4ac1783cc6

    SHA1

    a2731ba60667736175bdc7469a5adc4033973afa

    SHA256

    627ee8bb0be4cd37fc597a4f57d364557a8d1619661d6ca04cb473fab1c243a0

    SHA512

    fe0a54f3177a2ab7f81d69482bc5a2dcb931be522d7a6fd57589f35d0ccc8552f01ec81e3bcef2fca443e68bab553aae22b5521eb1648d83a864951d18506a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73f078d6b402407c56fb84b8c593f77a

    SHA1

    43f5106aa155498a4c12cd1f655fc63870d24a68

    SHA256

    1288a3c17bd7237292a1d922c2231a4af75719d3fed3591f240a1c7f8f3b57f5

    SHA512

    606c3942088db7d2ebdca6ea2c68836ef4590f8c19b7e7c333cf1e510fa67d8ebe710cdae7b53b213d2d0bc69345d6201d08eeae78afdec2ce77656a41931a24

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5535.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5981.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R0UQOGTD.txt
    Filesize

    608B

    MD5

    940b75a8d44f17495d744ec036eb7fdd

    SHA1

    82bf3cf3997267e9b58088df09f74effc5720be1

    SHA256

    e407d151ba2c55790cdff99360945f3fb8f41f24a89ead87263a1c5aa0120cd9

    SHA512

    e47928bf7aab4fafc959d58070b59b34171d76b7074933ae2a39cc4bed395e372c428015dac6637081c2788805fe4caa9a45f454dfe8c2129c57d9674218d8ae

    Download Submit

  • memory/1100-54-0x0000000002190000-0x00000000021A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-55-0x0000000002AC0000-0x0000000002AC2000-memory.dmp

    Filesize

    8KB

    Download