Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Payload/Ze...roller

macos-10.15-amd64

1

Payload/Ze...bImage

macos-10.15-amd64

1

Payload/Ze.../Zebra

macos-10.15-amd64

1

Payload/Ze...s.html

windows7-x64

1

Payload/Ze...s.html

windows10-2004-x64

1

Payload/Ze...min.js

windows7-x64

1

Payload/Ze...min.js

windows10-2004-x64

1

Payload/Ze...n.html

windows7-x64

1

Payload/Ze...n.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2023, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/Zebra.app/package_depiction.html

  • Size

    644B

  • MD5

    32fcac54fdfe9158497c1ef2920d7156

  • SHA1

    25b20b3ce262dbd790e2d2c1a1748484c053bb69

  • SHA256

    018737a6ebce460a1a8f29b581450285feabda48260c158b4335b654d2b95566

  • SHA512

    605abb23468914a45ad11b8211b4bc2f1b43b3e2c7c442e8c30e26f7ad2e46584d9133491bb127aa44e3bef6f600546e4e1dbf58fe23cbd768ec423158fe386a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Payload\Zebra.app\package_depiction.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e47700be7a44f6784d8fc09b1a31c607

    SHA1

    0010a6d9ffb55f87324576c909f56ae6d5fcc507

    SHA256

    9d6d219c0e88e57db1f764a25d7b79be903196500958b0b2156b321f3ded690a

    SHA512

    7443ab9db46455cbaaf76a29f89e815b10e064d475e02aa351042322754a1a036ab5d2e3ed872c8e8ed4955aa8362b13fe2c4e153739f96eae40fea0f747a063

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a99a32f81d252f344a339524548e600f

    SHA1

    76f6687c9c946f4f4c1864e0001af8be691085df

    SHA256

    6e8571b265ff30a577662414124a232aa327ec5fb59748462f7d501c4af7ee75

    SHA512

    9a7986637d6bb639289e2b5766060cb1c32ca29493476f686677fcfd348a21b753c10fbbfd9c0fe40e324e1f05f3826672394c501515ff5a48ed65e8fe5a9be3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4148653f64c5b00e3fe29307571cb6b

    SHA1

    c62bcf4a4d4faf3f691f69c18c8139758e464b34

    SHA256

    737e81ebe8ae68d3385593f62e46adf69ce55ff75a2529865e254f2b108a6fb9

    SHA512

    89dbc91fd47a1f6de5a7f6a606150125dbdc0c0bcdf2f509c011183ad4a05fff8f9c648736a133d4a30f0b3e168f2c75d4467414f331122b1ea57dd025d6efbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93a7c70a24b555bf16570f555cb825c9

    SHA1

    48913ff62fa99aa7b7b013a026b66e9641dd8c09

    SHA256

    4ab4f8bc4a1f0360914e8e841c916bdd7f0f14efb615fdcd3b65d737e5f542ba

    SHA512

    8098c6d43638ad79aa6972b1a2ffbda4dfd501141f43695aa38df2068efa542cae39960cc03c975a47bef4543cea73a2c39bd62fad7e0cb5e961a03c507551e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdd78be87073228ac4bc18ef82f5aa07

    SHA1

    faccd22e2251a09de753db51b024a3f4c4229193

    SHA256

    93ba0caa8a937a41027f62b10b82e7e1e53c361e507d721a8d228edb46d5b289

    SHA512

    12843198ccbcb538f83ddd1ad42ac6f232aedce77143b1c6f6fc0d1c744ba631583f45a8669aa919d21d4715807e4c451a0e423643ec7f226658fcd031e43f8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75c359bd0e084102041bfd7135d79b85

    SHA1

    d1567f13dfba9e780acbe9132dabeba40996c9d7

    SHA256

    0bffec13677a6d5c630bc6070ef2ba2b5ec45741f7a379fabf927e5edfc553a8

    SHA512

    d541afbe2f4f44ba34d9f260ec6e4146f17a60013cde9f5bcaf99cef0ed84edc40b402affb7e4865ad39f6ea23ee235d2edcdaaa0f25399980ec540725362dce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25c7573b0bdd9566770b8c5e03d7e140

    SHA1

    fb95d3b0ddb162ee23544117fecb28533ba865cb

    SHA256

    c7aca1185a4630d37fe0fb0b7da6b585ebbe746465c9d25f90666375e9ba9448

    SHA512

    9e65f50583daa42e413a8fef3d38644fb6daae42570c3bb1ea5007c0bbfa5c02271e588e37ffd3a07b7c6abad2033453c27770ceb5451f8e8e6df446b7027458

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35c8c651fb7a7e6e749bef3dff7227c1

    SHA1

    42c2994a47f13af1825c7692f586b9fd0e0fb3f7

    SHA256

    99d6a1313bff154cc73b3bf01157142773d7f83bb4b90342d8307ae00268152b

    SHA512

    50207eb5ee32543c1e85ae3b4fad66a077071b7532e886ae9621be2c910a488a31331185e62d61f51214e275e9d456737f52b177e662f191cbb650f45c7ab466

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3373.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar34D1.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VNBP3OQL.txt
    Filesize

    600B

    MD5

    26e8877951ba331b2acb61bf7119ab0a

    SHA1

    63325d547a79d77b2aeab8cfbc6693f486e06d58

    SHA256

    78da00ae7a5b1fc504b4ef37e9469655040341385669f4b171f6dacbe8dea33d

    SHA512

    520ca442ffb3e85cb83bbc0647fd2ff7d7836c44a9c9087e285e7e5445bf76463b7fb08355d6285d1a2b2d791d861ff7c88e7da6e7887d0b445e16a1917d3c76

    Download Submit

  • memory/468-55-0x0000000002270000-0x0000000002272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/840-54-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

    Filesize

    64KB

    Download