Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Borrador/EULA.rtf

windows7-x64

4

Borrador/EULA.rtf

windows10-2004-x64

1

Borrador/I...er.dll

windows7-x64

1

Borrador/I...er.dll

windows10-2004-x64

1

Borrador/I...er.exe

windows7-x64

3

Borrador/I...er.exe

windows10-2004-x64

4

Borrador/I...er.exe

windows7-x64

Borrador/I...er.exe

windows10-2004-x64

Borrador/h...p.html

windows7-x64

1

Borrador/h...p.html

windows10-2004-x64

1

Borrador/unins000.exe

windows7-x64

7

Borrador/unins000.exe

windows10-2004-x64

7

Minecraft ...re.dll

windows7-x64

1

Minecraft ...re.dll

windows10-2004-x64

1

Minecraft ...re.dll

windows7-x64

1

Minecraft ...re.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    156s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31/03/2023, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Borrador/IObitUnlocker.exe

  • Size

    2.3MB

  • MD5

    ca7d229c1a8087836d2365fd736a09ed

  • SHA1

    7b502e68692c108854a033eca371defcb9a64328

  • SHA256

    d2b8c197c1ff337cc692c3f11e3cf8e263612212b8dac9c104a220ae7ce0c325

  • SHA512

    8dc81e51a50035740cc529f45844d80f2f998bd6e862c3d0192a7a7a591d9d8c26d6c9674a6e0e99c76dc57174a0791b57e32a0a2b9014a5ecb83b012679bc96

  • SSDEEP

    24576:5S/WgTT/eC4PwRXrAREEkyuCmLMAefac2mhPiT8b2DeXYJAmzQDFQEkXAFxZSD1j:QTT/eC2wpBBseA/FsZDW8nTeCPGXOy+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Borrador\IObitUnlocker.exe
    "C:\Users\Admin\AppData\Local\Temp\Borrador\IObitUnlocker.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.iobit.com/iobit-unlocker.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    e29ef7aafd77ba7a456c3cb467b6a217

    SHA1

    7f01e83f8503ecdb400b3bcf45d574e12f081895

    SHA256

    681c6ddc6407fe5232d78379b1a969dddf352f1717ee47083948adac08319ecc

    SHA512

    2d16e1b9744781184d1e63b3758b80428b04daaa5d703502480b17dd9b2ad6237848e99b470d9f17a4622c6d836902fe49ec431750ecfa610847a729b7ea1512

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    4b45244bdd45541d82298081f2470f59

    SHA1

    593f8ac2af7e96b0f15d07a9d20ef1e6b6dbd761

    SHA256

    01cb3bad5737b8ad9d2741472cc14621d889c213c17d9d6cbd9b80f6f17af414

    SHA512

    d6e6b1fd5360ae4eb30c17e313cb29ef023aa720bee6cb4a332e8c1bfba7a72b34f8ac989c9f35424457213a9da04c57da79513d13e6330dc9e35829cf621bc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    158d701f8e3332415353dac226c806d8

    SHA1

    9e42ffff90abcb6a5d33f4bfb78026eed7abebfc

    SHA256

    a6b8a795652e23e678af00628e12550657b62d3ff4113bc62b265b82d65ada32

    SHA512

    e6adee9bf823c607c2c4624af535cd197811b2bf00489c333b73a5bc48a365c2cab1585d0740f713ffa4ed51af52d820db65ab120d110b7f5c46d3b9ca1826a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f39f0acfb79ccd6296f2864cd8086f4

    SHA1

    df481857589283794fbf1f7bff65afe4dd1c2a54

    SHA256

    774d36ceabdbbb20de1b785079320632b62bd3cfccc7cba2d2b021949a254d13

    SHA512

    51a13f72f9374617d10a923a89916b31203564053fd4b6d2d38a9aa4db7fe1c4ed1c33227da384ddbbbe1cff5e48bdffae9593da12047493c421db82bb376dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    931710cfa4a3ea575ab2b5420f781997

    SHA1

    04763f59d469140c4ddafb84bf0b0bc48ea2bf91

    SHA256

    66c333ff6ae09ecdcf6af196a9ad1fa503bf9e658fe1bcbfb551524dc7b40450

    SHA512

    7e23a36a88c1bd39df6932487d3b170bb64942dcc2aecc0b8c0579d7a83ca87149b59439f45263dc8c0b43eb943361095b9b7b04cfae32eff21afb1608d71ac8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fcb8961afaa27b96ef978fe7027b484

    SHA1

    f0a5edb0bc9b62164e3fc82e1e5e9ed81ae3cc87

    SHA256

    dd0692dfaf8a44793b1d7c5c67f6ab026b2a07cc0bbbfe9b40c3011d5fff596e

    SHA512

    38cb72d528193e9714a444b6fd0e86a7cf8e587d2921904419fcd069988022a3a50658f2a6908fd0931fb37ee2129df172193f8d011b0b9973c95a76c28e57c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c8028f915a64470ee9b6979029cdfbd

    SHA1

    bbdd7088efe3ae5522b754a56615f10064a724f1

    SHA256

    b53cf62e621afa22eea63d713981db3bcb0c2f52c5f67363222157b5ad5abb11

    SHA512

    0d0ef995b80035454459719bb40df29abfe0a150acb575ae4e62e77633a6ba489b511077dc9b6d9b9db7508454caab2a0b33d1f0dc3565000e09ddc45f8168a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    697b96fb06ed7b6480b8b6ee06c4e25e

    SHA1

    b7f84fa8c4c1fede69a09c1fc8f7bb7322900521

    SHA256

    b3e72ec514b52279c2efb80ecc364bbc02e59c19b479c30b9a728dcf8b5adc1f

    SHA512

    d4cafa2adfcc5a3395fdef750b3497f9b894b5e1841d1d263f2263076a2a8d8c69f70a3af285c1489174000e35e582abc6290da93d9a2aa03317e75d3469109e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d726a348f5d5474b9dd1bd552d9b984

    SHA1

    3421f67a0a95f04ce3eafab0d906c74541a7eb80

    SHA256

    711ff1ea83384983d54552e96c61c715ccde5e17a7bb9a7234632a3725d41462

    SHA512

    cab83295d8cde598643a7cf15cfe856c5f74003ce66d325b5d8aefaf115d26caddc101378dfcb2fc9401b7bd54803c9a36f36a3756a28d2bbd3af49bd80ebb26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb5d13f56cab4ca3685e386bc7f7aee3

    SHA1

    911a6cb0ac021a54eabbb657d7c584453e9da800

    SHA256

    1336ab84d8646e317e56df4e020e25e693852fbc1b6939801b3d185d6e81de5a

    SHA512

    1cea3bd495800ac011cd7e2b56550a0570b3ace063a2855aa9f14764045cffaa95b26356ba95c4bd145a1cf90c62ddc908dfe3789239ca7e839c306042a21873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5edcfe200f1577e5b2d0d1b3e3bdf108

    SHA1

    3fe9c95ab399baf15bb64f8308b9f59db9bc932f

    SHA256

    5da273e883fd9cdc70aeeb39236c0b2b21d0c6c3fc4bc905705d76bea21f16fc

    SHA512

    52825941ae6214c0fe7a8292956e57831b8c9210156722933de7c4eab7a43cff67c350f56f75111b644957555232be924d35e2e37c4532f5e41f502dd8bc6f07

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p734dsx\imagestore.dat
    Filesize

    5KB

    MD5

    49f82f46a82735a8f4960565623213b7

    SHA1

    4f89a2f439f2e41ca3ce85339cd435683576180c

    SHA256

    c4926577f8a3732ce1bd2ba1339d7e00e4a001ac2300de0a6e154d014fe8b236

    SHA512

    3011b37c445de259688f010b159e29624de03ca640dee0eb5085357d0f108325d43c562ae415e97b7c8c8b03a3f05158583b92f77c2e6abb516b62053220a396

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ONXID7T\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE9Y0H7M\favicon[2].ico
    Filesize

    1KB

    MD5

    fe4bf7aeee2044a60a1c90e571da86e4

    SHA1

    8e55902176ede5b0338a784abb561d2ca1de9e7f

    SHA256

    7ce5ff7d3ca3fa04ac4718ef6433256a44b6181cbf255f68fb248f7ee7b02239

    SHA512

    de9ee35369f03d1415f992c0827224d21d47108c55a5352244bf327379a45d8cd5717f32d92c0ca16754e437dd82033f24f308872265840341b106c8a38b2509

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE9Y0H7M\js[1].js
    Filesize

    237KB

    MD5

    dcc31606b1987058c3796e3482c24436

    SHA1

    8bd6a6e7e542bbed2844c21999b4f87b890864f2

    SHA256

    abc11ec2325d13729cd70d988fbf3e08b65a549e6f9d84e2a299f71327cafa74

    SHA512

    71832517dbba9ac8a4426c368c27ec969a46530ba50de5b7bda410fbf336acfa4f6e95d5f9a5a898e38e08f7285594a2023361c66faac3b5e59a7aff040c6ec5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB398.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB39A.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB575.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HJZKKJMO.txt
    Filesize

    604B

    MD5

    d5be5a3a539ac06987e3afc6998a7564

    SHA1

    354d6b415431f605594ae6a46603ba54703ea523

    SHA256

    afc4e64c3f458650cbc51b5e3ad95bcf62515169fa31ca1350ff62c808230903

    SHA512

    1ebb2b16c66ddfc2c12aa6abe03a47390d943913cff2729421576eff52382551c8edb3c70a07445053ec9ce97404985edeaf01e8f31ae48865927ad46cd3e211

    Download Submit

  • memory/1984-179-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-60-0x0000000000400000-0x0000000000660000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1984-58-0x00000000044A0000-0x00000000044A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-740-0x0000000000400000-0x0000000000660000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1984-54-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download