Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

1

Resubmissions

01/04/2023, 13:15

230401-qg7r5abe91 1

01/04/2023, 13:11

230401-qe8xeabe71 1

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2023, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4400 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1420
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:4912

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    dd50a5d6139e6d8b6992797ccd04818a

    SHA1

    7350c9c059d598c83af220ca6d30f1b13540cfa0

    SHA256

    b117851f48442b165516bc5b29d58ba0efac8b73ea78bfa676d43be87d9d5df3

    SHA512

    273265d2df03adf0284203a021f2f1f1d13d7b3e3154a7837d8112a27db591bda198f074ce9d2ca743c400a2c90b180b4f0be03fb950c8d342624a7590aab976

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    232B

    MD5

    da51694621e3b2f2ba0ea484c259f306

    SHA1

    c04a182018e568c97fce55c47aeba1c8de1e972f

    SHA256

    922391990d3b0e455037da4bd33afcc003af5a381ae8679dfd823d185f85c245

    SHA512

    2e509dc37bbd11243404824994879e05ed9e04c14e3e3760143a5339aa5739466a0f965e93dcf2c8c97f796c2c7ba4ec6a36b35d56b921183e8c7f17a060277d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    4KB

    MD5

    e087011e0009973a30d3a2826f6f82b9

    SHA1

    682dfbf09a9564bb079bbae682ec3f0a15156a30

    SHA256

    ffd57488407812a010e4b879ffee8bdab91885aa3ee8f208209efe6013b10916

    SHA512

    7a3c8e4cb2292b862ab67a8001654f298665ab2d44142fb5c1293214052aa8e2ca24a12f36463c24803f9bae69ce96e0527760e4474a8f4f524297afe1f8ecf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\qsml[1].xml
    Filesize

    280B

    MD5

    1960bb51be82142adba7294ebd708ef3

    SHA1

    3e4a649e04de02e2cfbf75a284aabf147c1678bc

    SHA256

    8eb0886ea5ac4a727c671390e051196a45b720a4477c16123acda302b8a84429

    SHA512

    95bfa69524b89e9ce867034c04ccb2b5ad89b52e2a5e5205a9089bcb3f7f698cdd09b65f6f8b0af47287d6096b049f872f33d6c0ab417bd02932dfa2db877a51

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\qsml[2].xml
    Filesize

    487B

    MD5

    6a1001448c9290f15b1fc6049f37032d

    SHA1

    1fdca3703e97fa5f0fc4bd1e46a1a04596772693

    SHA256

    c9f3198320ae1095860b8981c2be2ea2b192c155595a177df234c159bd385477

    SHA512

    686461fdb2043a2841c658cbd6a63b7a491f6ba36a4008ea68849c2cbc07efb29596b693598b0d034f98a350daab91fe99fa85a3b18fe0ed0ca398ce3e7a66e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\qsml[4].xml
    Filesize

    548B

    MD5

    c0e92b4b5e646493639d4ebc08ba33fe

    SHA1

    657bc01178eab759ee9aeb64b0f335e7cd8ecc91

    SHA256

    e6554d7f9e943427248a266ae5e9562e4f6c9c99c84dcc66c5fcaa6a5be5a995

    SHA512

    5366ecbabd903f024f652be49b9474a9fddc57cdf44bbbf053b8c2fa38e40b1cd06acba27404dc67103b3db8161b05b1bad157a999046516e66fc1fbae8ac780

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\Setup[1].rar
    Filesize

    56.5MB

    MD5

    6305b5402391d1088f8086d21a24c241

    SHA1

    3eeac2dee953119bbe45eecd07c97833e97c9346

    SHA256

    90b0950960b30715a9f9c78ff507858c14655f55bd33ce76ff4e63d0a1eabb43

    SHA512

    3a40cbb093847f5372af9484bb8e9d74309e00ab556d1ad27df88da5d8482f34ffab1a12b25bc7a3b073dfe41c0fdd8fcb4251486b0ab211fb28402043aadc62

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\qsml[1].xml
    Filesize

    484B

    MD5

    8861b6306217326af405f24f8b8ae70d

    SHA1

    7e6bf1774645c0fdfd26a44bb933b696655a734b

    SHA256

    e24ca71682ad4292fe8ac838ec80d4c373d2fc01ae6e74110c8d450e0d3c5189

    SHA512

    948f79568f05bf524a866c247aad9c415d5f6cc752dea7306c00144bb81f5c3ce4ee533aceee7836c979ef5b03b9ff6ad8ba1a1f71968d2bdfc83ae87ecaa7cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\qsml[2].xml
    Filesize

    550B

    MD5

    c5217b240c6cd1268b8a23242574f968

    SHA1

    55aec195137500170970373efe86c659cb16d42a

    SHA256

    b25090cd77357404836cf18051df8f408a3cb6e515cd9c4eb99d1b210c2e0abe

    SHA512

    22eaae20a932f391e993a342dcd23f75a043ec716b640fa6fbe5c3a4c0c457045c7e398611f0b553c0cbd1a786f2d008865eae92841d5fe66ebd6575c518aae1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\qsml[3].xml
    Filesize

    605B

    MD5

    25945ca7b8584922d9f05a074d68ffa0

    SHA1

    ac311e481918c90d752ae27624daca6d4161dfb4

    SHA256

    088d48327667efbec1b17ed17c00d06f799c996cf7436b12f3629db51870e3d8

    SHA512

    86c93d310f46f2d099246a37b290202713e31cd9a102737757eaa9db12b68e959c5892ecf3e8292b94d126d5bcb7e829532a95ae0df3b5f7c55c22ed154f88b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\qsml[1].xml
    Filesize

    539B

    MD5

    4559532fd01b5edea3b39bb5a182ed40

    SHA1

    1b9ac3d2f917f985ebab5668403b82fd88ea00f7

    SHA256

    e3eb48251a36c4671a6d6f541140551ad942a6163b0e3505588cb4881405c2d0

    SHA512

    532001b022941cee5f3a69273a02a26dd8942cdf523170675de5f3e224127a702a74c677ddf8554cc1f0624de5c283256e2a275cef2b857efa21afed613f565d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\qsml[2].xml
    Filesize

    609B

    MD5

    e3ca0556b40af14000398b3fc7dd7994

    SHA1

    0b8766b2f8819a7443fbc430a1e0db189383d9d5

    SHA256

    3c303247d858f643795bd9988bbce31744718c004005772167433507e7eecb8b

    SHA512

    d27c04008b11c5bfa04305dc51b8c427d4abcd5c00fd1796756621223b27ae7dc2838d52b9d0cfc15e02cb82463e15bc1fe37e21cf396796613d57e8b9683035

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\qsml[3].xml
    Filesize

    607B

    MD5

    821cf73296293dfc8618c2dbf488bae8

    SHA1

    43547a214086df04aebd3d2f795082fef6688de0

    SHA256

    81a554d526be676cd4b3c519f1d4af25633bfc6c22c38c8ac56bbd5fd85e0005

    SHA512

    b6eb177b9a0da70f7ddabbb59fa0977b98fd1728c4ade169f1e8f6dd7dd8049b4d8fbc02e268b4f45b7ea83a58caa355cbd9464811785a9cfc87332afe13bd29

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\Setup.rar.7stir2y.partial
    Filesize

    56.5MB

    MD5

    6305b5402391d1088f8086d21a24c241

    SHA1

    3eeac2dee953119bbe45eecd07c97833e97c9346

    SHA256

    90b0950960b30715a9f9c78ff507858c14655f55bd33ce76ff4e63d0a1eabb43

    SHA512

    3a40cbb093847f5372af9484bb8e9d74309e00ab556d1ad27df88da5d8482f34ffab1a12b25bc7a3b073dfe41c0fdd8fcb4251486b0ab211fb28402043aadc62

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\favicon-trans-bg-blue-mg[1].ico
    Filesize

    4KB

    MD5

    30967b1b52cb6df18a8af8fcc04f83c9

    SHA1

    aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

    SHA256

    439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

    SHA512

    7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\qsml[1].xml
    Filesize

    606B

    MD5

    90aace2f0df2a1d819b298c4d1880741

    SHA1

    fdf26d53fcf44467b6fbf4e2f228f16c8c37abf5

    SHA256

    33488651fb79b0cc7f3389dc1a1b8ed83c7f749cb6ada35a30c06c56ad885f6c

    SHA512

    119a44f1a502bde30592a78da31677cf3660d8853b5741007b4d9be55e1e36fb2da572764939aafc12206040ccfeb3ae4a3f24e6823ab2b286e4157e93949489

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\qsml[2].xml
    Filesize

    610B

    MD5

    ebef0681700c537777206cc949f97547

    SHA1

    c1af4b3a01d6e209fc69ae93d3d60f28ce0a6d89

    SHA256

    a042fa5b1de1b1d1f8b761cfefb7ceb9c2f1e799a08bfcbaed47f4994470076b

    SHA512

    f01ce3de358de748d9e5229c1235dd405375cc8828f3d3707b0679924555f754cdf90e316763cfd1c8b8354f72f09075df36ad02e672fc5a1b16f4bc701b560f

    Download Submit