Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
1SetupX.zip
windows7-x64
1SetupX.zip
windows10-2004-x64
1Data/Packa...in.xml
windows7-x64
1Data/Packa...in.xml
windows10-2004-x64
1Data/Packa...ls.xml
windows7-x64
1Data/Packa...ls.xml
windows10-2004-x64
1Resource.dll
windows7-x64
1Resource.dll
windows10-2004-x64
1Setup.exe
windows7-x64
1Setup.exe
windows10-2004-x64
7jre/Welcome.html
windows7-x64
1jre/Welcome.html
windows10-2004-x64
1jre/bin/JA...32.dll
windows7-x64
1jre/bin/JA...32.dll
windows10-2004-x64
1jre/bin/JA...ge.dll
windows7-x64
1jre/bin/JA...ge.dll
windows10-2004-x64
1jre/bin/Ja...32.dll
windows7-x64
1jre/bin/Ja...32.dll
windows10-2004-x64
1jre/bin/Ja...ge.dll
windows7-x64
1jre/bin/Ja...ge.dll
windows10-2004-x64
1jre/bin/Wi...32.dll
windows7-x64
3jre/bin/Wi...32.dll
windows10-2004-x64
3jre/bin/Wi...ge.dll
windows7-x64
3jre/bin/Wi...ge.dll
windows10-2004-x64
3jre/bin/awt.dll
windows7-x64
1jre/bin/awt.dll
windows10-2004-x64
1jre/bin/bci.dll
windows7-x64
3jre/bin/bci.dll
windows10-2004-x64
3jre/bin/cl...vm.dll
windows7-x64
3jre/bin/cl...vm.dll
windows10-2004-x64
3jre/bin/dcpr.dll
windows7-x64
1jre/bin/dcpr.dll
windows10-2004-x64
1Analysis
-
max time kernel
100s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13/04/2023, 11:34
Static task
static1
Behavioral task
behavioral1
Sample
SetupX.zip
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
SetupX.zip
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Data/Packaged/Main.xml
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
Data/Packaged/Main.xml
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Data/Packaged/Utils.xml
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
Data/Packaged/Utils.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Resource.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
Resource.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Setup.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
Setup.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
jre/Welcome.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
jre/Welcome.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
jre/bin/JAWTAccessBridge-32.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
jre/bin/JAWTAccessBridge-32.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
jre/bin/JAWTAccessBridge.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
jre/bin/JAWTAccessBridge.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
jre/bin/JavaAccessBridge-32.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
jre/bin/JavaAccessBridge-32.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
jre/bin/JavaAccessBridge.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
jre/bin/JavaAccessBridge.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
jre/bin/WindowsAccessBridge-32.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral22
Sample
jre/bin/WindowsAccessBridge-32.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
jre/bin/WindowsAccessBridge.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral24
Sample
jre/bin/WindowsAccessBridge.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
jre/bin/awt.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral26
Sample
jre/bin/awt.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
jre/bin/bci.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral28
Sample
jre/bin/bci.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
jre/bin/client/jvm.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral30
Sample
jre/bin/client/jvm.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
jre/bin/dcpr.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral32
Sample
jre/bin/dcpr.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
SetupX.zip
-
Size
78.0MB
-
MD5
d57805b40c401229cb247c9bacabdd4c
-
SHA1
714f05cf814a5797a0d2851d34294bd1cfaf4630
-
SHA256
951c96faf86b41a91c2a5e1eafe8b94e1bec28653d194e5320c4385a36cfae5a
-
SHA512
d8956f81c7942cbf1b2405790a698d0c1bda11f44ce30d740b8645e0272b9cf7a7b19a076f11f37f0b2c9ce2b140b80b5f333de92de415282dc6460dd8413ef8
-
SSDEEP
1572864:F4rH7saSM1M+sB7beYk9tMVCqzBBBX3eZp8rj2DKrPPij9S2SrIqyzRUR7:47saScDoXeYICljh3dGKrqgkQ7
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2020 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE 2020 WINWORD.EXE
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SetupX.zip1⤵PID:1744
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\InitializePing.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2020