Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Internet-Start.lnk

windows7-x64

3

Internet-Start.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    98s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2023, 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Internet-Start.lnk

  • Size

    1KB

  • MD5

    c693bb0b7f9f3b6b54e00eee01ffcd82

  • SHA1

    b1071aebf82092c56f3acd368116608aab1b0d69

  • SHA256

    1f5c4e0e78f086df9e0b5eebf5c75534eec0c29ecd6049bb37be81c6a60ba60a

  • SHA512

    5ddd57402d62d9c9e54ddfc101bac96748647b570c0bb9816fddb9b7a8fe618b9b755d5abba9bc0170f7a691feceb85ccc026351872521841104e93f15bd4bc0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Internet-Start.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start http://internet-start.net/?utm_source=beatle^&utm_medium=icon^&utm_campaign=desktop
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:984
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://internet-start.net/?utm_source=beatle&utm_medium=icon&utm_campaign=desktop
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:560
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2024

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b948d6302c64e091f1e741b69aa1faaa

    SHA1

    734216907481a1e186e863b39a371fc0724dbd87

    SHA256

    e1769c97257d10353af11e35460d64ad4577f8c2dfd1175a2707042d5d263fdf

    SHA512

    ce96dc8bbcf7ee30dd4afc9e29b8255194763948b83bee1bf75f7e3f51e1192d7c21a19c791e9083e73c8bb6dfcd4729ff191651f19e5ffbb9d5db91d16c256d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dce9886a0ab6e301b398bc110485b694

    SHA1

    fd492f88ed3f68e7f5f6feb35dacd98ef526e63d

    SHA256

    d448a8d3d6c882c0f337f8b439d8e85847f1ac795ce1e0fa3f9af135686d659f

    SHA512

    850d6c44f2b9a10a1c14ff6f4b0aa9de537e7798bfe49927476cb6779b5b9a3ef0d3f737f719372f6cf505f38f213f7e53f9516a255db86bb658d3b96d8352ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    057da5b64003141cb84766b6ac69aef1

    SHA1

    06c4bf84950084a5dd73550d55fcf54b68e5a609

    SHA256

    b034a9dde122a8f2f9e43b4c0fd2b9b9a4af4bd340c91ea727d785f317e2f23f

    SHA512

    8748ea6b2f5b1a3349c0cd24553a84b1ca3946560372b70d3a0957387d2d74a5ce0aeaaff49674540cdf87fc9fe46891fb41649085a2326de857ffc452e7f755

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e13761c4a55b00d2e45fa8b3d3fc8c03

    SHA1

    5c5cce8230f204dc599c62557dc17036a9d9d488

    SHA256

    a0ffc52959039317009a97db502602c1726cab3103b678e4274d965a662952eb

    SHA512

    4aa21456f1381f34e3c136c3a7cec108ddcf603856def89be65058ff591bbc8894da2c2e4976985c303876f633c4b3ad2d8ac26d24a813f780bb6ef8b44006d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2843ba3fc62902be777581ce490fc4b5

    SHA1

    30bd724c58817d262d27292cb71accdb1c3a3078

    SHA256

    7a5ec8ce8bb4643bca4d00d3ccb67f1f7e4efa8bbfe9a40c132f7ca5ed8349d8

    SHA512

    3f8e91eea02cb7f09d983cd85c2cb22e1f3e44e9d4db06f035d6d057d8eeb6f4f707497199dd925a14ee5b68f449e8d4ffc3cbe72ca69720e64ab3227cf9c0ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    157dad2260adbecc80c51eb1025f8639

    SHA1

    e41a6947d63acf9cd3fe90b50875230dd350e1e4

    SHA256

    e6cd4db13e620acef5f8d06d6d5f79b8b0166e66a66c6829378dd4dcffd9ecb7

    SHA512

    3d6cc6be24bb12714b8a1f8247c0b79a2dfbc3c9e86dac360e3e97b7975109e711703a743d1fb24f910abe7e8e85debf402f8fde24b1408282235f06a6d8364c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fcff3e4e0853ad695c5547757ef0a50

    SHA1

    a9141b6b9b8133a49c8e8ff412138e836d102eac

    SHA256

    b59e892729cb8229c6a813e961d5a615d72b19eec36fca1a18884a80c2d4d395

    SHA512

    356b11e363b3fe5f97df74cdc21cb0ad5270a860c2ca9a8aa2f19f19593a26c3a8fbfc166d0f17d2b7a370b5e6bcbb3cca5d233d1d1c9b91337413a6c60ede57

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF0W5LQL\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4311.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZF0CFAK3.txt
    Filesize

    606B

    MD5

    ef3a31c2f6e62f554437f8a286a4a7c9

    SHA1

    9a7b1d81b748535d7fd8f3e5fe231f50bbc489fe

    SHA256

    55171807b730b62cb29a8bdf9d8164ba33e849bd511aa8fbbb2571a86bcecf7e

    SHA512

    c6aaa39a6b9066106cd7186a62d246c6138466266120afcc3d5fd0996522a2c6899b2e942d7a5a69e4c09f7a3313cba25b9496d2e3b89bdfa91ad5e4f39723bc

    Download Submit