Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

bin/cmd.lnk

windows7-x64

3

bin/cmd.lnk

windows10-2004-x64

7

cleanup.cmd

windows7-x64

1

cleanup.cmd

windows10-2004-x64

1

crypt/crypt.xml

windows7-x64

1

crypt/crypt.xml

windows10-2004-x64

1

main.vbs

windows7-x64

1

main.vbs

windows10-2004-x64

1

svbot.xml

windows7-x64

1

svbot.xml

windows10-2004-x64

1

test/test.xml

windows7-x64

1

test/test.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    181s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2023, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test/test.xml

  • Size

    3KB

  • MD5

    b9b3395052c0aeabebb659d40d009deb

  • SHA1

    72f166665d9630e8192845f1adf19b14321f2bd7

  • SHA256

    e6cb2f694ec2a5b7c4fb67d097996662696aeeb75b23ad9270aa57d856e94b5a

  • SHA512

    116383e1990fc4f2161a41bca33cffa15056bd746b24d5135d24f4a639f4285f600a1725ffe63b6696223afcecbfbca89b84c071e0255ac37066a275a8166809

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\test\test.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:924
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1148
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1860
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:624

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc350b6d457fe7014e072aeedcb5f1da

    SHA1

    8811e575f1837f5a74070bd376ed4fd1fce883c7

    SHA256

    be786316b0a2046cfddde2e30af11d1aee71003395abcadced3bcf20ffcab150

    SHA512

    100a7ea0436356b1629f2aaf3ff2edaf110da5322379cb109dcc1435a7ae8baf46d9cbd3a258d53ec63db377d4fa73639851094a3c06c7ed0ab83ed4419ef42e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aee464795e6092e849c8f2fd548811d7

    SHA1

    838cd8751eb5d3cc4e00f48b4fef2fa490a0b739

    SHA256

    fae42d083678a35ba71de13e2938f1fd264773ffc53e3580a7304f7628703f80

    SHA512

    fee847ef839da05a49bc2c225344071175dcc23c1c8b4f0e503116b65108660f1a212d2b8fef7baa3d5259032559277b34ee8997ab6ae4a44e95fb1ae3a72411

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    600b147a6be0ca47ec4dd9ef74f08c84

    SHA1

    8059b058694636ba642fc54e7f393e39e436390f

    SHA256

    2b85217da6d169f8c3dd2d1088406d502864899a58747a5e3773a729bc1749ef

    SHA512

    b312d5e22efd8f8b25f8ae7fecc4233f9c738da81c8459ac9efc092f5153aa9d591c1f3c681cc3c2ea79c6e06dc87071b5fe839b1a67adf03f5c2dad4297364e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23d62c9bcbadd3863817582a5bcccb28

    SHA1

    d2a40a24a464e586451ec488bf0462d9c054c32e

    SHA256

    670c2390ff4f880fb5fef6fc536ba4438926027cf3eaadbabd99af2dbd34f95b

    SHA512

    4036c35cab6226b292cd6d3c1eccb38cd2a4d3ec8775ba6fb3251aa31f7d064098e8bd370393f1ff9e1fcbb1f80cde2de62c645eec2f0d8ae35c55fcc2127b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    155ec9b677c199afd7239f0c44a85852

    SHA1

    52943836602ecb03344a11d96e70c9aa95767dd4

    SHA256

    fde6f7d9f307be87215879f3f0f86f8497c68539167760fe586fa482ec8d7f5d

    SHA512

    cafc67e8fcfc59b2add44a1ed45efa1aa731758314e324d13642687d6fad6166d8b37f48c277df943b7d3963397f7880e49202ede4a59c4eb86c2d75c2013ce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fa0e00bb86ed5531be6454a827c8c7a

    SHA1

    3058c9b2d0abb0463292cc3ed585e3034b310248

    SHA256

    617515a9475e4b1ae323a519321563476d31d4feecc85c889425bfac5540b0c4

    SHA512

    073dab1ea70ef669e19ff17d4a5e681e6dbc1942dcea665812d8fa047f3eee1f3bf5d59073de3ca8b60a3dad252d4e27fd985e14d4f9906dbd8b3f0c7f510010

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a2ca02d6a792c48533824d66b0db563

    SHA1

    2749f1f56f43015fecd6b996a73c335e44ae16a3

    SHA256

    a44658b8b5095b75580e47e2ef56a5134d50bdda2351c2ca094aac5cfbd01fe0

    SHA512

    c5b7941f345b49a4226c2ce9319ff880cdf836c41f1d11c6cdb274c78a81d4fc4471d74eaab5f3935307861a93102dee6d2b6a71ba52b888a3bf7a081448681a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54349da421655857713dd8192edc0df3

    SHA1

    1ccbf96a67905d3ef77352c0aa3655d0948df62c

    SHA256

    b21b806207931d59c4000a4b750ecc41569c8e26686a073c08cff89299b0c403

    SHA512

    fa3ef04b1e82045f95b1b2cdc7f768898a86ed9d90cc4e88a0af6a681c72fd2105e394fa523356cc0b185b4e24697de085ba9fcb9e3685e7b4fcc9b8867964f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efde60808b29dc7a1ee192d36d55ac0e

    SHA1

    7db2154fc1a8b0cd24ff4aa5f4da2b5341d2e252

    SHA256

    a2e4ebbaef376b5e677b370c56da927ca10aef1fb91f356b010d2c0c7448bf66

    SHA512

    d0620d4ce56c1e9d45b27f791d13c4ef98e9cef8f5561b55703f6e11adbc335e1d6d7b9e524600e5b7d10d9c24632dc73b5385906e3d9429f43fddefcf301977

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab451D.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M0R0806Y.txt
    Filesize

    601B

    MD5

    1a1f36f3f57068c17540ab45d101b028

    SHA1

    38e35600eea804b5182510a08b2fd8e79dd36d54

    SHA256

    5c08626bc041e738a00f7faf7430351e49f482fd4b22c925ac14feac22e6a6c2

    SHA512

    0bae297cb1d13d1cfe543f66ced1ea7ec49e843bc7d7d08f3cca37a559d32135c9c2664b8d333102c33429a2491e902344ad6fe8fc50c963e796917717cc002f

    Download Submit