Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

christmasl...wn.zip

windows7-x64

en-US/flyout.html

windows7-x64

1

en-US/gadget.html

windows7-x64

1

en-US/gadget.xml

windows7-x64

1

en-US/script/utils.js

windows7-x64

1

en-US/scri...ls.vbs

windows7-x64

1

en-US/settings.html

windows7-x64

1

en-US/styl...lt.css

windows7-x64

3

icon.png

windows7-x64

3

images/background.png

windows7-x64

3

images/go.png

windows7-x64

3

images/logo.jpg

windows7-x64

3

logo.png

windows7-x64

3

vwd.xml

windows7-x64

1

Analysis

  • max time kernel
    296s
  • max time network
    253s
  • platform
    windows7_x64
  • resource
    win7-20230220-ja
  • resource tags

    arch:x64arch:x86image:win7-20230220-jalocale:ja-jpos:windows7-x64systemwindows
  • submitted
    16/05/2023, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    en-US/flyout.html

  • Size

    974B

  • MD5

    aad33da7ef2d9b67884c1eda6e9b3c5b

  • SHA1

    d5b032cefae90784d555847e1dfe28915c8e4b65

  • SHA256

    b8035028ac25a0ae608430c7ced94f1068b760467bec91555db7394ff2a85b28

  • SHA512

    fba7e34c770664da4ae0fc524cc1a561768218491d84b375caec5874346b9d651af5759d08ef56f8825e6b156b08a90ec1f499aabe2b30c89c8cb0cb4a99a15f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\en-US\flyout.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:760
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\system32\taskmgr.exe
      taskmgr
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:616

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aed4c522daf9a8729ab73db6637cd051

    SHA1

    a709e0b8e29d5ee08875f22332e2c33e6dd6ba81

    SHA256

    39a9bc395ae66e4447ac618ada417186750698ebab89edb0b5549e943b3749f7

    SHA512

    323320ec150cfad558baf42762c1cac50d43bdd5f084611afb47c7b33e8bf069d665f440cbdf5925a45d60207bdd784ab41ae64418d75facd6acbd20b39c043c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4731dadc48bb7888daa1f146e5204af1

    SHA1

    839ca04287f6c9e0da5cbaebc15629590922bcfb

    SHA256

    3f6db8687b1c98b4a9c1e99587cf3d0ba4c411335caa58d0b1ded891f95306ce

    SHA512

    b579291cb3e396463ec673dd19158e32f4f36e0140480871d1e00acf31139f38781fe3941ee3af3f9efbe2e005f2788ac32041fa5a3ae490c10845de3a975f25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28c40720f469d8dd502ba37f63505300

    SHA1

    75f463ba72f770cf9df55640fa42b01d2881b8e2

    SHA256

    aa3e6b91989713811506d9902829030442971a7dd2b132194551d041642df52f

    SHA512

    8e47f6d7adafc456ab7ed1df2964d996cb46afd5589c78e8430d7da528e2a90134fed9b4f3725f1e6dd559c0e2a824c6bb6faaa215c2a29bbd62f2a89d7c7d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75b9f340e5f596810d5e781cc3b522bd

    SHA1

    13f89df5ee73191aa84b2f817a0bb73802baee53

    SHA256

    48006381a81666c985c0710740fe050ede1a08b50231e3c6a02cb02f153d3be6

    SHA512

    6510f8d519a67c8a9f17ce8dd027bd9487aff4a7f5f3c7de5871e5c3ced54c08a0804fafa78210e95b160f426834f67e386f5948758b8435d655e5177ee425b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43f8d8da32f53f5ab9465a376273f8a9

    SHA1

    bf79b07e94f35d5683b7cfd93bc5f76596179eb9

    SHA256

    0b012f72e8f399dc35fa15d823aa57e124c2228ed2a830bf667908062ca3914b

    SHA512

    b96f2233db04d09eedb6cd2ba5411809286c1060e87a5c47d8c3b09b803e4ec21832aca5c250f5a3538d392156b523709869a5c6495d6cdf7ec23159912918c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23471b68a9c7f2f98105b5a11de78393

    SHA1

    61d59c6cc9c1f297dce8fbc2da3c00d3fa21d967

    SHA256

    761ceff9302c0e02067e622ab5e1bfa0a802122634a00504ec58c7191a5bb6af

    SHA512

    9efd652739a61f2e5aef58c90378fe719b52f1cef4e2fbcbc9564889556cf7d2cfcf2afe8f3c0dcd5e62572197fb7368bb98ae01dd4a14da26c48f43bd7be15c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75012162a113c83bfa15de7ad5c5ac80

    SHA1

    d7dab9d3c9a5c9d5b7a313f08d9e7a38d83d97ca

    SHA256

    c8bb030dd44617f5b7dd8a3e4c926eccc3e24d62bc707c7f995c9cf81e61ca13

    SHA512

    f512fc94c09a1e1e332a01390f09200dfbdf13317c9095f7446aa86bbda6de0a7a99cd93f6a4516a8d0982ddfc041db96aa19ec31fd405720e1e97de76e78b77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18935d6a7173c928c5a8250d9c58e443

    SHA1

    3c7c0d327f42a5c217d4a5d3d73f719cf073a7e0

    SHA256

    32b76e94a8e206c3b134ac35edacb1f984b97e283bd0d2d1394299783db5d481

    SHA512

    803689a45537ad986f1ca2b51c1ab0487e649add10f6ee68aaddafb786b2836e4a13e6d06e2f0c7d75edc9cac5ad1610aed53a2450885375e8c7668c7ad8e27f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].ja-JP
    Filesize

    17KB

    MD5

    f0e8351230b562572b4b315a1a55004f

    SHA1

    1cc73361100ce15353f2571a03a5d5a364be87d2

    SHA256

    650de9892142b102c0cd1f9deca25f93d83c0bb8b5434580c77dd4214a82e1a5

    SHA512

    3d7dd1a72a000041fe308828c714ac48c463e0022cad3495296d0eb72a0fc85127b3c46cdc0015da25d41e9d22eba887980c301663f37ad86e7ccbc452934d46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6700.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar691B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CJ27MUD0.txt
    Filesize

    602B

    MD5

    0c54805badb37330fb2b2a318947b89c

    SHA1

    fd22955f3a0a280b16b6a285f167dc25c007e6e6

    SHA256

    30dd731d10e18b5b1221fa11993a8cc61ab6a85978472d2e09114cca48d0d393

    SHA512

    c6f8d54692b3c35b2d38e5506c2cd9113be43442142d567174ddb06536cce2a22a460e9dfa645c760b4f7c80838da458657660c93fb0aa8d2aa83555302be349

    Download Submit

  • memory/616-560-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/616-561-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/616-562-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/616-563-0x0000000002180000-0x0000000002181000-memory.dmp

    Filesize

    4KB

    Download