Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3inst_resx.zip
windows7-x64
1inst_resx.zip
windows10-2004-x64
1jre/Welcome.html
windows7-x64
1jre/Welcome.html
windows10-2004-x64
1jre/bin/JA...32.dll
windows7-x64
1jre/bin/JA...32.dll
windows10-2004-x64
1jre/bin/JA...ge.dll
windows7-x64
1jre/bin/JA...ge.dll
windows10-2004-x64
1jre/bin/Ja...32.dll
windows7-x64
1jre/bin/Ja...32.dll
windows10-2004-x64
1jre/bin/Ja...ge.dll
windows7-x64
1jre/bin/Ja...ge.dll
windows10-2004-x64
1jre/bin/Wi...32.dll
windows7-x64
3jre/bin/Wi...32.dll
windows10-2004-x64
3jre/bin/Wi...ge.dll
windows7-x64
3jre/bin/Wi...ge.dll
windows10-2004-x64
3jre/bin/awt.dll
windows7-x64
1jre/bin/awt.dll
windows10-2004-x64
1jre/bin/bci.dll
windows7-x64
3jre/bin/bci.dll
windows10-2004-x64
3jre/bin/cl...vm.dll
windows7-x64
3jre/bin/cl...vm.dll
windows10-2004-x64
3jre/bin/dcpr.dll
windows7-x64
1jre/bin/dcpr.dll
windows10-2004-x64
1jre/bin/de...se.dll
windows7-x64
3jre/bin/de...se.dll
windows10-2004-x64
3jre/bin/deploy.dll
windows7-x64
3jre/bin/deploy.dll
windows10-2004-x64
3jre/bin/dt_shmem.dll
windows7-x64
3jre/bin/dt_shmem.dll
windows10-2004-x64
3jre/bin/dt_socket.dll
windows7-x64
1jre/bin/dt_socket.dll
windows10-2004-x64
1Analysis
-
max time kernel
1388s -
max time network
1301s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
19/05/2023, 16:21
Static task
static1
Behavioral task
behavioral1
Sample
inst_resx.zip
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral2
Sample
inst_resx.zip
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
jre/Welcome.html
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral4
Sample
jre/Welcome.html
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
jre/bin/JAWTAccessBridge-32.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral6
Sample
jre/bin/JAWTAccessBridge-32.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
jre/bin/JAWTAccessBridge.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral8
Sample
jre/bin/JAWTAccessBridge.dll
Resource
win10v2004-20230221-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
jre/bin/JavaAccessBridge-32.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral10
Sample
jre/bin/JavaAccessBridge-32.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
jre/bin/JavaAccessBridge.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral12
Sample
jre/bin/JavaAccessBridge.dll
Resource
win10v2004-20230221-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
jre/bin/WindowsAccessBridge-32.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral14
Sample
jre/bin/WindowsAccessBridge-32.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
jre/bin/WindowsAccessBridge.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral16
Sample
jre/bin/WindowsAccessBridge.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
jre/bin/awt.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral18
Sample
jre/bin/awt.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
jre/bin/bci.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral20
Sample
jre/bin/bci.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
jre/bin/client/jvm.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral22
Sample
jre/bin/client/jvm.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral23
Sample
jre/bin/dcpr.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral24
Sample
jre/bin/dcpr.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral25
Sample
jre/bin/decora_sse.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral26
Sample
jre/bin/decora_sse.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral27
Sample
jre/bin/deploy.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral28
Sample
jre/bin/deploy.dll
Resource
win10v2004-20230221-es
windows10-2004-x64
Behavioral task
behavioral29
Sample
jre/bin/dt_shmem.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral30
Sample
jre/bin/dt_shmem.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
Behavioral task
behavioral31
Sample
jre/bin/dt_socket.dll
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral32
Sample
jre/bin/dt_socket.dll
Resource
win10v2004-20230220-es
windows10-2004-x64
General
-
Target
jre/Welcome.html
-
Size
983B
-
MD5
3cb773cb396842a7a43ad4868a23abe5
-
SHA1
ace737f039535c817d867281190ca12f8b4d4b75
-
SHA256
f450aee7e8fe14512d5a4b445aa5973e202f9ed1e122a8843e4dc2d4421015f0
-
SHA512
6058103b7446b61613071c639581f51718c12a9e7b6abd3cf3047a3093c2e54b2d9674faf9443570a3bb141f839e03067301ff35422eb9097bd08020e0dd08a4
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{42C5FAAC-F672-11ED-ABF8-72008553F1F6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "431175634" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31033983" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "448206902" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503d8b1b7f8ad901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a97000000000200000000001066000000010000200000007dccaf30963c849af5a316161893813201781017af35c7013578b872b60935cb000000000e8000000002000020000000d8e8f6c829349714c0e150eb93c95e59b73e329fc635c2ca6ce413acb55be2c520000000ac865e46ea183f775cca3d0cc528edf57a9c4c4948fdad724626b17a79c2affc400000009d1fff74d8f94102d21376f79bc5ffe287b00884edc58e0c1cfe079d35058d27f91468ae5c7efb87378eaea2423d25ebdfc1225cb7c62442be8a330611f27f4e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391285592" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "431175634" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100ba31b7f8ad901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a970000000002000000000010660000000100002000000076fbe4724744585452293c93ef0a92e32b5baabb7f96ff013a4ad2bfeace5092000000000e8000000002000020000000fce65f95ddbf7abfea2f95866dab889e05cad678c06624be5c34428e62d8b530200000006e0b2f15f848801d87f2ca7904b38a4ebbd211e471039a27262acda02c983e87400000006092e824ea1fb67557a81734ed2bc80505b1955f0949656f3ebed3bc773409c6727fec5966233cd74a5294a7ba72257feb8b254533f797f3bd26a8a1587744bb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31033983" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31033983" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3780 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3780 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3780 iexplore.exe 3780 iexplore.exe 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3780 wrote to memory of 1856 3780 iexplore.exe 80 PID 3780 wrote to memory of 1856 3780 iexplore.exe 80 PID 3780 wrote to memory of 1856 3780 iexplore.exe 80
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\jre\Welcome.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3780 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1856
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD539a2b6d5caefca4fa6551e43248c2076
SHA19d79fe260d66922386720731d276d7b1027dbd33
SHA256c91afdf51e6b6e391c701a4ae3fc73721c600cdd718f59df37065efff311a872
SHA5120c41ca07519b5d12b20a2018ae83807f8f644446e8e8b940287532c806e9357f57d0c78187f30b07641f06d1b6b531db181e04f62bfc5cc8132c6283237588ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD57c6879180a77a07fcd0cf6c3411d34d8
SHA16fd345fab5d9015d5f97f05614889d80c77f1e87
SHA2566e004e97029ff852322cadb839d4d6be05e42d3b80f11ba22449a32560e7282d
SHA512fae0fc385d1cb542858498a7d201a1e411233949ef2a06ced3e1f737cd69c07fb23beda7a0de677b0f781f0fd6bf5adc69164df615cb602ba81c29d4c522f26d
-
Filesize
18KB
MD5e2749896090665aeb9b29bce1a591a75
SHA159e05283e04c6c0252d2b75d5141ba62d73e9df9
SHA256d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7
SHA512c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5