Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

CrystalDis...il.exe

windows7-x64

1

CrystalDis...il.exe

windows10-2004-x64

1

CrystalDis...l4.exe

windows7-x64

1

CrystalDis...l4.exe

windows10-2004-x64

1

CrystalDis...48.exe

windows7-x64

1

CrystalDis...48.exe

windows10-2004-x64

1

CrystalDis...it.dll

windows7-x64

1

CrystalDis...it.dll

windows10-2004-x64

1

CrystalDis...it.dll

windows7-x64

1

CrystalDis...it.dll

windows10-2004-x64

1

CrystalDis...rs.dll

windows7-x64

1

CrystalDis...rs.dll

windows10-2004-x64

1

CrystalDis...h.html

windows7-x64

1

CrystalDis...h.html

windows10-2004-x64

1

CrystalDis...8.html

windows7-x64

1

CrystalDis...8.html

windows10-2004-x64

1

CrystalDis...n.html

windows7-x64

1

CrystalDis...n.html

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...64.dll

windows7-x64

1

CrystalDis...64.dll

windows10-2004-x64

1

CrystalDis...86.dll

windows7-x64

1

CrystalDis...86.dll

windows10-2004-x64

1

CrystalDis...64.dll

windows7-x64

3

CrystalDis...64.dll

windows10-2004-x64

3

CrystalDis...86.dll

windows7-x64

3

CrystalDis...86.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 03:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CrystalDiskInfo_9.1.1 #azo 病毒 0 (112.07.13)/CdiResource/dialog/Graph.html

  • Size

    8KB

  • MD5

    1f2f281f50cdefb6794c9c87133b89fb

  • SHA1

    6aaf495b5eba156f3b6d69395a022251f54e8460

  • SHA256

    00ceba3cca57b7ae140f077d6aebb88e172f69b4cc0c8879c5be7f2734a989f8

  • SHA512

    c1d8d99104f0dfc0f3417c6c0a2519ab9508aadecc573b6c338614237d6d91ce03825b4b978a3a9a03272759d7d566d1bc7c60b7742b4f83a8ad1b9d943e906b

  • SSDEEP

    96:7KkOs1PJEpKltJtAZ29wi7/3j/Rj5LNscioCIq9Xr9MDoevklwew+K:7CMEpKltJw29wi7t1LNsBojvklwew+K

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\CrystalDiskInfo_9.1.1 #azo 病毒 0 (112.07.13)\CdiResource\dialog\Graph.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    977451a360401ae3354aceb6c88ed03c

    SHA1

    74b890a688f8fc76ce7cf4b24e98db91d6555b1c

    SHA256

    afcacb48a2d7cb72930be027893676045898c0e7a78a66e7a12c90b6a8512116

    SHA512

    8f3a80867fcf9b5a5700d21b59dff3c34e7f238973cd59bfacb53754e945691ba94c63b262f1e35b253821436ac17873fcbb65524b0848e486d878395354a168

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63bedf27b39e13f2f1cd8d157963219f

    SHA1

    f9ead1f746cc9286d4673f53172e8adceaa251b3

    SHA256

    0a79181cf09983973e54dee38e4b79e39dd26dfd273cdbb635b36fc18262a8ef

    SHA512

    3751f77ea3416d35f9dbc2cade490f3ec3411b45f80e6eb1dd7051c3a95f7dca7c7fba0e4516ce979aa3f3a8c7f3a30d506d569ed9c8728cc71cf0e5505cc4a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce4fc27c2d600cdb24afc1a26b12632c

    SHA1

    d716d6f5a7b25fda4d3f00c0db22ad38af700e33

    SHA256

    9b3bd49235b2b016ae566051062f7e056807f574c29cdd8ce9dd38938e9810fb

    SHA512

    d2227d28a7945a0883755b9733cd44b27d381522fb3d39b0648c754497af2449ae5aec6a2d8d7e095f4950d7e4661adbfba92f9a9290358f5ad5fabe23d76d51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0457d4cbb7184686ab617c606a1a2be7

    SHA1

    7d925ab253859cca254da7123e7547689e860197

    SHA256

    734b2ddd30d75729c981d26ea0e2238a6f1c3abdb9a74f7db9c951d9e856b8d4

    SHA512

    38547318e8cd1011eb1d338b4a83d552d2a9dd9e2658240e0e912e714a73b03be774cd253587f806f13b287b32d30b282f957db59323fe4827e5be5d4a2237a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf0b669f3c8e69e6d0778ebc16638f46

    SHA1

    ce789185f468fccf3e6bc1e4c68211032dcddf1e

    SHA256

    0682077a4776240f269e88d2e3c0e13795e8e7ccea1bcac500904bd56818ae0d

    SHA512

    61d39119a936acd20385a35a69cab724c41bad5ef91687406628dfee1b565fcb6eeb0e3503e43308c1454f3bf2f5bf0de548875185fcc714361ca98151712f5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2f4a3d5d9e03e2d244c82ffa3d2cc66

    SHA1

    6e5a7e2344b383909bb23c4427af5c2a7ffe2148

    SHA256

    3130c7ff81e72111a0a6cedc658978f45715e47fa3e18992db875d329a0e13f1

    SHA512

    019dc0a8b4ba5dea4375f7863f6a501d29377f6eaf81014dfbcf533fd4df2719ba4c3e5ac0225dfbc9ad8c025b37727980c87c110e142ef7efb8e684a402cd61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a7e11ce2a639ef62a1c0ad8f80e236b

    SHA1

    1881165bcdecee2ef00f7ac4026f8f8fdb864bd5

    SHA256

    671fe09b2af427f0e90e4a2920b6e5f1bdbf9415bc39712ec7217b9d6177a32b

    SHA512

    259663154ada67b231bbdb8de28eb7daeb558c459943c7e118519d75fcccdd58fcb49f30bc819b8259c8a97023bf564c43f1fd3990a1af76622ac3bd758081aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA130.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA2AB.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F9JM1T3Z.txt
    Filesize

    608B

    MD5

    0eeec04f086cf9c055b6d2c3e1c8a42b

    SHA1

    02862e6a9a041e9021906a2362a178ec87fdcf6b

    SHA256

    012c376652a0b415f58a887984e191183628d2dc1d8e9b4aacda0bc88fcbc2c5

    SHA512

    94a3e322910d46f5883c0b616186a0179015657b6474b434d2cac4b821668aab399b5da144b92905eacd44145678e5302fe6e1cae2a6f879d2f0834b9713f636

    Download Submit