Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

CrystalDis...il.exe

windows7-x64

1

CrystalDis...il.exe

windows10-2004-x64

1

CrystalDis...l4.exe

windows7-x64

1

CrystalDis...l4.exe

windows10-2004-x64

1

CrystalDis...48.exe

windows7-x64

1

CrystalDis...48.exe

windows10-2004-x64

1

CrystalDis...it.dll

windows7-x64

1

CrystalDis...it.dll

windows10-2004-x64

1

CrystalDis...it.dll

windows7-x64

1

CrystalDis...it.dll

windows10-2004-x64

1

CrystalDis...rs.dll

windows7-x64

1

CrystalDis...rs.dll

windows10-2004-x64

1

CrystalDis...h.html

windows7-x64

1

CrystalDis...h.html

windows10-2004-x64

1

CrystalDis...8.html

windows7-x64

1

CrystalDis...8.html

windows10-2004-x64

1

CrystalDis...n.html

windows7-x64

1

CrystalDis...n.html

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...min.js

windows7-x64

1

CrystalDis...min.js

windows10-2004-x64

1

CrystalDis...64.dll

windows7-x64

1

CrystalDis...64.dll

windows10-2004-x64

1

CrystalDis...86.dll

windows7-x64

1

CrystalDis...86.dll

windows10-2004-x64

1

CrystalDis...64.dll

windows7-x64

3

CrystalDis...64.dll

windows10-2004-x64

3

CrystalDis...86.dll

windows7-x64

3

CrystalDis...86.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 03:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CrystalDiskInfo_9.1.1 #azo 病毒 0 (112.07.13)/CdiResource/dialog/Graph8.html

  • Size

    8KB

  • MD5

    95e946a56eaa284e0167d5669861315e

  • SHA1

    80c69fb76714856274183d72da863b65f63dcede

  • SHA256

    715663ab9ac4f2b0de86ea36c90436550b648e8d79f35b2099b904071ff3608c

  • SHA512

    75fa148c3a38ab07751100d23e574d94ab9073a4a6611f3262a6ebe9e33e509a6e0152c44f87d73448c751c31047fce7f8fbef1bd3eb2c99e340866bbdd8b066

  • SSDEEP

    96:7fkOs1PJEpKltJtAZ29Ni7/3j/Rj5LNscioCIq9Xr9MDoevklwew+K:7BMEpKltJw29Ni7t1LNsBojvklwew+K

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\CrystalDiskInfo_9.1.1 #azo 病毒 0 (112.07.13)\CdiResource\dialog\Graph8.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1544

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1dadde952c242b15e46d21e48fefd62

    SHA1

    b81876a479441668b06018291776e076dd6bcce9

    SHA256

    70817218e00be4149150b449134355ba8f00c6fbac18bbf22adfc1a6371e7af0

    SHA512

    5812ac6f923bd0aa44bd64b3e2fbab28b81b7ae058ce65f7f67ec29bb2b557dc610e5811bc2dce1572417a832b8dab1298fb4eb488a1613891347bb519412489

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3c72311c7cbca8c8a87ad4a1a41f0afe

    SHA1

    bb87941a74ce9766c8d298554b72e5f6a8aa28ac

    SHA256

    b50cd5b6c5a56a879a0f8b94fbe0d95701cbc3ccf407dc0910653e356e2a1713

    SHA512

    7e355277522b9f61c5f4802315f37d54b177d66a1a08f21dfbb0988618e4d100b0725677496814f86eef7dc3110ca9b0c2a4147f5a25be5ba7be7ae9b8f21aac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d1c313cd0704700c407c6dbda1220ab

    SHA1

    8f496d3c18e9ed55d1c7bcdb588336e316e17c93

    SHA256

    ba6d0712b91379dc697759f5504ea5e236e6994b55de1e067597745ada8e59a8

    SHA512

    2cd044826e220cb21e58f37a4c6df3bd4c2ff57ecbe1f27b1e6ce1d908d4407676d46d5b5f33d7dbe994780cf4452bfa78dc8d05530a72d8c76c966bb05f6c1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83dce1e754d051401891245244b8e0dc

    SHA1

    52fa117cd25703c5036439787ee350dfd2957c56

    SHA256

    6c1d968a6850a8cb0a02a744625cc500984fe917915a899d4707d3080794c20a

    SHA512

    e3580928652fc1419a3da590ba14ccd531872bd90286a79c6a8ae48aa8d8bc46b656ccd5ed7e36a991586c989c3823f38f47e8f370a81c3801255deac5eaf2fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd4af0db6a676bac92ac1f8a4d8314a9

    SHA1

    b1645c0865e28bd705154e532304a7091e798145

    SHA256

    7649313074605b87a5d188d575bc5224a6d99e7244284bca52a7aaa8c645a13c

    SHA512

    c1131c0d88e62a6d6f6abf5da877060586eaad0daf047965fc5b0b965b9e5c7f9407c378046f5d0a41074605853a47133919383689f0de8e17162ff6dbe8c1f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64WRFCMO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAD04.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarADA3.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZPWXEAIE.txt
    Filesize

    606B

    MD5

    30016b897e1b2007fa7901de9c6f0f79

    SHA1

    8dfaae4a4ad6f9de2d41c90488f450ab9bb34175

    SHA256

    561021d2cc231cd92cc0a0dde31fd09fbf8ac1270dd6cfadffaf6d5c816b82ea

    SHA512

    b8cbf9f086a25b4eb1f99983df471b5e5804beac0a4a76e11a6ec7047640630d101a81562ea6521f10575824f83ce1141d9e13e3c764055dee3d70bd22d0ff5b

    Download Submit