Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

099f8cabb9...JC.exe

windows7-x64

3

099f8cabb9...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    099f8cabb99fb8exe_JC.exe

  • Size

    484KB

  • MD5

    099f8cabb99fb81213e8e147b6789252

  • SHA1

    33cd310a8bf80a5b8d862d92562482744776a321

  • SHA256

    b181fb27e5874a8a38afb35208338c71f818d2dbfa312f4c9a44e253909fe1e0

  • SHA512

    edacfc3c4a358c08a9854c7b9b0c283a31054f44315bf6553380df8b5425ede51eb17e9463f56d7f796648448562db56cfef27ca0ffed39dcc86b57d8ae7dd69

  • SSDEEP

    12288:iu4lNAtYytvS5Aku1YLsxdkUoDj9JU01tuMsTp:iwhtvSLuFeUoPo0uM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099f8cabb99fb8exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\099f8cabb99fb8exe_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/rxzgzb.html?s=154&v=155&c=185&a=175&m=&t=1615031814
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2096

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    edad74818eb15f056373c9a7db903de8

    SHA1

    360f7e006e3231cc899b00b570349e0b503a2a42

    SHA256

    8dc6dd46e04835cf3c0f93fc07fd6c7c4c1c4d4bd66eca9f9d36644118823f1f

    SHA512

    d51a80b368414ca762355c0bf05380b30811120ad76ac29b86bc6f40b684a42b94b990f573030ca03f9855d8a1d9b0dbc209cae6db217800248e7c7510c43a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db1eb4e00e0fdfcdc5f18cb4d5b8b506

    SHA1

    40eac2b6d5caa0b641e898ba6f2df8149ec82465

    SHA256

    3d49ebf7192aa2b34aa1046d36efcaea40fefa5666e85e36a711bb2be2d92eff

    SHA512

    6dd6b28c5a362b19b3c21ff94fb62b36089b2c9db69a2a1450542b5d963d87bb6dd7d59dcec8414f6cc245363a31db74f65542c60cb22a6df0e65054b649e324

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59a319a7991e786d2f0102beb0ad5df1

    SHA1

    91860935e8064ab3e7776bfe9c9681c70dc1113d

    SHA256

    3b4bb1adb058564de0fefb1ac7db13db2539c514355692fe4973f45cfc3fa895

    SHA512

    c0ad1c43c4756142c0f1beb3d867582c49065112413fd10fe2de42f5cce8ee03f0f9b1370a8a06411132f9c2c47f28263231f18f3d293ba85d738bf3f2588b2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12fd88f1182a76e77e80f474cb021c0b

    SHA1

    24030901f39e75a5beddafecfa2f3332386b3355

    SHA256

    3ea5a5fe081d514d0c74f3c2c7ad20436f1ff657fa5a3940a80d6c2238ad50ac

    SHA512

    610732c5123500e52f265af6af5113c5798475b26a5a75815b6029df68fce64cbdd6e230e6f5cf464ec19781489d86bf45430720ba76119b7dd93986a85b34be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5bcec2fe323ccf513b59851799f3a56

    SHA1

    9aed373d4c761e326877fbeae93140387904064e

    SHA256

    a0ee4868bba18ab089c6223cce325798229789d72204b96412932844b14df905

    SHA512

    c7178861d3360ceb3b135190d2d4d4adbdd23ca82a74474c004759d67559079ba9e1da85687ff8fd308b942b86b925aad4f9c4d37bf1195b2749dad73f0e5128

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04268bceb605211872ce155d4f3b00d2

    SHA1

    e3143633f070b7838e0be1046d765bfdb4e11441

    SHA256

    4757ee2e6cfa197e007bf02dc3ccad20286362235eb0af3e76a1ace1f3e60b3e

    SHA512

    3387a2170392e55f6e8f89c2c57d45eeab5ec98cd984c6bc5024bbc682e21652a8aaac5c49fad9d44ccd544adaa3bb9f86bd65738bd7880a0bef5a34187a5b6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b24808c85c1a2c9a5804036910a1694

    SHA1

    37bd04a1ae2862ec25aa3327b91842c628fbeabb

    SHA256

    0827a148ce6968bf1dedb4180ae98693d5a978aecf5ea5856cdc0d7c20a10dac

    SHA512

    611325cfb2020e6897ac900d31de30c4d37725ca927ee91c1294a0a9a25bfb70a603808f1d3edc300f8568592dd8a792d0f79983b080fc2c5f2ab3e4bc2acf87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3bc1882dc8cc3c2c58e8f05ae9a466ba

    SHA1

    072e60c47fc6eeaad9f5b57ce6d9b7943ff3441c

    SHA256

    cbea32a0b121cc7f48d241146311deff576f92a83aaf67922ea866d3ede66474

    SHA512

    996a49bbc94f95ac7fd9c71b857f55bbab94a1a7be5b42c967484e686b5eca8a6af2888f62e2dfd185f600c1efe83248d02a3899f2f4dd2f0652f7392e93122b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    807d5378b19e511bbe04468e3b50664e

    SHA1

    d63deed4664c61e0f337f1bb07bbddfbafcd7d16

    SHA256

    856f4c356248170c4e76487e4b0a5548c297bad43c0092d3c5fb728fb3cbb44d

    SHA512

    d8ceaf2cde1176a8d20cda51a7b639a4f624f88a9c9d106e888c33562dafa5371f3c27fe4197ae79d2d8435439225615d24caaa593245f6c917b2a7423fdc921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    807d5378b19e511bbe04468e3b50664e

    SHA1

    d63deed4664c61e0f337f1bb07bbddfbafcd7d16

    SHA256

    856f4c356248170c4e76487e4b0a5548c297bad43c0092d3c5fb728fb3cbb44d

    SHA512

    d8ceaf2cde1176a8d20cda51a7b639a4f624f88a9c9d106e888c33562dafa5371f3c27fe4197ae79d2d8435439225615d24caaa593245f6c917b2a7423fdc921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    246d5c4bde5e939aaedb219f702c66f0

    SHA1

    31051ea0c4fc08922e8bcace539f0e06003449f8

    SHA256

    e688ec21e2d17b8b2d96dc5a8eb183dd846a5bfb27d0f64e5a88ada0b1c57cd8

    SHA512

    6d2f506c2406c49b6ac6c895321f8966cf1d30b3e2e071534761eeb8c97f665bd7ca1ebca08eb6d1ababd36673056e03036ac12604f68b5d47ca7cb3b9942534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ab580a59f97ce8242ed436eee95e645

    SHA1

    1f89b19f67c51416414da75b07c344021985109b

    SHA256

    5b0969e2bc328ea7d750349ba31fb0f9b1e22e40fed20b9b2c982bd49b2bfa38

    SHA512

    94a30d06985367c1fda0601b79b3648ed8d97a769f53e4620e9ef5b8ff03c29b3acc8a02b495e417d039d5ed1b9fa6d7f39f02e1948e2b0c83755b1ecf63b01c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0m8v9yh\imagestore.dat
    Filesize

    4KB

    MD5

    459f6d1bdffe102a252072ee1819e62e

    SHA1

    54b60a28cf690d40f76ced13992a28876d5d2e69

    SHA256

    4a03158bc4299b71811fbdabd3cfbfe041529aaee55c5d5cdc1b738d5d9a7b51

    SHA512

    8fff088554e283d8e28ef3bd4616ebbffdb8c0f99bbbe4f50da4e26dffd3192624f4b3151d4d22a7cc532f8d212fdfac0c0e42eea8c13c77b140d83584c89e09

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SBJDRU3\favicon[2].ico
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\5[1].js
    Filesize

    10B

    MD5

    74e1080b5e3125ca3a5abc7b340399aa

    SHA1

    b1e150e5809482e54c347d440f1824179c0d6d5f

    SHA256

    623017a5748ff1b4e9d0f227f5cd58869ae4959d1ca8fd204c9441cd11e2695b

    SHA512

    51985a333a6c225976863cf49eca3492f5b8a61f525d08d0bc69c25a7eecaad6fc3ec6f71420f06bb1c3fbfbd197eed6c5c4a99929bd0dbdee73ec2f88265f80

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UORESFNG\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab46A4.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4772.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\08175G1I.txt
    Filesize

    608B

    MD5

    0ecb02f9948d4f9c2e8b5ba5ad90ec61

    SHA1

    4535c85d1de2ad3bddf9a077ab6fab2ccca2ebe6

    SHA256

    3a90518b1d07990b5b02c03dfc1da6a112ebc2e581834f6d0b54091e30f637ff

    SHA512

    c888d8c1b2be10e0016ccde474525f229ab53fbb85a1349281317c412c928dc0e528c8386f712cb6c6c2f40009b77960321d85de40d8d15f1feb93dfead76d86

    Download Submit