Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7ECOVACS HO...re.apk
android-9-x86
Alert.5a409410.js
windows7-x64
1Alert.5a409410.js
windows10-2004-x64
1EcoJsBridge.js
windows7-x64
1EcoJsBridge.js
windows10-2004-x64
1EcoJsBridge2.js
windows7-x64
1EcoJsBridge2.js
windows10-2004-x64
1NewWifiCon...l.html
windows7-x64
1NewWifiCon...l.html
windows10-2004-x64
1QuickComma...f1f.js
windows7-x64
1QuickComma...f1f.js
windows10-2004-x64
1alloy_finger.js
windows7-x64
1alloy_finger.js
windows10-2004-x64
1app.00e062d5.js
windows7-x64
1app.00e062d5.js
windows10-2004-x64
1app.2fc74ed9.js
windows7-x64
1app.2fc74ed9.js
windows10-2004-x64
1app.881a56ea.js
windows7-x64
1app.881a56ea.js
windows10-2004-x64
1app.c0606f44.js
windows7-x64
1app.c0606f44.js
windows10-2004-x64
1chunk-38f1...134.js
windows7-x64
1chunk-38f1...134.js
windows10-2004-x64
1chunk-4849...bee.js
windows7-x64
1chunk-4849...bee.js
windows10-2004-x64
1chunk-5735...b2e.js
windows7-x64
1chunk-5735...b2e.js
windows10-2004-x64
1chunk-vend...05e.js
windows7-x64
1chunk-vend...05e.js
windows10-2004-x64
1chunk-vend...782.js
windows7-x64
1chunk-vend...782.js
windows10-2004-x64
1chunk-vend...c3d.js
windows7-x64
1Analysis
-
max time kernel
141s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
16/08/2023, 13:49
Static task
static1
Behavioral task
behavioral1
Sample
ECOVACS HOME_2.4.4_Apkpure.apk
Resource
android-x86-arm-20230621-en
android-9-x86
Behavioral task
behavioral2
Sample
Alert.5a409410.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral3
Sample
Alert.5a409410.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
EcoJsBridge.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral5
Sample
EcoJsBridge.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
EcoJsBridge2.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral7
Sample
EcoJsBridge2.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
NewWifiConfigFail.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral9
Sample
NewWifiConfigFail.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
QuickCommandEdit3D.61c8ef1f.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral11
Sample
QuickCommandEdit3D.61c8ef1f.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
alloy_finger.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral13
Sample
alloy_finger.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
app.00e062d5.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral15
Sample
app.00e062d5.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
app.2fc74ed9.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral17
Sample
app.2fc74ed9.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
app.881a56ea.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral19
Sample
app.881a56ea.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
app.c0606f44.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral21
Sample
app.c0606f44.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
chunk-38f1412d.32d46134.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral23
Sample
chunk-38f1412d.32d46134.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
chunk-48492eaa.477c1bee.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral25
Sample
chunk-48492eaa.477c1bee.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
chunk-5735913f.4e653b2e.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral27
Sample
chunk-5735913f.4e653b2e.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
chunk-vendors.3a3ed05e.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral29
Sample
chunk-vendors.3a3ed05e.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
chunk-vendors.96748782.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral31
Sample
chunk-vendors.96748782.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
chunk-vendors.b863dc3d.js
Resource
win7-20230712-en
windows7-x64
General
-
Target
NewWifiConfigFail.html
-
Size
69KB
-
MD5
10896ae0a43b727ccaa7ec5c508957e3
-
SHA1
8d61f975ff0bbf8b9fa788c91e494c42e01b079e
-
SHA256
797b053afc030835a4829c91e673af5dac4b44589198be6785d2fa0b57667d4d
-
SHA512
c8146f2d01477309800669b935fd456ada111c7577b9544abd21c324ab85ebfa6577fdf863d769950f90eb1945465ee7c0737f91d718c62c4a726d02370f6cae
-
SSDEEP
1536:oeWarn/wsTWEW31C+cHAzoIrNAmX37VsUOlF:oedc4WEA1T++NAC3mlF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "394553743" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FECADCE7-3C3B-11EE-A95E-5EF587AB3AC7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3684 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3684 iexplore.exe 3684 iexplore.exe 4380 IEXPLORE.EXE 4380 IEXPLORE.EXE 4380 IEXPLORE.EXE 4380 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3684 wrote to memory of 4380 3684 iexplore.exe 80 PID 3684 wrote to memory of 4380 3684 iexplore.exe 80 PID 3684 wrote to memory of 4380 3684 iexplore.exe 80
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\NewWifiConfigFail.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3684 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4380
-