Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
1a2731e6bd5...7c.apk
android-9-x86
1a2731e6bd5...7c.apk
android-10-x64
1a2731e6bd5...7c.apk
android-11-x64
1ad_h5_stat.js
windows7-x64
1ad_h5_stat.js
windows10-2004-x64
1configuration.xml
windows7-x64
1configuration.xml
windows10-2004-x64
5configurat...ew.xml
windows7-x64
1configurat...ew.xml
windows10-2004-x64
3configurat...ty.xml
windows7-x64
1configurat...ty.xml
windows10-2004-x64
3meitu_came...ms.xml
windows7-x64
1meitu_came...ms.xml
windows10-2004-x64
3meitu_imag...ms.xml
windows7-x64
1meitu_imag...ms.xml
windows10-2004-x64
3xx.ArPublicParams.xml
windows7-x64
1xx.ArPublicParams.xml
windows10-2004-x64
3Analysis
-
max time kernel
134s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
02/09/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
a2731e6bd555142f43622734f8b3a6c27672831269fe6cafdd98d53cba75b57c.apk
Resource
android-x86-arm-20230831-en
android-9-x86
Behavioral task
behavioral2
Sample
a2731e6bd555142f43622734f8b3a6c27672831269fe6cafdd98d53cba75b57c.apk
Resource
android-x64-20230831-en
android-10-x64
Behavioral task
behavioral3
Sample
a2731e6bd555142f43622734f8b3a6c27672831269fe6cafdd98d53cba75b57c.apk
Resource
android-x64-arm64-20230831-en
android-11-x64
Behavioral task
behavioral4
Sample
ad_h5_stat.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral5
Sample
ad_h5_stat.js
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
configuration.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral7
Sample
configuration.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
configuration_beauty_filter_NewSmoothHight2D_Preview.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral9
Sample
configuration_beauty_filter_NewSmoothHight2D_Preview.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
configuration_filter_beauty.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral11
Sample
configuration_filter_beauty.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
meitu_camera_function__builtin_params.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral13
Sample
meitu_camera_function__builtin_params.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
meitu_image_function__builtin_params.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral15
Sample
meitu_image_function__builtin_params.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
xx.ArPublicParams.xml
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral17
Sample
xx.ArPublicParams.xml
Resource
win10v2004-20230831-en
windows10-2004-x64
General
-
Target
configuration_beauty_filter_NewSmoothHight2D_Preview.xml
-
Size
4KB
-
MD5
cf33e6454122b54bf90e532d4e343515
-
SHA1
e938f4d6e08f0aec72113afc1b25da5eebbb77fe
-
SHA256
7ecfd530f11092c0c92cafd432dd40f8a588b45c8e73ea0ea2618bcc3cf141a0
-
SHA512
349aa43eeb0c77e1eb2d2778309e7f57e80c50127ad67a341954f094f958edd8981cb7e089a74995486dca336c3bc39d754c33af88e16b4ba6a99716b150e838
-
SSDEEP
96:Cydt9AQDlY+ODDlEOiiUX58G8XIdEqQ+EkcRoMQHc:XSQqdD2O9458Gu6Q+E/lkc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03af410e9ddd901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000008114a4b61aa5dddc19327ac4f0deb3568f599f8e54743389a73a444621eed1be000000000e80000000020000200000008fdb5d71122c991b86f4e7f429a4693a5fe2711df2e1a7e3d58fe26e17ccb91c900000007233c8dac2e0a7bb6155ded2a626f26c10228fdc742069083b071871f2e30c8f218ba3ce6838cbe12c11f72a8d53d566be486f7db2f04b01a084aa84ee81cd951c5f225db3800bbaca071c462daea64b82b3c80b0e22a2bb74d26cd0b553f55eaa17237c3f914cb71733bcfd5918b44003e490b39458bca84050ae6fd0bfa7b47f7b1af30318327b9156d68f07c90fc24000000042ef895fef703c4a79d61bcbf6c580affe6fac1c98b332936c296f09343cc85103d8b414d9ed1012871a8a7583dbd2a2592ecbb7ae2b74fffd6d473bf3050ebc IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399853943" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000f6792f431b10031bb949a535e8ee8923ae11b996adb9dd44b22827f23ecd1e27000000000e8000000002000020000000f54289fcfe6e5c75a759930b144530a71685980e4c0daae2546e29320d93992c200000001ef31a7be7b2e7454938fd7938f7b32607efecc8fdfc7dcaebd9ddfaaba98a654000000022fc7dfa759463fd2d8167486d3872a577ad64517f8e373e5592417ee92e26cdc82d4e24f4133c8bec2a4fbd36c5b14454b0d13f6b64a926a92b27f852af1e03 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BE934E1-49DC-11EE-B333-7AA063A69366} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2332 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2332 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 744 wrote to memory of 2300 744 MSOXMLED.EXE 28 PID 744 wrote to memory of 2300 744 MSOXMLED.EXE 28 PID 744 wrote to memory of 2300 744 MSOXMLED.EXE 28 PID 744 wrote to memory of 2300 744 MSOXMLED.EXE 28 PID 2300 wrote to memory of 2332 2300 iexplore.exe 29 PID 2300 wrote to memory of 2332 2300 iexplore.exe 29 PID 2300 wrote to memory of 2332 2300 iexplore.exe 29 PID 2300 wrote to memory of 2332 2300 iexplore.exe 29 PID 2332 wrote to memory of 2656 2332 IEXPLORE.EXE 30 PID 2332 wrote to memory of 2656 2332 IEXPLORE.EXE 30 PID 2332 wrote to memory of 2656 2332 IEXPLORE.EXE 30 PID 2332 wrote to memory of 2656 2332 IEXPLORE.EXE 30
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\configuration_beauty_filter_NewSmoothHight2D_Preview.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2656
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf