Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2023-08-26...JC.exe

windows7-x64

3

2023-08-26...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_186bd3449422b4a0c6db7d28d86019a7_mafia_JC.exe

  • Size

    367KB

  • MD5

    186bd3449422b4a0c6db7d28d86019a7

  • SHA1

    5ad2566a99f73e6c8fa1b165ec71605a4c72991d

  • SHA256

    ae31fc247034b9021268f93b02a1c8b710e1fb52eaabe093aba12f59942a1997

  • SHA512

    18576a3a67e2a1361721669522174d9860c599f1f818b5bc1fabfba4b8244a6f1504c9f02f6e93602fff1bf0b55ca40657a7c371cc6510515b167a049378b6f9

  • SSDEEP

    6144:vNgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXCk47l5Olw8l:vu4lNAtYytvS5Aku1YLClN8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_186bd3449422b4a0c6db7d28d86019a7_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_186bd3449422b4a0c6db7d28d86019a7_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/ds2taob.html?s=92&v=93&c=94&a=376&m=&t=1614299382
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05ee428841a147e55a44dce885666ee8

    SHA1

    dcc35ceff104cc0e530ce4e47ec88c28108aff03

    SHA256

    26b6b6737af50f1263d3779644083b14c7b8f8cc970ed294d414a4a64ec2a1f2

    SHA512

    abcf51fe93a5fcbe9be67026f9ae8d16fc9088d053b14e181a65e5853b947ac7e79148cdfa353edab9feb631a141757beff4e4b7a4e7b9e507547e399e245c51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab4b0f17a15807d3a6fd4abcfa8fa36d

    SHA1

    9464322372d069dab82cf0e1402b5fa66c945eb3

    SHA256

    642c1d7e088127cf15df7d63c7ed0496f4ea46dc01dc0e501549906b13622779

    SHA512

    016e17249d5c4515a08bd5c36761f9f948a30dd19c94335b326701be0a7510a267f2a6d5dda76fb0204991e8e6a0f6d595e5b519448499bc412df58085a69514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1624baff675d34404d954110ed990577

    SHA1

    9b9cf470c12b131f957eed7116a4fe0ef4370090

    SHA256

    0e0aeaaefe05cebc3b996e9ae15b4b283bbf319254a230cc0598023713e1c857

    SHA512

    e3e447d452474c04add26a1f4090aac4ea476928e3fa6a6866f42224c03cc0fb4c4bccb8f7ef32e228f0322d9edc2949d70b5cbcc5d6b81c69caa607f4e57407

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd1f6efe44552ed616af1a0b7b8193fd

    SHA1

    37308280cab78022656d205a1a78827b9180df20

    SHA256

    cea7d2c2a908d5043e9425d7ae1cedeb1810921a5741c5c692214db60a93c1b0

    SHA512

    3c14e43f25a2f87119ff88034040df8595952900416cdfec17d02d3df73fc9d505873ac2e4e8d0c91c8a7ad90f0ab138e8b7d459f18fb579f443fc708bf6fc9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85fe50c91b2d75fed3245606ee9bdfb3

    SHA1

    82ccd33d4f4fdd80b327b50b202adb0e20561405

    SHA256

    38b6be2f1121a824862b090f45cb9e8fae191fd67d45e9d9db63a7dad9ed6b4b

    SHA512

    8731a303684fc4de944f2e84ffa27b2e2842fa46239793a32f0e4287ffb49de95a940b97f6a9413c113b461d46cdc4de5e32a29a5a5567a6f140616c8d1eb390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    166d02c64137e6586ee4df12df2e9ae0

    SHA1

    9152bf9e6df89db5d53e7612204a16f9d22298f5

    SHA256

    7f6ffee6fc2210da20e90c3f25a11293402535a5ed70c3bca859043ea0f01942

    SHA512

    2eee7e841922bb0e8ebf708d53068b04c6f3c5c410b2e1c2d7fadf6e607868642d423b61172ac4bf591104ef84f28dd2ccf654c7ae18a8c837f7f743bbb047a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5f0e7efb8a0f244690de9ad454df1db

    SHA1

    0ca034ba7d5ecf79b94bfa53e35b63f776761633

    SHA256

    51272c2b2a4c69034668413b5d9b4c904a0d66010b311543df0a884ca853d58c

    SHA512

    8213ff6c0d8ddde834d51077457e48f80a21632ea5bf468da4682e12794c5f3ffc8058bea4d522a3d2fb4b480836661f830a23162ba3593a95132e11d56078ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    372408dfbd28a31e8b7140c67587ca25

    SHA1

    e9ec1f79803f15232afb4d61d4c0cf1ef712f248

    SHA256

    8e5c5fdbc7450ffce2a5d8ce398d1c60a0903d01eddb312758ed15d953470e8b

    SHA512

    2b2afb3688d5a94dbe143ff7674769bcfff9caf52665241a148c7fa13f1e0caa01787edcd2f9a6035f2573365014396b5c36ed8431804394caba25d3dca62494

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac7832b105f85b2fc8cfe5f89350b194

    SHA1

    493aa7420b0783c58d66951d93ceb456b9537323

    SHA256

    8241526d315139fcfbe4ac18ae41732da58c79a45bf8254e598b4f3b7e8ee4cf

    SHA512

    e8a404b02296a7f4347c351a2062c1e08f3b9236d34939c2a645f7f06c6cdeddfc8d4b687ac911e15d0da4ea57d600bc874cec0c0519ad89b93b526b51d3e242

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78d672a97a969d5d0dc4336717dede18

    SHA1

    cfef50e0312f5a1f6042512e93ed161c40dd9589

    SHA256

    5c279fd1e764972787b7c5a45cad5ee73e1e28d8dfe9198d0bb62e14b36cead0

    SHA512

    938bf7ac3801e664ac2d7cf71596e2af2277cd541d6ac8b197e0e8383cd007f830cc1cc84d7d2310a90e19c826a08d274edddd27822c1b09d6479a4fbbc349fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ee2044f232e60e41f35bcc0f656fd8f

    SHA1

    af7ed823b4920b628c109c60d25f387dc2548879

    SHA256

    7060f63fd73fa60667b4345a0a3f823828737131fc72de89c83f693f3432f665

    SHA512

    2dc524a456eb22c16b2df009359aa15cae0ab30df68c6b10b89f37b52944066bda42de4e633d758fdb62af205d1a8f728f5a85405814de2d7cd9b86582a82047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f9916a1d6795f07cb9c05b772f47da6a

    SHA1

    38220ea392b09a70da7a8fbed7e745d2558a4b12

    SHA256

    35db1dc03dd301b7203709adcd2bdc801f73d458356280d6f7ef8c25440370cf

    SHA512

    76c37be7353b4f96bb65fc57ffe35b515e383ce49aba276e402b0609484b0c49804889989abccdd071abe81bc251749eb846c19fcabe552a7b53d4397a95c0c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30fb471b48c9af6ddd4160e5518c09bb

    SHA1

    fb1b59549ab26b1b4e1c12881e251a74cbda33b5

    SHA256

    382ea305d2cc82a3ef7493414b0aba8f42b82898bf88a27f6cd0ae698fd47a24

    SHA512

    7884d817f363ea4fdae3de37a4837bdd62aa36a51c87f935585391f5a2165e99fcba9d7a9a9499e7b0bf44f910226bdfd2717e4cb668a69fb7b0a60dcd6977da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a7f578d295d65c81055a597b27d819c

    SHA1

    83c6d3c568802b0fd7cb13a08bd557ad78a7925d

    SHA256

    4e1ea90aa814cf8b0d4898bc09af9b97fc9595b2d86cbd146b43f27eef57638c

    SHA512

    25cdda0b2012ca9b9f1d57acbf6808198b4b1c3e1df344fac10ce6e8314d6728b7d6e10c3bfc7d9864ba42296def4fa0b930fc9b0eaab93958a3f18f7b1c3b9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    56b4a992e5299d3c84c2f2c509def17c

    SHA1

    34a2ba7e92c7223f8c9f2531315e343985447f7c

    SHA256

    61c5287f22be240647da57f456f581851dc812ffef0dbb8bd5a512026cd503fe

    SHA512

    8ed5c4e048f41ad7bed1bd9e89a796a4220a0ad4901d1b092a4eb5596fd831aa620e1a1e8d983213e42ba065f8fb62578b5dd3c93f21b9089efbdfe26b435960

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f71d487ca9e70ad233a0ca8928c5924

    SHA1

    7fc3ead6a9b4ec3430fb8e896f8042c4732d415f

    SHA256

    c649869599aae40d4908ca00f58a413eb98947a626f2ed0b77abc9cf35295e3b

    SHA512

    1318e9f7d7e5a486caa66e35c3b8307f944e21f9ec2582efd6cfc7a6bf2f30c2701acce587b2832c56d4b08e2ec86c3a7ab48b12ad0a8960a13625c01473073b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a79375fada63221f25f84671827063a6

    SHA1

    22b0ace0fd28c7be7b9cbaeea2bff38acb2e2f72

    SHA256

    f3088c86a15f4139f51ffb314a97d3ed1c4a247a362f58bdbda5ecd0f371b081

    SHA512

    4f0eeadd25c7d9081c4fceddbd7cfeba2a4b45219544b71b4ae05417845e615ceb98f12ac191e0690e21a84be0793e84461dd5183b29f78efe0c354561bc7869

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43628f4d7c700d91043624d4fcb5ccfe

    SHA1

    e6850ae5148256a201c72f56e8530e043c6f23ae

    SHA256

    faece58bbbed42bacd1fc4ed746043fefd5808861785f2ce2d377293b1147cce

    SHA512

    e59e7b6fc2555d9fcfed6110c1ce1dec2df21cf5029a1c4d5c8e6d7c90c6972664f4d6c5fa7d3319343448eabfb235080e7080ca751fcaa4a570ff8219ee6e96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b356b4ec7c8195ecc9f537e4d8080f1

    SHA1

    712d93f6dd3fb6668db24fe583c0c1864d48f0b3

    SHA256

    ec5509e666a7846fa4f278031d5f19cc379e2c04b542c6b759affa5949c43d39

    SHA512

    1efcf6f4d079f20528321244c3ef07a7ce9def43e238af8e874caea2c3773db0a835a9c33e143d22026ffa4da6bca41b169b69cd78b0affd2286797a361a222c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b063296b8b5fad9091dbd2d6f15bd78c

    SHA1

    3fc582b3a8166f98261c8a0d2d2130dd495219b9

    SHA256

    c14e91ba2efddbd6667d48bbffe783925e95a0fe1f1b2184dda9aae6905fcdbb

    SHA512

    8af12092fbfe32319a378cf30c16dd0e191d7f92956395a81b83e8aa5cc2f5a352f2d839796663f9336525d910c984b619a8c573c6541feeb782c19874abb146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77d6de436a938752f179c26d17312f9b

    SHA1

    e56d40317be72c9c06c5511151c71d024e4bc5f3

    SHA256

    6f517f541326bd81591a6be9b440bf046bf1883f9f453025379fe826eced2ea5

    SHA512

    ffd5be496c8934497866fdf3c03977422d3a12bac55a3f6a5cbc124c646e08adc0a5c7549786ecd128b825ff9cde6f9153768edac1bf3810cb71f67bea73d724

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\233DI4F2\ai.taobao[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\233DI4F2\ai.taobao[1].xml
    Filesize

    168KB

    MD5

    8497c452a7d9786d1d7a301e5065e8b2

    SHA1

    309c86c4c9782fe920f44df136983a59ae69407e

    SHA256

    9450cec0b9ef0edc8d19a4c33a9be5cd74c98f4afd64b3820ea9245f2d3ecbc4

    SHA512

    89a537d0db29954e61917a97a385932c3b7a72a9fd764022b986d5e2e7f027082beab8bf5650424cd03e8820dc9ee9429913fa04ac70292500926adb63bd54ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bucspth\imagestore.dat
    Filesize

    1KB

    MD5

    c70f6c8f48af408430a2a327272f7131

    SHA1

    39350ad3a4e0bf53e30a2de8223bc003054092fb

    SHA256

    8d44e06375f517722fe522529aac8916c40dc3dc49af3c82b13fa3ec9c13b7a1

    SHA512

    b1db964831588627f2f92317622e1eb314a3d91c3b0b499eec3f884ba4ca6cb876ab8a8e13d8f7c45119718462324620b20270d6e48f35d7c73541f66e2ae4ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27V93E5X\TB1PlWbKFXXXXbmXFXXXXXXXXXX-16-16[1].ico
    Filesize

    1KB

    MD5

    fb44dc89394b9c62bf847ee420eaf4b3

    SHA1

    af32d2a4d2213d734cca7ddf0ad309ba0fd2a3b8

    SHA256

    f238445369d41b33020f76c8adaa5774cebeab5045d6ef90c459b68ad1304143

    SHA512

    42849e934319aa28b46a07680d36ae00b83f26f42e61e7c1e5bb1e8f49f381393f0d4d93a9dbb54d7a7126ddb02951ae008d4687efdb6ee0dada6d14eb4cde83

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1575.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1588.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit