Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7SHAREit_Pr...OD.apk
android-9-x86
6Home.html
windows7-x64
1Home.html
windows10-2004-x64
1WebShare_JIO.html
windows7-x64
1WebShare_JIO.html
windows10-2004-x64
1chunk-vendors.js
windows7-x64
1chunk-vendors.js
windows10-2004-x64
1client.html
windows7-x64
1client.html
windows10-2004-x64
1client.js
windows7-x64
1client.js
windows10-2004-x64
1default/index.html
windows7-x64
1default/index.html
windows10-2004-x64
1online.html
windows7-x64
1online.html
windows10-2004-x64
1shareit_go...x.html
windows7-x64
1shareit_go...x.html
windows10-2004-x64
1shareit_go...0e6.js
windows7-x64
1shareit_go...0e6.js
windows10-2004-x64
1shareit_go...7bd.js
windows7-x64
1shareit_go...7bd.js
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2023, 03:28
Static task
static1
Behavioral task
behavioral1
Sample
SHAREit_Premium_v1.1.48_MOD.apk
Resource
android-x86-arm-20230831-en
android-9-x86
Behavioral task
behavioral2
Sample
Home.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral3
Sample
Home.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
WebShare_JIO.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral5
Sample
WebShare_JIO.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
chunk-vendors.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral7
Sample
chunk-vendors.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
client.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral9
Sample
client.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
client.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral11
Sample
client.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
default/index.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral13
Sample
default/index.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
online.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral15
Sample
online.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
shareit_gobang/index.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral17
Sample
shareit_gobang/index.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
shareit_gobang/js/app.a6f290e6.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral19
Sample
shareit_gobang/js/app.a6f290e6.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
shareit_gobang/js/chunk-vendors.c7ff87bd.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral21
Sample
shareit_gobang/js/chunk-vendors.c7ff87bd.js
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
online.html
-
Size
1KB
-
MD5
6ee8ccd848c6b6db0cf9e594f6ae2b45
-
SHA1
601d3b50cda62f978c520d5e18138e1c7b46655b
-
SHA256
1cbaaba075ea7cd88c84cd42128ea0bbf314e545199099440e2b80ec32532565
-
SHA512
03478a2f621bb6914ca03660cb3d1be266b8aea4fb25f2d38b492b430221b4ba1c1535ec5cb5d8d9dec3b6ff0f5a23db3428e07b1ce283515e168c24d5fe214a
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1333978767" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063747" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1321008694" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404069222" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063747" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7A4343B7-6AB6-11EE-9D98-EA4CACEB3552} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000d6fd587c1c06ad91f14f41ee15d65f85beb981751ecc82e75d7fccd9a018f79e000000000e8000000002000020000000d5ce2b0df579e39cd16751b295bcd9712f5b10308e39f851e49ee3570968061a200000004d246c38cccc03bff27b19d1a83cce815406eecbd8c6fcdb82fd0f742045f3bf400000005538fbf66d97a192492b51d690a636f3ad630d1eb064b93674ac8caa8c82959cec56008dae2ead331d9967ac765d36e88e36bfcc3364c603ee6f93ae405c018b iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d50152c3fed901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a31952c3fed901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f000000000200000000001066000000010000200000009260a498c7014271e71483189083b89497d7e9557269ed27840503887cdbfbe2000000000e800000000200002000000057c886f85d727b301bb9902bf6ad40822958a304cfcfee3d61e60766047a935c20000000d66deb9fde01d995c1a4bce781ba10c76970a643805cde6ba2330219c0cdadca40000000c557c8a91dad861ed14ff4a9cbcd168ce6197fb199b666a93934646261de977166665b9b50dc0fb414c5ded14b97a792c4595712b74c182c7e028a3d1d2bf9a8 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1321008694" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063747" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1168 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1168 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1168 iexplore.exe 1168 iexplore.exe 1080 IEXPLORE.EXE 1080 IEXPLORE.EXE 1080 IEXPLORE.EXE 1080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1168 wrote to memory of 1080 1168 iexplore.exe 82 PID 1168 wrote to memory of 1080 1168 iexplore.exe 82 PID 1168 wrote to memory of 1080 1168 iexplore.exe 82
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\online.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD53a8f7562a19eb358f4f065fbd62bc2b7
SHA1670da318553257ea1ea62f90471c51f9a5183c74
SHA25618a194531c88ef18aa5d8f74fa481238b51607af8401946e37f3481c507f5b2e
SHA512d2eb83a3accdcbd9f671b9cc2c08ffb90989d469266e67eaf1ade8f62e99de557ca089a0a24ac1e26e37faae40b8dd1523d258941e347c04f23fa7cc22b1e1f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD50305a8c7c99a8668aa043528118e5438
SHA16838d8f49555f40d7fe6a7a17caacaefcb7b33e1
SHA25601104a7361457a4acf073cd3e892475515e4e8871b326cc9d234fec2942e031f
SHA5121169eed4c9caa0d6691697033cbd6894fe1d964ff31295abff5e9dc7b7f3cf28797478a2b56c638658e378150945e170ac57bbbb860ebbae57999221bd711f49
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee