Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

360.cmd

windows7-x64

4

360.cmd

windows10-2004-x64

4

360SE.vbs

windows7-x64

3

360SE.vbs

windows10-2004-x64

7

361.cmd

windows7-x64

1

361.cmd

windows10-2004-x64

1

36OSE.vbs

windows7-x64

6

36OSE.vbs

windows10-2004-x64

7

36O安全�... 3.lnk

windows7-x64

3

36O安全�... 3.lnk

windows10-2004-x64

3

36O安全�...�3.lnk

windows7-x64

3

36O安全�...�3.lnk

windows10-2004-x64

3

Internet Exploror.lnk

windows7-x64

3

Internet Exploror.lnk

windows10-2004-x64

3

copy.cmd

windows7-x64

8

copy.cmd

windows10-2004-x64

8

cpa.cmd

windows7-x64

7

cpa.cmd

windows10-2004-x64

1

ha.vbs

windows7-x64

3

ha.vbs

windows10-2004-x64

8

is.cmd

windows7-x64

1

is.cmd

windows10-2004-x64

1

runonce.cmd

windows7-x64

8

runonce.cmd

windows10-2004-x64

8

tool.cmd

windows7-x64

7

tool.cmd

windows10-2004-x64

7

winare.vbs

windows7-x64

1

winare.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ha.vbs

  • Size

    1KB

  • MD5

    97b8dddd4361596cdeb6851a0639d834

  • SHA1

    7f35a8018d53777c449b9703a867c0f41b542e62

  • SHA256

    fa554b0be47bc18d0992bf700e8495ad29237d88413faac60cc1850a51dedb80

  • SHA512

    d3103e2bd9c5e272ae7f80e27c62ca70ee06adb6b6c85b2c60f34e781ed54f140caa1cb4f0787256e4e66cd47dd4047cee0bb50a13bac581a05f47d904009f4b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ha.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:660
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C start /min iexplore http://www.dao666.com/index2.html?cn
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1468
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dao666.com/index2.html?cn
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05185882b0f70c817db9213c7e9ea85b

    SHA1

    dcb23aeb03d61e9080e1267821e24e8ff86a85a7

    SHA256

    53e50893476b63f353b379ac200c38516a8c3d3302ea077b25c8caca0123ea61

    SHA512

    6e94ff3f88b6dc12661891add0528d08fd0b139363bbd08e006b7902464e416a8f39afe22bd27f5080163f337fa80842a37585a81d3f61b67fc80c139ac732d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff04635c0c97270c912b20db1d229cc9

    SHA1

    42c2e0638c563bcb4db7cc4c437ac2f10766303f

    SHA256

    c02f587f7a0ce24764fe60feb30382fca72cc5806cb63a258246cfc32f48ae7b

    SHA512

    e8eb3b39351798eb628a6b221ea179ec1dbec661415b7f00400914a9f1d31e1a4d3db060f5e82460dc34125dd437899fae362258a1642cc51edd0735d862f6d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    472cdf9c53288bda22bf489f700ec044

    SHA1

    4a96c56e4f55d795810a51dd74327b583654f908

    SHA256

    b66153a98ea4826a153a68359fd4c253c806dc3544560d294b3682be20bed8d3

    SHA512

    32bf2848a08b4a85c8f27e399f179e7d17892f5b47a98c2c6a5146dcc51c5d74b5acfff67597c9b0f80c68cc13b73b7ad72cbc0871eeb28c61414261c43c1e6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    228076ed19bdd7aa3b0fc22767a27db4

    SHA1

    217925ee68f281ba868f692cde87e258a1d61e52

    SHA256

    6f2d0f63e40d0b45c7cd8ed00d0ad80d14557d69ee093e94d07d7fc2628e3e73

    SHA512

    ab0559a6191000ee63806e058ae0df28930d1901e47e9cce9f552f9a48cc4a5f5150d1f6ddd00decb7160846b373c3b465c3df7f4ce86929a31bf39bd046b304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74f2424c52d19be8b3cedd5d4d67c8d0

    SHA1

    4942c162c1363ac9222f713d7bc02240e3ca32ba

    SHA256

    c2ada3ced016356cf2004dccfb7cf5bd7b7f6851c3d29ee401af3a2345a6a25f

    SHA512

    6f6afb9d8ce0e65581f9cc3bc23c65d06405b339c951140d21b8a971d8ce472765350e9cc630483688cf05bc8dfb4b6f055ca67456c68ccb06ada283748c3c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef096e8ec67da593913049bd85ba9dfe

    SHA1

    824f296cf4b311fd7a891f91adef6662d9db096c

    SHA256

    e5fa09e30a7ca7ec390e94b360fc4cffd77b569bda4e59b9521fd4dece7fe3fe

    SHA512

    a720c26137f493e0ebb653ea7cd04659ca1e99dcff226bcb350d075655cd745e7c3333ddaa116666b9781f1628615d5e71b59268d3d41cd1f883060c7786ae40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b0b63af5dce2c12fc6f265c2a8bbcfe

    SHA1

    f5357e9ff15fa70fda5649a590f2c93a624f21ce

    SHA256

    2e16a07714fc360b49a5596e3a1df102200dfe72f963fd00d176190a4119b5ab

    SHA512

    47b6e0f902b4bc2dc6b4b1387d2b72dd43ec8ba7d210134f77174d3980b041366fa5183b1cfd22512ad223d479be77a186ebd44ecd71c34c1cdf853e00ddd587

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88385a93f553320e191912c789659ec6

    SHA1

    d84d7f4907b05520944726c55853e911d2aa9a06

    SHA256

    b8ff1262845742bff1a6b92d438d3dad64b18012239191d7e56c9e20ce0aa7fd

    SHA512

    0e0a09d437518eb116462379a753d46b7a376f562972e5fec26a171a7ffdb890ce397deb37f79c5a123fd4af71fe3c8e4ee2e835fc1a44d0016083584ff51ab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    124955a0a60065679c3a28a32111eae9

    SHA1

    397c6aaba3df4fc613de6a18c0bb1bc0373d5de8

    SHA256

    3dd05a2ad07b243a3c3c4bccb220742230a3dad4438b14ff133dbbb29c9b442c

    SHA512

    615f46a3ff8b3447c2472374c77560fd865ef79a39c1d8f8df0e02149cabbcad4a922b847a1e6c58129c04ea4d122bfce2194976c6f2c6edff3c3a4ad3e44ab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2dfcbf318fd8c366a944d9ef98d9095c

    SHA1

    0cdfa043ee0e4ac00269d98c4360c03561ef6c17

    SHA256

    317edebe0779dd033136a5d4b8df9b195938e0b49e026a0d5eccffa6604aa1cf

    SHA512

    6271271207ac5484fd7119b3246f458388a0d1feb064c4ca098bccd2dfbcde4686423496339977bb35f4257fdddd069b9a320441c716c173c100498182a66856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d5efa8dda0eea96e2653d93b9db89845

    SHA1

    7241e7871c48388b37753685f8053885bf9d1d5f

    SHA256

    80795b539c181329b70289477425410765ded7425f123e567e573be4c3beb380

    SHA512

    6bcec287b2b86595515064e802ab56f4d58d7c655b0ae8ebbba408df36a8b41b7ce1306fbbd540db68b5cf4a6b9fb3357e1d3edc575cc4f237489ddaa047cc67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6fe62bab608ebd4049df4640df2ebb7

    SHA1

    2a5cffc9dab84ce7b73e722140cf0e419514a2b0

    SHA256

    5f641b59f0dab4d447ca2df20eba7a95e007c1906454ccc78076e390c5228407

    SHA512

    ab5ddea10ecd67a35f04819311cdd224ecf23e70f0146119ae2d23eea82235947b83b2aeed45ddcba009c2057355a124d04d8472a4bc5d8ee221abe64cc0a14b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6308.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6B66.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit