Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

bnbz.tk/bnbz.tk.url

windows7-x64

6

bnbz.tk/bnbz.tk.url

windows10-2004-x64

3

bnbz.tk/xtw.dll

windows7-x64

7

bnbz.tk/xtw.dll

windows10-2004-x64

7

bnbz.tk/xtw.exe

windows7-x64

1

bnbz.tk/xtw.exe

windows10-2004-x64

1

bnbz.tk/xtw.dll

windows7-x64

1

bnbz.tk/xtw.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    165s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bnbz.tk/bnbz.tk.url

  • Size

    40B

  • MD5

    ac31067cced37f0e7815bffacb3076d6

  • SHA1

    b4c74eaf9aa126191184c4e8ffc4309fab0ea544

  • SHA256

    8541670fc1d8e85335d766d8d7a30afdac9d13a87302794109e0f9b89e4849a6

  • SHA512

    9ed865d0631fb55ff62ba0c5dcba0cafb077b6ae4f17de509281125655c31a430421dc2a3d1f080c2cf2f62d17fec70abb51bcd246f1c4664eac84624bbd1c69

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\bnbz.tk\bnbz.tk.url
    1⤵
    • Checks whether UAC is enabled
    PID:2888
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c92c685f72358955b380f9e6bf8dc58

    SHA1

    e52910b78e523925f7c591e8236ecd5e100b02c7

    SHA256

    2ca527af185a9f3294eb11e1900d69f1be038f603f9603b6ac66e86e12e8721c

    SHA512

    823a9600b1a3a34195bbd5a75facb3d1dbf13bb33bbd0452d8d8dd9427d442c583f4020a0a4c937b7848a9f6c147effe26c0739a49df93ee085904982ad8944c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0395660dcc360949068424432345a399

    SHA1

    d2851d91deb7c0c8a6e5f87b12293c1f527822cf

    SHA256

    279cb161795133af1cdeae17905cf6630a6904e865dabf97aa20f74f3d7d546a

    SHA512

    b077f5a86392ee837487953a3871e495d3a983cec8b54cb4263242513b5b5a40d8b320cbb28ac929a8e8f7612df985ab3e1b5e268d065508fdbd3b1b51abd105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c6f3ef0b47d371abde9d24ce087d469

    SHA1

    8ab89651bcd0e2e0abbed6b74e9d12ee604643fc

    SHA256

    f3a2fbb5c048ae0fdebe8d1825673e21f9f9537d7898687e912a09631571433b

    SHA512

    5e551cb669b73fb7d6ea02609b05e6846cb0534b264c79cfc43c5640b9dcbed630150055de13ac27c8814ffa7fe65e2b9a640ab2ced845340a33a2d3327d3659

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7e73848a76a578f9ecf9d02564d99dd

    SHA1

    f50610de319239591824d2a85511694b94a77ba8

    SHA256

    a5e91473bbdf8206da87c3d5f204cbd9edbad9a543e37ceea20212d0cbdefb8d

    SHA512

    74c5298cdee2d2ef8f0faf22b946b6fc58a3da2c91012cafa6f75436406050252872832209355fd923adabfe0a3b651ead5cddb7bfd65fd6677c3c6dd38ce9de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4f88b89449222da527dac66ac6136c2

    SHA1

    5d431212c3872c3ae82d5a96f2b268e2cf325b46

    SHA256

    f6870a07afb07d76e8d30acfd55ee90350386affa15076ad57eb3e240f1362a4

    SHA512

    6d6f3c3b5bd5fb456a93f6a22cf8a087737d074c57ec248aa0ca84995615efbaa20107a8d318347e8983291dd31197dd91d6f9822f33b72418a4d8d3c88461e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d64e70d664fde1979467ca7df2ff79f

    SHA1

    eabfe2f79a64e7044b7f00e21db19b37454b2957

    SHA256

    9da68a0cb3a3c2fddaa6ac19697bced87d7cd095e9377ca16becc4272565b93c

    SHA512

    93df7b88a3fb2a7ef99d74271fd0bd8b9ecaccd57a168cd0bc95c9c617e9e68d2360acd358c8d37d074a0b295aeca67cf49b28cc88579b80019d197206fe0646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e48ed565d4248a089be666f9f2e0cd6

    SHA1

    af557123b487e14ac80dbfe2075a245ac051beb3

    SHA256

    42e42048b749a04287b8c00274a3cd0ff78a48d100683c6bafe78468a206512a

    SHA512

    0921460f9c6562f33806717a875bf82237c6e6ec2b7172986f2fd496f4518221e5d93294dd4ed599a18de21895456a4de55c60c9de06dff852b1f9ee3d481f26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcb38a964854089da9c44823b9a61ac8

    SHA1

    187f6dadcc2381c78c9240193ce1565d45d44a13

    SHA256

    a254d89c4e9aedaebf375a4ed7c1d241e49e18ab75f94efe6f54827285fb4f44

    SHA512

    b1a734d81666ca7fc3c2a326c3add2a6fc85123988b7bbe59a0672c5199890a84b8fb1f0605568a64a3fad9167e47ae9f94d0e976f781559e8c2680bec620496

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE042.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar47A.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2888-0-0x0000000000140000-0x0000000000150000-memory.dmp

    Filesize

    64KB

    Download