Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2b7b050a6a...f.html

windows7-x64

1

2b7b050a6a...f.html

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 06:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b7b050a6a489dedded18656bd9a7fff.html

  • Size

    4KB

  • MD5

    2b7b050a6a489dedded18656bd9a7fff

  • SHA1

    d9642360d4c6e487283b45abb1ad37f4188cc177

  • SHA256

    b903901fc21b530404d6f4ca30f240f4bcc1ff32f80a2749d7dc5991bd4fc79e

  • SHA512

    bfa4e453d68870ec4cbbf25db89b5e662e3df87660d5bac8a2cb92bb86d02da5a2e8425516c1420d8e066b58c735e6dbe5615dcfcb60a4aa75eed68418bae60c

  • SSDEEP

    96:rf9seakGiwLsvfpFFOxUEKNHvBUqsOeN0Eg9jag0MwpZykYR:rf9FaL7LQFIarvBRlVEg9+g0Mwry

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2b7b050a6a489dedded18656bd9a7fff.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1464

Network

  • flag-us
    DNS
    count.carrierzone.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    count.carrierzone.com
    IN A
    Response
    count.carrierzone.com
    IN A
    66.175.41.113
  • flag-us
    GET
    https://count.carrierzone.com/app/count_server/count.js
    IEXPLORE.EXE
    Remote address:
    66.175.41.113:443
    Request
    GET /app/count_server/count.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: count.carrierzone.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 05 Jan 2024 18:56:58 GMT
    Server: Apache/2.2.15 (CentOS)
    Last-Modified: Fri, 08 Jun 2012 10:17:02 GMT
    Accept-Ranges: bytes
    Content-Length: 36029
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Content-Type: text/javascript
  • flag-us
    GET
    http://count.carrierzone.com/track/ctin.php?t=1704481030143&custnum=fcb3b770985df327&sname=&pagename=index.php&group=%2Fservices%2Fwebpages%2Fg%2Fl%2Fglkinst.com%2Fsecure%2Fsuper%2Fch%2Fchina&version=%24Rev%3A%207840%20%24&js=1&jv=1&resolution=1280x720&color_depth=24&campaign=&referrer=&page_url=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F2b7b050a6a489dedded18656bd9a7fff.html&plugins=
    IEXPLORE.EXE
    Remote address:
    66.175.41.113:80
    Request
    GET /track/ctin.php?t=1704481030143&custnum=fcb3b770985df327&sname=&pagename=index.php&group=%2Fservices%2Fwebpages%2Fg%2Fl%2Fglkinst.com%2Fsecure%2Fsuper%2Fch%2Fchina&version=%24Rev%3A%207840%20%24&js=1&jv=1&resolution=1280x720&color_depth=24&campaign=&referrer=&page_url=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F2b7b050a6a489dedded18656bd9a7fff.html&plugins= HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: count.carrierzone.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 05 Jan 2024 18:57:07 GMT
    Server: Apache/2.2.15 (CentOS)
    X-Powered-By: PHP/5.2.17
    Set-Cookie: CTCNTNM_fcb3b770985df327=2b6961fcf383411d82f31fd1fffb7103; expires=Thu, 04-Apr-2024 18:57:07 GMT
    Content-Length: 42
    P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
    Expires: Thu, 01 Jan 1970 01:23:45 GMT
    Last-Modified: Fri, 05 Jan 2024 18:57:08 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Cache-Control: post-check=0, pre-check=0
    Pragma: no-cache
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Content-Type: image/gif
  • 66.175.41.113:443
    count.carrierzone.com
    tls
    IEXPLORE.EXE
    828 B
     4.3kB
     11
    12
  • 66.175.41.113:443
    https://count.carrierzone.com/app/count_server/count.js
    tls, http
    IEXPLORE.EXE
    2.1kB
     44.5kB
     32
    39

    HTTP Request

    GET https://count.carrierzone.com/app/count_server/count.js

    HTTP Response

    200
  • 66.175.41.113:80
    http://count.carrierzone.com/track/ctin.php?t=1704481030143&custnum=fcb3b770985df327&sname=&pagename=index.php&group=%2Fservices%2Fwebpages%2Fg%2Fl%2Fglkinst.com%2Fsecure%2Fsuper%2Fch%2Fchina&version=%24Rev%3A%207840%20%24&js=1&jv=1&resolution=1280x720&color_depth=24&campaign=&referrer=&page_url=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F2b7b050a6a489dedded18656bd9a7fff.html&plugins=
    http
    IEXPLORE.EXE
    1.9kB
     2.1kB
     13
    6

    HTTP Request

    GET http://count.carrierzone.com/track/ctin.php?t=1704481030143&custnum=fcb3b770985df327&sname=&pagename=index.php&group=%2Fservices%2Fwebpages%2Fg%2Fl%2Fglkinst.com%2Fsecure%2Fsuper%2Fch%2Fchina&version=%24Rev%3A%207840%20%24&js=1&jv=1&resolution=1280x720&color_depth=24&campaign=&referrer=&page_url=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F2b7b050a6a489dedded18656bd9a7fff.html&plugins=

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    793 B
     7.8kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    count.carrierzone.com
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    count.carrierzone.com

    DNS Response

    66.175.41.113

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2d864658971a0435bf64b1d13db2c75

    SHA1

    4bde8eda762ba1c15fd74fbc524356c5f5311036

    SHA256

    0a44ce73b46fc009e1470186cb920868cc3196bb269d74e0ab327978c86d7ebf

    SHA512

    f5290eabde1c19f7bf4b106f0e1964c42f9894b39a7d84085f52810251d718cd26695d6fb0a8fb3f49bf7e682246582dd95358e1a3f9a352c04290d69e1774b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7edd5b659266e829d711e0597d124479

    SHA1

    a203e815bf9b576cd0f2b4404f54545953b37bc2

    SHA256

    280bc779a952e728c278b1c4e65cfb26a639ecd65a00a5527d80fccea914c32b

    SHA512

    2429052a3c71f3ef00e1f51fe78f43d505568c45c87eab026509e11d61218427e3adaa54c7792ccc38da10679a12a83d9731db186b37c85eba9de1e65cd6970a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9222fcf6dda052571613a9c2e668a553

    SHA1

    a99302e397c251b87a81ccf86cca6fe8437dc616

    SHA256

    2fe9c4f89048576792f764ae1f3d1fe3ceee6e2aa24fa8123e39468adeb7bd6a

    SHA512

    09e19d0e3ac694c6fb6a9341d2a423f077f904f0d516e7bd8eabee4e048f77a109e3db4cc35b535755309d7c1521b2903cb5b5c4d24e5473ee39e16e5fdc2cc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7696d2804744017daa1c4cc241d02e6c

    SHA1

    880f632e6fed4d3ebd1dca999b336faf7af39d63

    SHA256

    fa344675a7cafca087cfc90d8614969b26da5e3a4992c0503eb3ee1f5587f7c3

    SHA512

    9812f1cf2ad7ec46612898a5242ecbb8ca0a4f70d0c55340d83d8682298708deb8558c02ba7a0124cf8170f6027d89d0c24b2a143f0adc005757b7f9decf8111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7ffe499faa487484cc5ab60a8d5e9d2

    SHA1

    600679f145c832aa95f7b21e1adfd03f182ba45f

    SHA256

    bc868bd3fb97ababe07dea10050f443d2ec5589d4fd96827b3eda3cd2e83475f

    SHA512

    e35989e8773410a501e31720e8379b744b28e5a036b224e334583a6aa0c90873a9c08e0389e5b52a81a00fdf923ef4482b8dc19fd30c73ac329f4fd8983c6ef7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bdfc30e889737bcb010d893a3321108

    SHA1

    6cfc7cf8118fa7d5926c36aa8c37dfdc6911f862

    SHA256

    97db1485fbcd32df5d187e7d0bff1993932c64ddaff03eec02ef39fe3bda52b5

    SHA512

    f3588cb6fdc0dd8f0b56e87481de80db83005de468a3405fca23bcba04367dc5fdaadcf4e8a9a81c060647bde2e773a589b6ac7bf953cf6b270af3434d22ade7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fed43b783d9257e46c8ede6ba49448a

    SHA1

    3924996a52fefb81324574a996f19a07dbc1b049

    SHA256

    ef5dca00d083e8fb7da75d495ea3270561a310edc5fc1ed833cfc7d7124509a6

    SHA512

    86c8259511fbd8593a0dba4f104d1d63acf306db4dbf13cd24ad3052469302b07247f6772579fe81b0f2ec2e90f51d5da9bcc3f9d4cc4936f8b9f1c023154629

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3171771c88191b9f99ce45934ec6118

    SHA1

    5a250f6a322aa776726d1d625fcdf89499923bd1

    SHA256

    c0b7f696f70faec3964a360195f3b2a693d8311f7ec3ae4c173f9239f3807b99

    SHA512

    6bf33dd6350f7041795317d74c19daf9f01c81719098664d54b1afa6e84221c5eef33be6bbac2be2a854e061cca49056130d8af27d62299c2c70922203b6e6f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed09e9b107d91c4c68ee5ff18b4fdc37

    SHA1

    a3fe958f54479e9a8f342819621c209157383fbe

    SHA256

    f017d18952450f0ea65cbb49440db14b4a59b73a8836c8c06f9d4911af135241

    SHA512

    72a8a1cc5c22ff4ab44d4aa8fdc8fc9951d0fa8927ed13543bf376b9b65bc0032f64ac7a1867cbf6aaf68c1514a9798bce6da3c1465875534305951bdf5b4a3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63f4206a947ae0b38854f06358166733

    SHA1

    b7331cf5f14075b6fad337016b2e051e5318ed88

    SHA256

    b3f98721f500a0eba244805480284ffbb759e52bccc6ee392a5a785ec9cb616e

    SHA512

    9e0cda1c7117823b423ecf6bc88be05b5736bd6e9858cf72f24c1535636bdfd5495c47284fd38f26c512d8c67b706b82898ae4235056aefd8f156bf6bc6d396f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc45b8aa9cb6c20612ebbf6389a363e6

    SHA1

    9de9784059af3eefd4f8b84203fd327bf916d92e

    SHA256

    b5b84e6be7bb1c8ba63712b7686bb001ecfc8005ef225e669fec44abb9b915c0

    SHA512

    51b59edcd7b6bbea99d111531f455751d573ac9a7bba08ae0b00e341c3768b8810f189b6f32d7a8f38bd4d14ba841208940539c87e4bc5add5bf1ed1629bc633

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb6ed3a92ee3cb81d5bc13bd4d38e96f

    SHA1

    0a6d6d409e09188a57333cbae74cb43cee0e9a2b

    SHA256

    c2aa96a900884d0fb05bd891124b96bdbe5172d5032aa4489be7c8cdd6970326

    SHA512

    f1996f2f1897d23ab70e48b6f7d8363e4c53f5f7af6ceeadd33be54106a63c225470148e1fd1011abea8de5eae7e1b6e90b715e9cc8d64f2906e6e2a72c123b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ae0889299747c3e5c814a90fb517b74

    SHA1

    82f7082b5bbca57ccaaa4c82205d99e21a41b9de

    SHA256

    e316a3f1b3e70304525b95513e170afa8e8c972f17ca90faea7e61f35fc2680b

    SHA512

    b112be31dc88b675203f2dbd9e71325ceacfbd67d5db0a261e90a6c293a32917f4666594a3488fbc0d70f7a8105877f0f354ad023fb9fe937c3ec014ccdc8e67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfad96d2949826f020774abfb3337bee

    SHA1

    20310bf2f076284583782f80090af6914c724c19

    SHA256

    840393154d6674f09f8b57a0c498d5cc3dab60d350165556438652f975497ccd

    SHA512

    8c58720bde93774578138625e904e075bef83b81abdae258ce654af721ed94436317a4425056d635dd0815f117c3f88a1910b5abee48201071c000608e9e6932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad60c30bc9a24e2623ce961933a13a6b

    SHA1

    7f1f3ce81339616fc46f1826d8f0b39ac9b7a28c

    SHA256

    ddc39bb8004e6bbac453fde7a5cb429bf20df8e76ce242f49c833dcce8069602

    SHA512

    5740743dd5be2f2cb30a3c0732e27d3b8139540e1126ef932bd0d38616b1f5d6a8f013ac009bc42fdae3a6a9b3a7ca67f9dedd6fc3da1e5ac2bb75974fe655d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2532ccf690c142f24d0d607cfdbc9abe

    SHA1

    e92d5e94cd376b2abacc927b8eb895faae3cac51

    SHA256

    e81fcf66d2ab9a889a1f27dd25836dba8b8c4e8d92aabe19ffe8e984217759f2

    SHA512

    52695915808599eec3f8f40c22840a1337a8f99a6405e299907baf2d6af6a7bfd9ed5ec98d5cd9cf2987dd10c6ee29bb3c5652e323315826d39b2f5eda3d82bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9528fbd788ef55a66e75680fae57aabf

    SHA1

    b8d48949464948ee2bedfc018286b55c1b9e299a

    SHA256

    95202a1e258896ef4532a32239ecf060eeb0b2b88ff8b696b6e0c92e192749b2

    SHA512

    22600e02ce48fdcfb2e1c165662a0615760e616d2f3c67188180d2f8640b6af7f240be561691e5d420c790a569a5073ceea04a5783bf5fbf86bf8da66a6b20ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9CFD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D5D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.