Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

4

Resubmissions

06/03/2024, 11:10

240306-m93gbsaf53 5

06/03/2024, 11:00

240306-m35m4sae94 1

06/03/2024, 10:56

240306-m1t4laae64 4

06/03/2024, 10:43

240306-msrnhaad52 5

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1158366716196290620/1214885996500353074/240305-1qnqqabd84_pw_infected.zip?ex=65fabdc1&is=65e848c1&hm=5924702bd5182685a5ce8ab91a889ddc0e94ceed3ad3923cc945e571ed4f93b3&

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1158366716196290620/1214885996500353074/240305-1qnqqabd84_pw_infected.zip?ex=65fabdc1&is=65e848c1&hm=5924702bd5182685a5ce8ab91a889ddc0e94ceed3ad3923cc945e571ed4f93b3&
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1936
  • C:\Program Files\7-Zip\7zG.exe
    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\240305-1qnqqabd84_pw_infected\" -ad -an -ai#7zMap28605:120:7zEvent9878
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2780
  • C:\Windows\system32\cmd.exe
    "cmd.exe" /s /k pushd "C:\Users\Admin\Downloads\240305-1qnqqabd84_pw_infected"
    1⤵
      PID:2528
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\240305-1qnqqabd84_pw_infected\download_3.jpg"
      1⤵
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:3040
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\240305-1qnqqabd84_pw_infected\download_3.jpg"
      1⤵
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:1764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce48c491297185d4d9aeb141066f1ad3

      SHA1

      fcc5010870f6d7304de746ad9559e61a68cf1388

      SHA256

      91cdf5c8feffe1f6bc0903745ad81b5b695f574a2265116e0c8a014a70ea46dd

      SHA512

      ee46f84445e84c68ee83d59941782d5989a1f4c4837915d0b31a02cff038f1efee4796ea0dfd9a73b14d6f41d932643520b73f5b4942f50c0bfbb27238aafba6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2887a199301ffe64c13bf228d7a68c3a

      SHA1

      871cce2c889bbf027d58ef5193f6dccfcc285c37

      SHA256

      5595307dce52ca7cf45b3387877b2d1640ad6090066571633f50fc2beeead508

      SHA512

      b7d2797f63617a8c4a549107414b237f4b4e3825b707e5301de2ead5d976a1aaafa571f3fa54a9f21fd44e2075c955d55e5515c67d2ea29b6ed24bf73d0582b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      57e7d073892f806e89d76836339df974

      SHA1

      d16965ee7dbe5f18cd6d799aedcf3d42039ee861

      SHA256

      89240e876708f25478fe97515abcef9e078817acbf6d80f171c557482baae78b

      SHA512

      e7b07281574bf82297a8d9a0159544f923d7312cfefcb5143e5a67686ac575500b042306a7f9bff9aea81ccc01c0e170a101b8f5e69c106ba08ce8e5ba09783f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5c2df6179d88485a63b65bf14e56430b

      SHA1

      1ed6adef587f3424bb8d82bcd9ba74696b3e38d3

      SHA256

      c78faeddfbf4923d7378b78097de011f47b978bfb02e1ba8b5a56e8e5ed07784

      SHA512

      8b87b836aa6273cf000e78518d886043ae75f06f9817c840a872c1729b8a3923ddd759f3b11e0bfc010556aa66460728375229055b1f33266cd86afc37e6c277

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      565f8f3b7b3862dc9416fe2d97071721

      SHA1

      3faa8841e95863a7ba2dc88346faf975aab76b0e

      SHA256

      2417a42f83bb064cd99b2c4f764c7a6ac7f70552662d425395780ecf71bfdb37

      SHA512

      5ce2e6ac01b9be199cad46a296202d42ffbf88c1a232829ffdd3d9b4cf88d03637ce2ce63409eb05d28e03ecf5572b750e6809f70371a160091468a1be84f6ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0ccdb6f5674c0fb96ae648c6e8ee3ab9

      SHA1

      9ff98499e26e54e8500f3752af0bb22307ed6dea

      SHA256

      e6708da43381f5eac03b4fce5ba179abcaf96c304a5d0c0308fc041d953e3ddb

      SHA512

      a4005ab93c6d4ee1343842d80e95bc372b02759365ae2e65b92feae35521f9f70e5fe8621b317c589a564fad9bd26f284dee1e0fd23409643730d6796df11999

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5b6130bdf51690fcd931ef94ff4d337

      SHA1

      be7e2886dc192c1e4fc39630b5153675bbb07e98

      SHA256

      1a306d491f5f9833b946fabcca159fa7601c45f5e6a0c92e0d4b38732cdcc8f9

      SHA512

      3fd48b87e304655788782f34dd55b0aa2ea03cdd8caa255d3bd9346ba1015b660c044e6052864e565478af59bd27a3b1d258e336580e999f2369046f91d80047

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d469ea46310803cbd69275b01796d72c

      SHA1

      092d3052436c1c71117012b250ccac302e7a6fb1

      SHA256

      dcb9b4e1e36ae62af82a54051ceaa74038636e3ab8f18da69e5444e1eeb50277

      SHA512

      69bb2ff250610796050603c0a4a2c5f8715f40e51a4b2bc53e96fc7535138b3ce563dba83cdb3ab5a240858f3db5c3ea36a39daf1d9e7ecc002b5d461ca5089b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e245e1c87b103c6ba7592d3e676d0211

      SHA1

      b74dbb3578eb952c5fe129eb7649c169fbc1e9da

      SHA256

      af7d30394217dfda215e8aa9641e05fe535f31212c73502ffad2bb060203d203

      SHA512

      1979dc8341612ce1d713ca4dea8f9d29efdbdbf4476ec46683187ef8045badae2026c16dfbd3d4dffa61a3a0a22423db20c7627a7e537a48fdd50377cce3ee0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      92fdb3cc87f404c62f72c46d9f9b5e68

      SHA1

      1622f2ce27ebb3ac7ceb1fc01a4a3f717a239bf1

      SHA256

      3b7a24b4ad282767cb04548bdb26ab828da084e76c03f6cf68bbfe63f287fc6c

      SHA512

      84f44aa2457151143e0503fd769143c2cf58c1742802a0c97f50400359eb4c7735d41e3539553ebed6609636c3b027ba9850ddcdecaa5f560de839b87d916016

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e190ac9aa64a17d2e33b0ac311e93262

      SHA1

      2e007ddcdd752e566b62549f9add9afc89ac33c0

      SHA256

      0d34c10408659a8ea94afb719d9833d18060e1976e5b86b1913dd430aad9c4e9

      SHA512

      d0ed30b4f1b8f897a8c868c91d15786c3013617c725d2d2f52c1a25a7895ebd4552b31513ed9a6a978fc789732813c52d090fbf6a909ca7b0efba94f32d64224

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ae936a93cdcc36343c9268fd0d454011

      SHA1

      488347bf6e93f189687c2ddb84fea9e5c8f168f6

      SHA256

      d2cd258a408cdba8234cd57dbc9b453b4aa1a11433c7faa04e5934525b300f6c

      SHA512

      5f186a264418c36ac63be3d0000e53083cc35cef9115da4c40551b05357452d4fdde41482cd7ed164c3783e4c8eacf8ced5651683f1dcc3bc45b7969309868dd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\240305-1qnqqabd84_pw_infected[1].zip
      Filesize

      3KB

      MD5

      99e3aa578bc9f3223ab17a1ba80c47e8

      SHA1

      4222f43d6ef90df324b3c3083784fa58d1bb3478

      SHA256

      b63a44b3a3aaacc67441eefa90c5ce912c80397fc8990bc655f84e86a8cc90f3

      SHA512

      a7141b3d393943d9312d55e4e6a362372464bf376cf44a7630cb944db7043c085f19b0af11cd032c6863fb9be3bd30df494082b0d87804eae0ceb5a2efad8633

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabFECA.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar400.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • C:\Users\Admin\Downloads\240305-1qnqqabd84_pw_infected\download_3.jpg
      Filesize

      3KB

      MD5

      a308fe528d54a848f9931171fd64037c

      SHA1

      0438f59ce41cabf44177318b6a43d41d382e9f46

      SHA256

      a2ec9ac1e519cd23eb0cfd88ad3148dc5a6a70b609002294f5f08c408e3ac43b

      SHA512

      ec76466e6ffc68289d93ca18079811b8ea3a1157e0b2f2740fc3a289863df06fadafe7811e9898d3a2c6001ff9e8cc0b9ddda6fb902522a6073beb02ea878af4

      Download Submit

    • memory/1764-586-0x000007FEF7160000-0x000007FEF71AC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1764-588-0x000007FEF7160000-0x000007FEF71AC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1764-587-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2528-578-0x00000000022A0000-0x00000000022B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3040-585-0x000007FEF7160000-0x000007FEF71AC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3040-583-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3040-582-0x000007FEF7160000-0x000007FEF71AC000-memory.dmp

      Filesize

      304KB

      Download