Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1215156814933524491/1215172257664475136/test.bat?ex=65fbc85b&is=65e9535b&hm=2fc8cd3325f19aca06655e45ada5fc57ede2d252d7260f760ec4e1449c9c38e0&

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1215156814933524491/1215172257664475136/test.bat?ex=65fbc85b&is=65e9535b&hm=2fc8cd3325f19aca06655e45ada5fc57ede2d252d7260f760ec4e1449c9c38e0&
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2776
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\test.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Windows\system32\chcp.com
        CHCP 65001
        3⤵
          PID:1028
        • C:\Windows\system32\mode.com
          Mode 57,3
          3⤵
            PID:1740
          • C:\Windows\system32\systeminfo.exe
            systeminfo
            3⤵
            • Gathers system information
            PID:340
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c Type "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\Systeminfo_HSNHLVYA.txt"
            3⤵
              PID:1560
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\Systeminfo_HSNHLVYA.html
              3⤵
                PID:1072

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            67KB

            MD5

            753df6889fd7410a2e9fe333da83a429

            SHA1

            3c425f16e8267186061dd48ac1c77c122962456e

            SHA256

            b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

            SHA512

            9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            cb1e402a1b58eeb167d2a0d69e759ee6

            SHA1

            ee15cb76f8385bbc1ff0c02c119c448011b48896

            SHA256

            5fe0eb448f2a69ea8c1ad21a8595bc0e8fbb2742fc805176679a7b3e54bb57fe

            SHA512

            0a13ad97209d027a86ae50717946d717b779178811d576839d5e21bd9347ddb543567deda80c74415b7c28542a12756015667687fde577fe597ccb877a0059fd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            c0c724dc1879fc1fe9f113e322ea18d3

            SHA1

            e0694e74aaafb2067050cfee2734c5b8d0ff802c

            SHA256

            3dbde9ae445132adfe9b8d19b22cadd3c37f6dc8f7cf883015b7b31210598f11

            SHA512

            a08c29b4c9985fe0cdccd0fef9d007558ede8b5217ae88a34d8725aa35396f9239953683e1fdde2cd8554c15f546ce9dc2b49a869ca886aa86654c489f79b5cd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            38a050a6ce6e9bc387ce505a7013507f

            SHA1

            614ca9ca78f016a0296ab244a268d7d6340f7f24

            SHA256

            a6f859f4f84f61604d7c8711e64244771502ef2d52708c875147da0adb0a6531

            SHA512

            1b88b48486745084be2c1071ecc40351102f7e4fff2c4eed8955517024c200df0b895545fce8add5895cb2ae7e756f6658bdd19fdd256d8b4f2c02eaf426dc69

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d9877de4a44651ef8bdf802c36ed092f

            SHA1

            f72b528ba3d4a99d23ef3ad662e09f03d98a7cb6

            SHA256

            ffa196afc2537a290e6b7cc56db2a3a0b27c9577f256f4f911af5a4e21a670dc

            SHA512

            ef80d7eae4873fec174d4739cb9484a8cec4d4c5f309ed985f477e41e68649deb5a1ccf0b326db8dacfa8fa6885a9000dc20823a1024a7c11b9bc04d8c1555b4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e58e3f2f118aca86a9700aed1c7cf0b5

            SHA1

            86ee6f76b8133a5cf5d2f7b30a5e70ecff152d0e

            SHA256

            f21ee3d2a6c1f424004f490fe3cf20c4991645ea834908a7c13a9bf4e6620740

            SHA512

            4b1151d505f6aac8ed70e00df1814eb2c38d64772fcc226540cad1dc312bf776799c0f63f03390dbd97fbdd613c263ef6f01b03f9322b581ea0aa186ff37bb26

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            5d10472b32227a0ca023b184213d4f91

            SHA1

            abe21861f6eb9ae5170cc592cd1d62f30c3fe465

            SHA256

            b2fb6e9ffc8016b96f645cb843041ffee10c0d0ed98d6f63d56216896d87ae83

            SHA512

            17e6439e5e4c6837cd360e970cd4d0cd3e6cfb4dde5a013d8451ebc4f97211a7e27fbbfbed0158f85a0e3d4dd0ccc47b1f8387d170f8db6f54f2ea414602fb55

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d9c0df8807eb8a6f6603dc373ae1cb0e

            SHA1

            f4b3dc94de5b90626fb9e78901aa79a4b4098081

            SHA256

            aa33f9b8cc8544da66ac4f44d3fab9ad34bcd9fa59071a99c6006187b0d416ca

            SHA512

            72c0f408290e2dc075c60ae5048d4296a5ec3764b8538f39fff59de0a0f1492b8c12a62f8a1a273010111d43bdcabae796bafcce3352a76684b3f95546ea5175

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0f6312ff6294715756e4b0a388216672

            SHA1

            0636e1956d6403405bbcc7675bc3ec36b0599785

            SHA256

            43aa3dfa593039df35223f567a07b665d49d12b3f29120828dc439cee5e4d571

            SHA512

            cd6f8f288b92318faf21ca1565ae16542fc640fdabb48825e7acdcf90496d43759e833b00befbaec1e349804aa69f128d62ceac0293a495f447a20751cf7dc37

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\Systeminfo_HSNHLVYA.html
            Filesize

            3KB

            MD5

            1c133d87a7db40577891bcab21abcb40

            SHA1

            5edbed2dfed0923076f6c7a30a6140a8e58c0036

            SHA256

            5eb1344637d57b38458975c30ed7869acfa63985d30c472836f49eb678d3e8fa

            SHA512

            fe632c48ce7b4c4262e82d96672c9fe7bbbe5fb9fddf1b3cf0414b0ac1af1f3c54456c0b2f6ca36f03d9cfbe9163a09ef0315241ba88bf3daf1ab7d52aa44059

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23EIUNT7\Systeminfo_HSNHLVYA.txt
            Filesize

            1KB

            MD5

            8484219f91326b590881acaec9d202a0

            SHA1

            f557611557256663d09aa91ce2b36298abe4865c

            SHA256

            24dabb55cbd1e78e98e8a1ce1632d69f2b1f19510220614e745b6e9f0c16acb7

            SHA512

            3a253ec263fef25513a3b3b14cd6e305157152ff6927edc01c265f90fc1f9f1359d7a18fab731e8a445ed08072eb28dc7ca2822c90ee33481c8f66e5c6d3ae64

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\test[1].bat
            Filesize

            1KB

            MD5

            2918be80b07df984cc337dc562f14434

            SHA1

            f22f0a968525c4743de0ec7b109f337db65c220c

            SHA256

            129c81bb6ded93979a9c3adb41396bb2f765bd980adff6b1c4e4aa6b924e9c63

            SHA512

            c8364dec28d5145b77e4416f0d182c1e66d4eb1f04d1c93cf06b58178e7a73d30d2bfb14e575705ce962edd4a47e75036e017ea83ba01d73095f6bcc0c3ba1c7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab40B8.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar42B4.tmp
            Filesize

            175KB

            MD5

            dd73cead4b93366cf3465c8cd32e2796

            SHA1

            74546226dfe9ceb8184651e920d1dbfb432b314e

            SHA256

            a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

            SHA512

            ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

            Download Submit