Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ProjectRuin-V1.3.exe

windows7-x64

1

ProjectRuin-V1.3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    58s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProjectRuin-V1.3.exe

  • Size

    9.3MB

  • MD5

    cb65e33ecea6a827772c486e94257fbd

  • SHA1

    e77354c6e0843ec568d0e65cbdf36cc3855f4486

  • SHA256

    8190a98cc9fcfda9ae9e715c3b6b70c46e115d5678c9d23e139c77ff224b6316

  • SHA512

    801f262bf79a883b16e121f885d0695885ca9489d73e641392a8be96bd6a119d675b26a38ba08d8bc8782f53a84c68836ff77933fdb3de2e26e086c4dcf83b88

  • SSDEEP

    196608:UuLchpZqyN5P5EYRWzX2ziv6DdQFStNv130jqHDH2wSj6uhBf:UuLGpZqyf5PEqPDOSjv1dHDH2wMhB

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProjectRuin-V1.3.exe
    "C:\Users\Admin\AppData\Local\Temp\ProjectRuin-V1.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1608
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ReadRepair.aif"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8094867202207d095f7edf12ec3572b5

      SHA1

      7d9b5f65e58bc0f2527d2db14706ac5c9ba31bc6

      SHA256

      901f77a06b5f289790af12ade0b983f244bdfe90d1980d0a279f7e5c4670d665

      SHA512

      caf0b6792539c52b34eb78269ec4b655e81e914b9059786e4e728d152c6373f2a0e9f628717ced8a8ecbd4f5231b6e000812941eaabdae715261615e7d09f35d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0c988ce240a481f71d9e800e5e820194

      SHA1

      17f5abb3b85c12443cc317276223711162f11b93

      SHA256

      08d4c30969f46b392de99fe4212590dbb64b5b83f2dc6cc82928ed4ef7cdf71b

      SHA512

      993638333351fcd6279d416037a66f5aedfd8c60e86f2bd4a612bfcb1496a7da4121355ce97cbc11be1db19012c5ce5bab5a121c3901bd0af9cae1230e91b1ea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      62cfef325aeb05e38cadc7ef175f453e

      SHA1

      1da7c8510199f58c05eb2650b01f099388ff6ea3

      SHA256

      1f72a9a0b648c6bb0b5c9aee3292ea8e11692ee0e144efcebe271d697e7c4381

      SHA512

      1e09c9132bc83d8513247216ab239c2aa7ca5316806f86d21e1767702ad98f60d26bbdff6da14f3affffa5903861333a321cee2d971748a196c375b1ddba7ec8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0052da331d918289e13fefd239fc3b8

      SHA1

      4ee76d2de03823847f452a3f6496a597738ae6c3

      SHA256

      8fa0d6f7979c373a967166fa3a5faf829c757366d3f6a3f603ecfcae00304df7

      SHA512

      6e6c69c1814ed1cc59876995a6dc05619755d35d3e772402dd25366b864718d5b310f720420153bfe1999421978c866dfae02f6b48b844cfaf8b16e9652bca30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6424becfb7375b84d8a04c31e11b12fe

      SHA1

      1237e289de255244c6eef00fa025fd54c07f1ac4

      SHA256

      19af4222262897da139df38065665296d5bf23f03e520fbd8f15e4ee29411d2e

      SHA512

      7456cfd77c73e9799b66213e066baf27d998d57ea6979b8dd95d9ee88a7020854d766fb4a0db7d2d1ef1b9849bc324a908691ed9b2e920fcb228555098057e18

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9e73cf2564abf7552bc8b25fd7121cc8

      SHA1

      cabc8eed05aeac97d6e5251fb4e3841c9d51e40e

      SHA256

      5a497197d69349ea0cbbd61bebfb6c93e6b4efb52ab74b5b0a4b7f118c5bb406

      SHA512

      737d41e546305ec0ce73daa3381a0ed085508a227d6e5f222ab37ae0a566b3fb0d1f6573676591e0239fb03d8e08d854eb929c5e8606f72d113c6a545b11b13a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bc9f7fbcf55cd2f7b8466faac981e4d8

      SHA1

      4259350022ac32b6246b279b698d29bb3eaef239

      SHA256

      4ec7f20808d298ec5554a2628e533c64d492e5cfe31133e0c27e68f8af6b5167

      SHA512

      0a3db3007710ecc0d2f57b9ef284ca9b18f1c94698ed1b2e8bdb7bcd415aac49c895d2233c736f95b51c3e2bc6baabe23186114096430730f884315220b79a28

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5507fea68dee70aac158e2df1f3a0d0

      SHA1

      2eb6391839de6131389ddcb2748dac98a3f2da42

      SHA256

      77067665a5333fe78a0174d2c4c0a377cc64525f99440db3a82d08ba30baf284

      SHA512

      48eeb5ebfa7cdb21aff5ea988fe7a3547d288c93dab0a4aa7ce5f7243b8e93b2da86b326bdd7e5f9e6f598d4967bbc46c448445f2dc1fb7b6b651277fc0bfadc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TKVU8B17\www.java[1].xml
      Filesize

      398B

      MD5

      c0a6c3db3a6edc14b746578becf5000f

      SHA1

      a1bb2ea1d5b15b2ba4b6d6fde5a4ce2d8a7b211e

      SHA256

      f0baec1ce9cec5ba632d3745262fa46cb4aa5d9003cc2d0a46610c8b5fdcaade

      SHA512

      55ba0bc2fd5dfa0df668576e9b5f0b4e84fb8ce960575cba8c42d0e77362ce74f12cfa384f906b36001fff0eef4ef5e713f79aebf55034d2e3ccd8b288efc568

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TKVU8B17\www.java[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TKVU8B17\www.java[1].xml
      Filesize

      216B

      MD5

      193e4ef1e737f443f23314562d06a0fd

      SHA1

      ecd36bd5a49defdc2abf5875273a28f46a88a976

      SHA256

      121d289a508b07463f751aff0eff5db4077768d909f751dae379af1b19a76088

      SHA512

      f4b2aff76f5e8c145c82d29559fd244bf42480224f18ca258659b1e89a8a8f0363d37533c1e2a96ae087d807e092a3c1fb1953f4eb13fc89b0ece1dd9539bff0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\60nmxlj\imagestore.dat
      Filesize

      1KB

      MD5

      727c158a9335ecb2c886c32a71a134cc

      SHA1

      a68b3de0e29f936661375158cca8b7c1204d59ab

      SHA256

      a3ce2dc39f8ddbac88a1affd291e7211016a4f286b4e5ea84d9325a20918ebc8

      SHA512

      9a17b7ea614018a8d77ed7c128b48c55fa79ea34d07ad1a8778013742054c22cacdaedab82465e2ffeae7747ebebe2f9f23271f45356bcf59bec2af7ae07b319

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\favicon[1].ico
      Filesize

      1KB

      MD5

      8e39f067cc4f41898ef342843171d58a

      SHA1

      ab19e81ce8ccb35b81bf2600d85c659e78e5c880

      SHA256

      872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

      SHA512

      47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabABEC.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarABEB.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAD88.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF6C3B95AC45DF1F96.TMP
      Filesize

      16KB

      MD5

      a5d6bcabaa1bbdd42f76c64174dd6021

      SHA1

      153399c991a7f9b2fadb40c5302c8d8c269621db

      SHA256

      79e77ce1cc1de83a084dbda729966943f2421ec743eaa07cc8e27016e9667853

      SHA512

      7bc814082cea5c4f6527bceb9a433b7229e06e440f0b69d3a1bacc98953222664860730310615ce7b4173d7729d835923d31bf900e43252d38c2431d799424ce

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.em2416
      Filesize

      75B

      MD5

      dbed45542d4753e08a7b6b5578a3124d

      SHA1

      20289813cc053ab50c067f634e3b031c0cdcb566

      SHA256

      49366ef671c67a3c9a424a70ef0e8da1e401f083d60ce4320946d63cc58f9ef8

      SHA512

      bbb8f8bedd701076b6524b23c890064320b4be289e3dc81c99ee8be5b10c72b7b1f91321a382fe2206482f40e6918ec325a9e35294e1135ce5bfa6e482bee4a8

      Download Submit

    • memory/2416-643-0x000000013F100000-0x000000013F1F8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2416-644-0x000007FEF6110000-0x000007FEF6144000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2416-645-0x000007FEF5E50000-0x000007FEF6104000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2416-646-0x000007FEF4940000-0x000007FEF59EB000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/2416-647-0x000007FEF3DA0000-0x000007FEF3EB2000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2776-0-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download