Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ADR_Instal...18.exe

windows7-x64

7

ADR_Instal...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

ADR.exe

windows7-x64

6

ADR.exe

windows10-2004-x64

1

ADR_Servic...er.exe

windows7-x64

1

ADR_Servic...er.exe

windows10-2004-x64

1

Help/ADRHelp.dll

windows7-x64

1

Help/ADRHelp.dll

windows10-2004-x64

1

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Homepage_R.url

  • Size

    92B

  • MD5

    9da7d68732ce5ec22e7bead92995c575

  • SHA1

    da55bca9533dfccbd970f4cd2918b1716cf32855

  • SHA256

    dc91a6b388fbf97c7a9b1ac87459d78e61e4e14268e4a3c9d3eb5a81aae8db80

  • SHA512

    29aed8799c6f747c0b6146cb61c4910471fb562a811827f2630061ade2f6f0029788d406b8421db34131385b8bf87d23ef1d34e3c24031b1a8c05b40842f6357

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Homepage_R.url
    1⤵
    • Checks whether UAC is enabled
    PID:2012
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ab39b7b372111e0a87e2b0bae6843ea

    SHA1

    f0df3c477c819798c9de3d0e604aca73fa880fa7

    SHA256

    835eed9e0f9ad31af4b41364acb3326242daf35efede5e90fa49aba55701562c

    SHA512

    2781dc9a0edecc4df8630387d1481971c573d33735805368176fa7bed933419cb6084b38c0b9bc1b8114bb0479f03c54e4df9d98b0b25ccaa6e47f67e6d71d17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    805ecfc8aa38a75f0dd63d0211d837f9

    SHA1

    08c918defb7992f472eb1770ce742b5f7c4a99cc

    SHA256

    56909b97e2fd30a41ad221172bb706f0274b24332d5b776dfe9a5b80ffe85383

    SHA512

    1f2bad26dfd360efb522cbe7e1f42f391cb218203ac661636e63e09880d37828d6468336618870735420287cd03cef5a89f677cae45afdcef5b5b678cb839144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8791806eddecf6e13b3f768a67d8cf8

    SHA1

    35fe9812b35b8887073c986f6829bcaa3883a46c

    SHA256

    892674aec6f0a9a59388c5b7aee5dff5ff0921420e84d360bfd99c55111ee052

    SHA512

    bb5eaef7435ad89ede714da6da423455f14df81186cbccfddfae943be505529d9445ddfa0a163ada07bc236054ba339e425422b475caa00aaecb441901d73e9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27e26cbd70308897b1d54b360f291c3f

    SHA1

    34b1047d83de1fa9d139b86751bfb0cc4056d4a2

    SHA256

    cf87fd222c9ea16fa2fa56b227764a516d316bd30b662a8a00f6748833ba342a

    SHA512

    bfa7b227c8ea1a4df01f92e8a270d9494db8a9ff97123ded32abcc51ca368dbf05c406f490dade085a9539b9b29f91df0de4a1e687ed5112a733a4916191655d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    497f98d69d62e56b70fd42980d80bff1

    SHA1

    ef9eca84d4ff2583e5192846ee018442c961ade5

    SHA256

    a72dfbe1dddd1a55d7fa4cd1c28c892fec838529688338f639044fb2a60192bb

    SHA512

    0ff9e782bd5463b38a9b9ca5fa913483583db1736e6c9d0c05c4d07918e1034e45d904b9da2c25eb36d1e02d4704de6cf7357801130dd72435791515665e82e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9dc1ba45b126b94369664f2e339bb68

    SHA1

    b24827c5e61cc11a3b883ced6f70eda16df843af

    SHA256

    281f5164cd0d851a8c3647c063b9e7bf8eb2235cc0c81fb7e4cba16d7f17922a

    SHA512

    f472e80875eb9edd622cd4c918cba4d47c7aafbfdb610decf4b17ee3c7ff1870bba1c692b390ba87d42ac9ea5ba64ab240f74f8843fecb5249fd6376d805919f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa1d200aa50e3c136fd1afaedf79e888

    SHA1

    1472305d84aaf24c609a13d2ac1d2fd51f21fdce

    SHA256

    8fecd6bbb9c9d60b34e3762e5ecd0a3d7f9427c5d08c45d205d511a1accc7b65

    SHA512

    d3a4f71a0f72fab208914e878f01254ee25d5e13870f9bc0aa697e2a9199be3a23ff7efc172e587e287549eace5e21635ed79202906f72db034f187590fa2e8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe1fdd3137893912876f74e74fab4b42

    SHA1

    e79d1bdeb90e93804a11b1a33ae23099641e538d

    SHA256

    82f21794a1a76659935f9787a486902b8aebe2f5bff4f2b610ea848251ae9e87

    SHA512

    43eb18047efcd2459a4230ba2c9c24b4c0aa0c00ae02b1ab686a99ce092fe0bed21f19a5921e2f248d97434875641a0a62d93f2450d76d5b74b0279a12f819fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a8ddb75b046aecfbdf9b49631565476

    SHA1

    0bf87417499e777ca87a3c96a20bec94b0510294

    SHA256

    fdcd8ce92f92a83f1d08d924342d7923a5ad0c8f100463975ede577472b16812

    SHA512

    496d75cda8e5b90d2440d229cd881dbf87b65bc33131f956e43de3010b580a364525ddafe18614e98c154a016325853b39d3918ca7a9c0ab16f78ce9aa70938e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    447471e79f6394dc2f6f15cc1eca25f6

    SHA1

    b4372bc9e5a1ba4a8473fba0f9bf1a7ab94542e4

    SHA256

    7e3dc383e46c8596ad5a72f226fd9d795eb04ca71a1c98ab6b32ee7f6b6e884f

    SHA512

    8de216fc87e72902e6e400bea447909cea476dbd91e6cb6046421780b05e5860429fdd112b41d54b5637e2cb80a04feebc705763686725cbd78f5c36aec847dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b2c0f6fcece075d5be7687673a2b9089

    SHA1

    3d22b64ed508792dcd0702ef21dc079712d53758

    SHA256

    687886edddbe116ec0eec7a054da18657c5e796589270ac1b42cf404bacc3c4b

    SHA512

    f8d294f17289eaf243229999e3f38e1d351a27b1a34505692a02146d6285e7c87b2628add9a9c5d8fc672c04dc7c5e3d1e105fb9c806004693dc8017febe30fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e289c0aaa9900cf02943abd8be0384e7

    SHA1

    8b44eddf446c25ccba781c9186203bbdce9caac2

    SHA256

    f02af5801a1a9ea965ec73f757762976f08d97aeb74f9786c87057d9d28e0593

    SHA512

    e185283923387f02e99d9406482e46c204a6074ef8566e9010993c6f46c66ddbf01280d3ee2b3ef58797d1ac405ed3a2261422b28b4fd8b5620148ebf5f11a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcbbcabbf13f44b47ae992c9f487a795

    SHA1

    e5a432dce9cc9635accb1a913676431588f2ec07

    SHA256

    60555b2201427ba3f76b7d3d6ebc12383604b7dec901238b26710680d89108ed

    SHA512

    43a7b3a828912c06d9c1106c44a07e87b33318797f81ed60919b199dd057a4c97627dbf4019deeaeeb154fdd763b807562d975f97341d22d8e3c8c8ec7b9f62e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    648a3d956aad5c7995fc949b43952146

    SHA1

    187669698cf49e8a3578cc2467040cc80b78ba83

    SHA256

    a6effd3dcf163d33a816250d120d19da90e80d6f21c47bb65332f91e4a96d6f4

    SHA512

    6d8ccc99cc68688d4d4406acbe8b1231ec3314c753b57a39ebcc01d835dc49a2c54d36802a6a50319bc1bcd32b9e088f8734cb6733eaa87bddd2f2b347d95bfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
    Filesize

    1KB

    MD5

    58af22ec0be051a7eeebf007f1afa9ad

    SHA1

    7536642d8aac245bf03f715b194c501430bd29cb

    SHA256

    f7375a1bd6ae0856831c06e45fd6ce2ce06051b6b3bbb163e391a86e3e9a13e5

    SHA512

    d3ace146f7636f5ddd72e614d71edef77eab4cddb56ca2ffe87a55dd763f17ecbb0434b724b00f1f2018c1fc71992006a3adf2541cd684ff15630c4f19668559

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\favicon[1].ico
    Filesize

    1KB

    MD5

    c3e83b54d80ca6195ae13016b3cfd9cd

    SHA1

    e1f479901c42e8ef94c1715e50de2f01ba4c5b21

    SHA256

    9ecd773b2c827bf4e5e8e3c5e1936c56f20a0cadd74550a6a2d09391190def84

    SHA512

    9bcc469de3c20c0ef40de804d185bd7d5b2a0bc92b902649b16c32bfa640d09d0601596a4b11ca48f7d02fce23f09118b917191e35b7934552ea7598696aa399

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4166.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4205.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4787.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2012-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

    Filesize

    64KB

    Download