Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d6bf4b0581...8b.exe

windows7-x64

3

d6bf4b0581...8b.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30ca9ab014f72817653ced3dcea4b9d6

    SHA1

    6707c6074517fe47a65b0dcad587f0a75f401fc8

    SHA256

    1f34ef7e880e6d7fc857aded272d4bd33698596638e5b8ab834f4f260ce9fc9d

    SHA512

    a0dcebbb0871b18f0043e5572f6164e7b68689898a47812e8ff90829bc9795c49180b68f60d62e1089110d0d73a70fc5fd2e47f76f5ae44fa69b59b93bd5c3e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95f57b862136450b378e451d9a0310cd

    SHA1

    05eeddf40fd9fcc36e2137f0431c02bda584732e

    SHA256

    fe732dae43fbbd3e09cf5a75718731a6f3d91a2312d17e932c26a50390c48da0

    SHA512

    f224ee6edaadfd724a87655dd73f7ad19f2e3a02c5b36c502fdd62fa69aa0900452c03f5fd23d56a86042e8d96cdba7bc6c94bdfd62417c4b578070e5c61e17e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    739c3e96e583d1fff479fbab2fe7cf6e

    SHA1

    09c13c62879624c36fc58db669e83e67d44ce185

    SHA256

    df18ca50a4118d7faeca465297ccc202ff3d3376539cd2b6a167804958f54f95

    SHA512

    53e3dfcbfab39d2cc2fb1ebc78f068d2a397d5d67b37f53e92b17a741cf20b2b375204060550616e2a50f8e204d3e5d0a00ee2340f7743702c816d231dc49e9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a8dcd0d46a2e9c453bc21242f78600e

    SHA1

    57822351e7fb8f9d7a07fb822a8980d68b0c3161

    SHA256

    fc3473895ae48d4a430571b6dc4cb3eb8f478f21f38a65b7d6d2ed7e363b7571

    SHA512

    771510e9d2c557fb385afcf94d91dc97978ff431ac7d8d3956f4aa99b6fef0c5513bcad609a65b456cea2093d8c2966f839ee2012479dfbb76565a2f3902da53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df868557460f4a3c2fa6e1abd1397819

    SHA1

    ea033e4d7ee649469ce9101c9320d1c3a9d1e538

    SHA256

    2cbdbef8154eb4051932e48393f3ac83bff757ea2dd8adcc50a995753fda5246

    SHA512

    b04394feb72ef5639220dcf35a9609a8a06c2cf083590216075d3cf95587d49c3db28aa846954fa5d18f171be67b542d8fb98e8dd61aa0647b03118f2312c405

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc94a9ce04ca3f3109b25790d894173e

    SHA1

    8e8344bb9c17c1b9983d635d28bbd40006371316

    SHA256

    a56c737f6652eeefbf4be76ebba28335767fbe521ad168de05e43d51659a0a9e

    SHA512

    22bb9838713e76d3f64162493819948d4f04d6be9191c9c13f714e5e1ec37817b0babf729c8f0bfb0d98824af8b0f4aeb41528857f908ec85c3ccb0fdc9ff383

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    142fdbc18fddde829eb0289f4a9baf9c

    SHA1

    30b16de81c82fc4f2d36212980e240fd8b81596c

    SHA256

    3fc8e9aca24d4d461a52478e12531419c027a423b32c8c9dc63437e627f5cfa6

    SHA512

    3222324a895e9505b2befa04176f93cebb86df3576e567c8b285f84bbdbb529366635d04f76ab3caa993736a13328104f880a631dd515f7a8d0d88b65028bd48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83442bc6080b0f2d002883c3abadde65

    SHA1

    51031c0cc9475092b026265a300240a5a3750708

    SHA256

    647b1d8ede75388a71b89fb9cce98a645e5b736c86811d3364daf33af048251e

    SHA512

    4372e38a463c7a0b564234ec66ec427a74660bb2dac1bc8fa16169f8fdfa6829b42f1ba3223b1ec533ffa8a79c5c7e722daa3a18901aeb077b0b9bedf931d798

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c522c7772ef17427cb80ee75734ee4a

    SHA1

    450a8cf86dc025b3289cd4ccbae96de24540a12c

    SHA256

    a22c198c51fdfe11b34dc77bc8c1ae4a06602bfb6a396e4d37fb35292041fce4

    SHA512

    0201c7db7bd2df04e1a48e8c4063cbaaabe934d3ffc8e67cdb79fca49360f0b61c36d1efac9e4be4ffcc44ea4e2f742d2ab2e88f65c38ca40ff5869b0ffc12a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    007d73b2314afe93caddfffb867e713f

    SHA1

    76088ebeed9a64a6c5597e005168ef4af889bf83

    SHA256

    21ca53d3f53dab664009bfc47dee175dfdf6ea3708ff01572dfc0d304cdc9881

    SHA512

    ac546f1b786f8b617395e4d03479bcada055861392686d8b40b870e36cac00ca0d2f64356cc073bc6506dc2ef57d8337dff0ca80390ecea60372c9844416bdbc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4FF6.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar55C8.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit