Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

QQ手动�...��.exe

windows7-x64

7

QQ手动�...��.exe

windows10-2004-x64

7

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

QQ手动�...k.html

windows7-x64

1

QQ手动�...k.html

windows10-2004-x64

1

QQ手动�...v.html

windows7-x64

1

QQ手动�...v.html

windows10-2004-x64

1

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQ手动精灵 V1.8/sdjl_nav.html

  • Size

    9KB

  • MD5

    7e4290e1b166f6fe46aff9bc513c9297

  • SHA1

    338c9a68dd7e3c8d8b157007ff5c581d2aea8260

  • SHA256

    21b38a1e69d51bf51600b229919931689711efe4aa07ad7622fb9f2e1baf1a49

  • SHA512

    cbb1a0dd34f9cee6a4938b6350834cffa1e51f2d6b5f3b3d5ad73b02e3df7940734e71cadf7b0cfe61bd4fbf88534cc23edc8541df34fe7ff9a84f85b0deab33

  • SSDEEP

    192:I5kCtXHjYGCAyXEdjj3ZOuImr09eoDjbMm09:OkChjYGCCjj3IuImZ2b89

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\QQ手动精灵 V1.8\sdjl_nav.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3bce4fdab51c1e2bc7244a82cd121228

    SHA1

    6c8f116e3280b6419fac271565dd077ed9f299d7

    SHA256

    aca49aaaa1b42890be9529625d5bb5e2b0d2c5b7848304cbf7efde945bae9fda

    SHA512

    afaec3e3e4342e3cecf927b4e3903ba44627c72d6322f5bee2f2c1c147d4b446338ddafbb37089fd3d4377f629efa6feec6c0969430d32805729a20f7a5d76a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c796077a6c3b810f93b37b9a4b94080

    SHA1

    44725d217862170394a5a9dbda871da0f6863314

    SHA256

    6772f73404d1deb8a09bec7d1fda7f3c9087c813688378efa0c6c3a3ccacaa04

    SHA512

    f2c0bfbeac7039dfdeab407b1fce1cae6ca0276b9a69dfdf9cce838481ceef41f8dc771c7c820db629f0f688c69dfdb6c95f35545987ed44b2f495c334dd1119

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10d0fb1b371c44f652ae64c960b73966

    SHA1

    0e02ed144c6b8e5d828e9b35591f77fbd076125a

    SHA256

    6bf33168e4ee9032d4cd04d16869ebfc277fad2314a84e90024add8e3499ea7f

    SHA512

    3778bae46fd4c49728dd645e26aa0645f2a43287a82025d7de1f255f84d5bf9b07aff29868f25432c22750fd7e91318e98d100aa60ebecf85ebd855ba17d3b86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e36db2da96a9c719180bc37350f29127

    SHA1

    3af287f893dbe90e2801a80794207ff1916b5b57

    SHA256

    8374c0cccb4afe40d97e4dba3dc9d0fc84db44529802183b66f145b5b639925b

    SHA512

    396e4f887adfce1e06be20cb0801fd7c220c5b222575f509639da0be60fd924d35454b512a01bc62f7bf46625a94a17a3b904a7ebc85c8f40a02e251c53a5850

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    602d9fed77eff2fcbdd3bc6a45867fe0

    SHA1

    dd68e47b0f406295506507874a4391cc57e82781

    SHA256

    4f59061935760de3f815906ae3f38ba8060e7c125ee618a26b65e0aabd1a879d

    SHA512

    45b1e5594c8fa6b77eb695804501c46493781225364c0130aa81fd4ebd5c552fbd2a7dca1a8e4a43840eb0c8c7afb7e3ef6feb684720f458dd2e4bfdc7f902c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5073.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar53C5.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit