Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Essay on R...ms.vbs

windows7-x64

8

Essay on R...ms.vbs

windows10-1703-x64

8

Essay on R...ms.vbs

windows10-2004-x64

8

Essay on R...ms.vbs

windows11-21h2-x64

8

Resubmissions

20/04/2024, 06:42

240420-hgtw9sbe31 8

20/04/2024, 06:23

240420-g5gfeabc2y 8

Analysis

  • max time kernel
    136s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Essay on Resolution of Korean Forced Labor Claims.vbs

  • Size

    27KB

  • MD5

    75ec9f68a5b62705c115db5119a78134

  • SHA1

    6209f948992fd18d4fc6fc6f89d9815369ac8931

  • SHA256

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf

  • SHA512

    82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780

  • SSDEEP

    384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Essay on Resolution of Korean Forced Labor Claims.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Windows\explorer.exe
        explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
        3⤵
          PID:2760
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2476

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      65fd99e840b5f7f147e1718903159766

      SHA1

      4a63cf7443a07b10b6dc5761dce71fc3dece8249

      SHA256

      2a2e6b51d285050292afa3f92e7529a2802cd3af4696b78f1e6ccf24cbf4a2b2

      SHA512

      d838907ceaa4a02534c9ecae396db52612ba00af895cfbc74d991255632da2ce9683a3a6d9686df67bcc08a0b9f18f6eaea68887e9bb1b8c256275dbc6a84ffc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      10a5211e19ca3236c953af468f2864c7

      SHA1

      3bbf4af1723ad693a8a6a4994f0bd9f33426de24

      SHA256

      b78ca0b4bbf8c8f03a3dd70f96f341a2882d127c4fd588b74c08d2d3d6d3c3d5

      SHA512

      31264d19725bcea139bb8f38aeab9aa56e213bb70658494f6cb15a4383424ac323c37c38f1bf1c60ed78e8b891e04d6a8058c342e37ccd5c54deb573e9c61b0e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5e28ae49b454eb036670eab19f894e9b

      SHA1

      e719be5aa8b0bab7ee069eb4c03c0a975d24e681

      SHA256

      d6775c17e14a75c67bef61aac92c12ae3811f882aabd37cd6c8738e905db73c1

      SHA512

      f230a4cf5d29b8e921bf168711672867a2159274809a48348bcedcbdf3dbb76d9a4eb5bf598533f1b2f66f73f92726c09736b8a3191aad60f17611f863360688

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      337123576b132544b0f605df451730ef

      SHA1

      c5aa1f3e1ba4635b88df18e97c38ca469082fd1e

      SHA256

      66f17bde0ddb9ddf908c8f1990c3a04df23037e6c2a82107c5d54761efe86f76

      SHA512

      41891019529c43957737676e6aaa95227770483082ff363ee1ccd203752a1924c8e8e06e02759b003cedb8b7c5387c8b1fc6ea874aa0480b7de7f1e42d60153c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6d5a6e600168aeab62f89934452cfd87

      SHA1

      36be299ec618e657df50f05de72a6e85af115b2e

      SHA256

      dbe764d5d38750d22cfc90cbcad05e54c37fb7d8550c59281b32432207136a71

      SHA512

      c52f471957d65b6dbaa0aa1d45b4601087d0c6a5ecacb5a29c0216493ee174508a09d564259ba6dc6d47e480022feecdca36206bf0060a8929f429c7cdb56efd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      48f1df4d9b0c12fef06a97623cdad7a7

      SHA1

      9560efd4a0dfd919e9e7ab408542f7ca5dd7b08d

      SHA256

      dc05dc9c1980aad884249abdad8c2df6fe5828758bcef26980854d157bafe994

      SHA512

      ce6a6477d06a23c21b99b61e443ef037c4543bdff16f41b5c77afb1fdeec65db7d97b7224de7f268110dc7371ce1d324a69ba08f33f8f7b40097b53da9b87a28

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dc17de5ab62fee96a3fa494672489206

      SHA1

      e6abad24ced4b73d579b3f508aab66deb94fc3b3

      SHA256

      f4940b883308ae5d96546364c260dc7337c7c00c440d4aaeae750faa5b3dd9d4

      SHA512

      80641c45f56ebea4e630c35345e30118edd4fe3914a20e5be78015a9f63aaafe81e1731d3b96c8ca282b18a75435db19c12c8e4a5b72baf8cc296bb39ba8eaa7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0284f3e0b5f215a65a8aabf59f9e1213

      SHA1

      cf8891a8c94d12fd3d59ad9c2995c782964091fe

      SHA256

      26047c5ff58ba8408fe7fc6a9de2de630bfb209521b86847aa5b78527b86cb1d

      SHA512

      5a418c8933f842bbf3f64487f0024f44c87fe7b715311afa38186186316c631635564ee7c3926605c278af31d54f7f76be70afdbaf8669829b8c76fbffbd13c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4dca841b7737ecd8d29f2fd40fa5f2c1

      SHA1

      3473095ee320a5164cb45c8ea4c9c005f86d39f0

      SHA256

      5029f0f4ced062b21157fed2c502594fc7e8a3c01f4a40f882daff82d38ba2d3

      SHA512

      eb1d7064307bca378dd62ca71622b48bb8c57491de475d66948f66e57d924be5d4fda133e19bab579f0763c18d67836dc5467b1bf428ba4b087bfad8abb7e698

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7a78ed5b9f2d04422d23ac3bea4c06e3

      SHA1

      ac4472ecbc7a1587c9e98fef00998136320054e1

      SHA256

      e8a4534ba2cc2fdb3949a7b87f7b8906b5d0ddebb22db1d014d9106e94bb5720

      SHA512

      38067d130aca5e3569b018ae44e1a28d6c58506276f565c474acd80cd88a99b9f7d1e5be0996f87c7f58c0dc8b6349a97c2a9dc1febfdf38856b2b7e72292e57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d7bfc0b4008f855d0ed431933c2c54d

      SHA1

      2c6470d76751463bb5b1c8c67ed7db58c326e7f1

      SHA256

      d38ee44930f11e05e2653a1141606b13bcb289ac312f4cd4023dec8de30d9789

      SHA512

      7d0a334c3121301f28fd6d429753e18f015bd764210e1f380e24b0d4ff558eb2279dd7d8a0704c5edf2dc6b8b653c4d4ec64a59503ffc653b79f845beeb807ba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2c8ab3cf60f1c8c6d99c69b21c4e0e20

      SHA1

      d99afa10df93df6b957e4e3189c4ec5b53f279df

      SHA256

      6ee45cbb6ae1f2b19ef744ae7c34df65033f80af51f20ac2de57854d2ad1b446

      SHA512

      823f710f0bf9eec74681ab6e5eafdd9b458e4df235e54e952e43b7919b88690ce4e33bc5df6391b1f33b3da3a046d71ffb307cdd7195adf5705f924f15a4c8da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      edbc2511102f5b5d8737132903d383aa

      SHA1

      0f236709c479b292a1a52af15167e27c58c4af3e

      SHA256

      b534da7bd7f475153f0d196a8eaddb3615fbbf2c6f1e3ce779e2056dc72e8884

      SHA512

      915b827ad77b2288c9d792d54d083d801f28cd6d34e5fd30646a238fed283301563625715deac291fc0ef5e3f9d14c2d9cf49c8375db694f927f96814e459457

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0e66180fa63149c8555a62122579bae

      SHA1

      97ebd32e1262b26fc61b8a7a94efcde5699a523e

      SHA256

      34520c99ff5c56d135e508f9c4fb27bf191c960655f3e2abf32c5fe0a4adadc5

      SHA512

      41769aee6b853c9ccd38d706d7da778af587f37be6517cf909c5665e8f28dd4c7ff09572e66c2d4930bbe2176e95fbb6c90dd0808fd0bc61090d183050048dff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c78b11d9614fc230fa090260bbe7760

      SHA1

      22f6c0500b6dd64ce5b81e146c16e0fecb379ede

      SHA256

      e4290c997cc3eeb1aa9186972207d8e9c4ce6ffbae1e1c34e1e314e291749ca5

      SHA512

      43199ab7b4ae5ebbfbce1e222dd6d5d2ed8d18a62624756580cd0ea8efe113e0d3c164acb5f95de1e31a300f2a9eaabc1161a698734cb6ca295fb1d9af25c584

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ce47473d2cbba8f82a47330de8854d9

      SHA1

      d8148199c8b09ecac8a0ae45ec2ff6538eb0c5d4

      SHA256

      e81f6ae72895bb04eb1d9076e433bdd991da818aaebac45e301f980b5bd5c848

      SHA512

      e068a60de05d0b238c6074a455719dd79652b341a128291c4745abedf02d3d20d871a148cad5010455fc46a35f9de19c9f1ae8d0acd43ee09c31dcecc768c681

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ab09767436e21079b10b399ec4f4b373

      SHA1

      8b8dc151f2d86763349dab343ec0ddd3be1500ef

      SHA256

      f414d109283064eab69b834820733df5848547cedd7cb80d51b6b386e810927d

      SHA512

      945e6eb4b93d51622d0cd7d833e2ba9c06b0078a7e43c4a4c0d6ebee0499c5d2f92774fec046f177f5e207d346d42bbdca1e8eb98fe077b51c515820f72f3aba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9eed905d7724ab0b2097bb4afd1e22e3

      SHA1

      9a2ab0bb2aa0c8fc90466af6f547e4d607f7372d

      SHA256

      c34359cf4af72b3d170553ad75cda8992f3edda29f89e1a16f73ddac7e3b2fec

      SHA512

      cab77a3f6036ccb081aabbf61b9fb2a736947f28442da813e477a9d725d4982ffe5aca2b17c70e96be99fadf79635e05fb45fbbf73912751acc22205c4838518

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD783.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit