Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://cdn.discorda...

windows7-x64

1

Analysis

  • max time kernel
    57s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1235844300894507029/1238446322801967144/XRecorder_Edited_10052024_130131.mp4?ex=663f5084&is=663dff04&hm=a5e6e876b410ee15dcdc5a216ad2b82c2e9f3ce6e3d435460fd475c2f35f1417&

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1235844300894507029/1238446322801967144/XRecorder_Edited_10052024_130131.mp4?ex=663f5084&is=663dff04&hm=a5e6e876b410ee15dcdc5a216ad2b82c2e9f3ce6e3d435460fd475c2f35f1417&
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1116
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32785XDE\XRecorder_Edited_10052024_130131.mp4"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e978b6a137d863b6f9599c80522fcf2

    SHA1

    c6098e760867367c8a9e1f989e739eb0cb10e6a5

    SHA256

    fa7d9e49ea1e0ca875a25c65181feb1117285e2c4357c128ff519e418b90f8af

    SHA512

    82f75c6ce882d870918b9c7c346bff695a22c56bed2b3feb45f8156c6796f6dde0be29a3ae2061bb2ba13a2d005852ab50ae49840e5e469a66a99d80cb83f086

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3846458453b31466f3376073a0bcf21a

    SHA1

    33f3f2592a52a0860e66711bb7176ccd044fc4e8

    SHA256

    15e611c69f0ada65891c40edc6abe8180f9557c169fa9dd3d33ee9bd580da974

    SHA512

    e1f1c27ebc665a33b5ea7d4fad9cb71ff8372ac081d3b7b579d3367421af1c738d83011c57a3109eb547ac255f2874d37b6a351609c2601ba5858b92170639b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6297e803992f84ec12585a90c382d24c

    SHA1

    22f1f1de2e1ce1db8a168c5974907070e379a3d7

    SHA256

    86f38bc90ec8a707e5350b29ef3ce7712eabc395fdf8d30ef9da6871eb4bdd0b

    SHA512

    7e20e5f0708492b577df9670f484bc13c518bb9d42b5fe8cdb651eb3278b729000a8ed7c62e97dc05207130eb3917708a86b63877f3dcea3ae8b61b4ae104f02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c436d210963dce03ade630b53977a7fb

    SHA1

    8146de067b2d5cbd37484d3e75afc45a80d35482

    SHA256

    f497630acb06ad950216f826552c16a512668ffb8bc0225e67af13bb9229eff2

    SHA512

    aff1b81bf9761d4ee73e8c8450b9752a0b0ce4bd1f18b481143fa986f1236879d06c761f7e743537c7a8c4b5e351b5845316dd133f8a616e06df0f9a04cc0048

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RMN5Y7M\XRecorder_Edited_10052024_130131[1].mp4
    Filesize

    215KB

    MD5

    a3c17b86926e061fbb70f4972aca1a26

    SHA1

    86261bd7ca748ecf5aaff490262b43a8127c451d

    SHA256

    6cf8b55e3acc4504b6af7529a3da1a691f0d7984668ca4773eb6a3ffe1d3837c

    SHA512

    6f4052cf47e9dcb7245ded2a05895565d48126f3ce4225926fb9025161c1dd75bfd780049165765f455c445e66a242afbde1090e11c9a9fb3a1735398ca08b90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1B62.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1756-171-0x000007FEF6170000-0x000007FEF61A4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1756-170-0x000000013F410000-0x000000013F508000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1756-179-0x000007FEF58B0000-0x000007FEF58C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-178-0x000007FEF5D60000-0x000007FEF5D7D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1756-177-0x000007FEF5D80000-0x000007FEF5D91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-176-0x000007FEF5DA0000-0x000007FEF5DB7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1756-175-0x000007FEF5DC0000-0x000007FEF5DD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-172-0x000007FEF5A00000-0x000007FEF5CB4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1756-174-0x000007FEF5DE0000-0x000007FEF5DF7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1756-173-0x000007FEF6340000-0x000007FEF6358000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1756-190-0x000007FEF4480000-0x000007FEF4498000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1756-195-0x000007FEF42F0000-0x000007FEF4346000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1756-197-0x000007FEF4150000-0x000007FEF4167000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1756-198-0x000007FEF3FA0000-0x000007FEF4110000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1756-199-0x000007FEF3F80000-0x000007FEF3F92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1756-196-0x000007FEF4170000-0x000007FEF42E8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1756-194-0x000007FEF4350000-0x000007FEF4361000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-200-0x000007FEF3F30000-0x000007FEF3F72000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1756-193-0x000007FEF4370000-0x000007FEF43DF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1756-192-0x000007FEF43E0000-0x000007FEF4447000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1756-201-0x000007FEF3EE0000-0x000007FEF3F2C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1756-191-0x000007FEF4450000-0x000007FEF4480000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1756-188-0x000007FEF44F0000-0x000007FEF450B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1756-187-0x000007FEF4510000-0x000007FEF4521000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-186-0x000007FEF4530000-0x000007FEF4541000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-185-0x000007FEF4550000-0x000007FEF4561000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-184-0x000007FEF4570000-0x000007FEF4588000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1756-183-0x000007FEF4590000-0x000007FEF45B1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1756-182-0x000007FEF45C0000-0x000007FEF45FF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1756-181-0x000007FEF4600000-0x000007FEF4800000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1756-189-0x000007FEF44D0000-0x000007FEF44E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-202-0x000007FEF3D70000-0x000007FEF3EDB000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1756-203-0x000007FEF3D10000-0x000007FEF3D67000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1756-204-0x000007FEF3AC0000-0x000007FEF3D0B000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1756-180-0x000007FEF4800000-0x000007FEF58AB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1756-206-0x000007FEF7380000-0x000007FEF7390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1756-207-0x000007FEF22E0000-0x000007FEF230F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1756-208-0x000007FEF22C0000-0x000007FEF22D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-209-0x000007FEF22A0000-0x000007FEF22B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1756-213-0x000007FEF1D20000-0x000007FEF1D35000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1756-212-0x000007FEF1D40000-0x000007FEF1D52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1756-211-0x000007FEF1D60000-0x000007FEF1D71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1756-210-0x000007FEF21D0000-0x000007FEF2295000-memory.dmp

    Filesize

    788KB

    Download

  • memory/1756-218-0x000007FEF1A20000-0x000007FEF1A4A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1756-222-0x000007FEF17D0000-0x000007FEF182D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1756-228-0x000007FEEF7C0000-0x000007FEEF7F4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1756-227-0x000007FEEF800000-0x000007FEEF843000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1756-226-0x000007FEEF850000-0x000007FEEF89E000-memory.dmp

    Filesize

    312KB

    Download