Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

e40cc6f16d...cs.exe

windows7-x64

3

e40cc6f16d...cs.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

agents.dll

windows7-x64

3

agents.dll

windows10-2004-x64

3

atl90.dll

windows7-x64

1

atl90.dll

windows10-2004-x64

1

audio.dll

windows7-x64

3

audio.dll

windows10-2004-x64

3

core.dll

windows7-x64

3

core.dll

windows10-2004-x64

3

defaultUrl...s.html

windows7-x64

1

defaultUrl...s.html

windows10-2004-x64

1

defaultUrl...s.html

windows7-x64

1

defaultUrl...s.html

windows10-2004-x64

1

defaultUrl...s.html

windows7-x64

1

defaultUrl...s.html

windows10-2004-x64

1

defaultUrl..._.html

windows7-x64

1

defaultUrl..._.html

windows10-2004-x64

1

fileclient.dll

windows7-x64

3

fileclient.dll

windows10-2004-x64

3

flui.dll

windows7-x64

1

flui.dll

windows10-2004-x64

1

los.dll

windows7-x64

3

los.dll

windows10-2004-x64

3

lregistry.dll

windows7-x64

3

lregistry.dll

windows10-2004-x64

3

lstart.exe

windows7-x64

1

lstart.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    defaultUrl/pcservices.html

  • Size

    5KB

  • MD5

    ab888122cd5d7b5638f82bd2c608416b

  • SHA1

    6b7b78f882aaed84f3a2b3c8e8db98f17e879932

  • SHA256

    3b6b682280ec51045fee2fec1c72945cb56701d35837188dceee857dc190e23e

  • SHA512

    e3793ad228de5ab4c2766fa62dd9d6a8cbd8248d68a79d8d413fb3f8816e1a5d3d2c602eecc80cca8087fcd728374661cdfcdf920603a8a8a6a4865b9c4104ed

  • SSDEEP

    96:SuyURAfmJziMCxjWk1vo1USmRLod/zEvQtA455Tp5NfL5QFeEvDGtX52f5Z45QFu:SuyU/iMxkFCLmRLodrLS4zTjNtQFeGGf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\defaultUrl\pcservices.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    952d774d331103872fe7725eddd30233

    SHA1

    f9d4d2bd25440f1995ee8c121ff60aafb5a56490

    SHA256

    0de9854ce4b623efc58c624dc2335f9f5a1f3fb4b123925c28df9116d7753f9f

    SHA512

    1ed28e7282e21b3252315359ab07fe84724c4fca47dccd45d7da9308ca7e3682acf114f12fe52f55b4c43f85a2421dbc44d518571c58d48d69f8616ce172f562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2591b577610fb9438fa41cba482963c

    SHA1

    767ba6a0271b5205308b1aa53107c7a1bb8d2f3f

    SHA256

    a3e9c6ba50e6dcfd22ec3adcb1ded3ff04ebe6a04cda79e6055359e83ffb64af

    SHA512

    38179d635275fbe81e9285261c71214917a61ad27fa516d852428eeebda3d4f0194a94d69f5153c5b9fc4b9a0299cdd5b7c2baeba26f7e03a21a9a319df4ca7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40f69d70c382ea40fceff5cf87a2e768

    SHA1

    90bc3430c6bb46a920c496cd267efedbf261d432

    SHA256

    4446724514b9404a653035a9e1ca13bc7b93cdf28ec20ef9647f2a2ca98cd554

    SHA512

    242195bd7177499c1126ec176596df8061e0994f6e976c2375f7ec8d75a603fcef4f606e3943e34c886c7056eee46f7f43a9944b2c196448a6ac3518a4ee01f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b94b1d2c07842bf26e5a02beffd3cae

    SHA1

    c3e12ee7c53a0d46c2c7eb7b384ab020bf4c3069

    SHA256

    44f6c9812e7092b67438c5a821afbd41cd00968c262f1864b8e4f5c471a8ab01

    SHA512

    81048d658b78a6237b038d3e6c32f979f8aa2820f365be371702fa0101036ead05f79dab3c634c99ccf745564e0ca802462b998144e4fef9b1f001c9a4116ad0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7157cc9a834d3870689ccdf16293095

    SHA1

    147ac0698762ae302616c44b6b7d930ea2b7cf72

    SHA256

    b9befca733c57a815a07f8cb47baffbf673727aa8c021f7547cba0ba5735307b

    SHA512

    a4f0b9929efd6c21c5d32a5eed25f435353ecff8c50d9b4a2995ac2de2fed03eb457a0a66bb2d4458e9b51a8482dc7d9f6ed5a60a0aa035366db3bbffc12397a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5609e38fc18b0c96e58dc002cdb7a4d

    SHA1

    8f9506715c281e7fa53ad51a16d94da125a2f6d1

    SHA256

    b574e36679749b56b8149fd7d20aa01735e5d3ed0c686f976025ab60f7bdb1b5

    SHA512

    1a04524c454ef268bd667d87c61c94afc4308896fae8dbde0cacd7c8a83c3dd6a775c85e9612223c6d51cb5f9059b3b5426912b8ebbf60f0b43dfb75d400c3c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f13b2bd6b431789a3e7b9cce0fdd284d

    SHA1

    1de2b871563baab878f81d3820061fb2a5f9c41e

    SHA256

    9f897b094210e798777fbb40b5479740c5c7668bf0ffb41d47992c21aae27e4b

    SHA512

    fcf9ef4286a343ad28881fb7212bcb9d4f0587b7f932edc2072273d4a622881af0eecb4371a54463f6044f2f7cf86ad7b4485c1f8f561a40526501d69561e2e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f44b2850a69fa2f7cc9ec81e2dd9b49

    SHA1

    59478de6301c9cd8c5663929dcc1ab2382088408

    SHA256

    beeab3e28d7988e95ad0ca8527cae563699130959688f754aebfaff1f16fa7ee

    SHA512

    b6ec92db422a09a6ce1bd1ad0b11bd8fe2928f00d1d71ce56f54d9ed8924a10671e259b77586496a3168dba1e742303cb0f008fea4f018a19a0a239c33b372d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    017705af9936317d7bfc272081b67cb4

    SHA1

    5abf6db620e145976f419ef5c4ac88ad26632a0e

    SHA256

    ebdb2a73790a5ecaecbfb9d6584d8997bc9c60eaf77c3f9dcd959dc0dd2536d7

    SHA512

    5ac2d4ee796bad4889d6c2cf66639db6ee8dc99ef1564846944c8c2598f235e8c7cafdc07e5debee266128ab78ab50f269e7e7caceebf167317f23982907f8f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7736ff9bcd94045a1f021899be1d3ca8

    SHA1

    c3d011fa7efbb2d4ebdd2afa0ec5be4ea9c8bfae

    SHA256

    e6c3f81c61562c5ec42494fde80fadc098fc99a4472fd5b0efe851933b7f8f74

    SHA512

    5895ab3dbe94587324bb9e3218d350260187e89fbfdd65d958ce33866c1fe2d5e7f1a23b893b97010598dccd292f140a01368c5bc98577d6833013703b70d16f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8db568ab96d9d109e05a1add7c83368e

    SHA1

    7bb900728cfe5ec9cfd7120e10e5d24dc700db0f

    SHA256

    3e98f93960dbdfe5717a5ba10dc41b4673063d808a1c5a4d81bd68dcc1215597

    SHA512

    237a9455d22b9ffff9bc29573a4d09fd623f5e958a853b718afaac136f96daab5d186d70ac11bd648db4987003dde91ebf4278af3e741b622937963a1b38f43d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    25720c6fd4d9d33456e1abee71d9598d

    SHA1

    d325e301d4330f4da4b9ca63c7feeb5e1392cbba

    SHA256

    3ea0d8aeb6b34eed185d29ee98a2fb97560ec9c1e54c394f0ee70d3b4e8925da

    SHA512

    879bb5fc01cfffb12589043b44be7cb6ef87c7bb866ef992a97469740f3ea176595f33d09701818946ef8a0264956a751365b98faee80ec5800d841936cc8698

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8c8efa107eab491135519daca734188

    SHA1

    a5acfa8ef1aff6fd988def81ed8388f4432da174

    SHA256

    912ab2618bf158ae930471640a9c29058c36ba189b53d663c24ee157f5d523dd

    SHA512

    647f9d6373bb5295d1b0b5c851958938abc75170e7cc867245c8c5b5976b606fe9691e78230996e6bf4a93bb03346fc21b9028fb445956d567bc23f68fffbc8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    437ce30bedd6ac8a0ac321d95d1884cb

    SHA1

    9cdc0886d0b7856513aabb330e28947e1a5ebb17

    SHA256

    8d2eee7cfbdddfd9d90735c0283ba4de1a150da1aef3a7d3733988dc346202ca

    SHA512

    963f36b980194f56a47f776860ca8f88f7c605964b4a60976c55394de4df0a5bc2ae882ed905fba04fddce66a8531d9eec6fcb6ff5e7b667fe60e897334bdbb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    216b1e0c42a55e87cdbd10747f01da11

    SHA1

    e376af9bd7c017c18f7e4ed58ba2a44e4f56dd08

    SHA256

    439d07f5e1306b6db3d22682ad3f538ddd67eb7b68f6cba2909c9c95a8a7802f

    SHA512

    a776c62a1362e2f25a4eb98b1ee2f7ae723e17f49feb5e01c6a0c557b485830a984ca9b49d0f52ac186703ab7b4802c0b2a39950d2f572ea86b9b2a664ee6b35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    675d1f547ac7703f68cfbc07271c8d53

    SHA1

    9abe26f22697f5e0e13e19ca7e912114ed6013a5

    SHA256

    d86124b5538d14fdb7bc461f2c19d7fe52ac748149ee71c692fe11571476f1ec

    SHA512

    00df6aba4e090afbee02a253d42791173e5517ccebdf08880bdd97b0e5367c61fdf67aab276d6d1925f7052f7e574541c78bae233d8b2dd0f9ed3a91575edeb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfc532a4f2c5af71c94c07904afe4e33

    SHA1

    04fc4e4e4060b82eb07ebe04803aefee276a9e94

    SHA256

    1eff779e03cdf69f7f1d63595cd060811418777ce53dfbd01107c7d6602f8134

    SHA512

    145da35703c09f1bd9ed159e35f14bb5c0c33d9c7511486210f9713284425e85e96c90aaaf0e779f78db387b9ce99e214e3af220b270ea8419abc2f7d88331c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6cec8c7b9541f0c2f7416a0e07159dbd

    SHA1

    d9e887c32ed08b79e4e0251a8bf3883198aee784

    SHA256

    d44e326a4911a7aef0bcfce3acd2d5d9f2288f3c6d353ddcea048fd29817d2c8

    SHA512

    72f3f6e2fb42eea04b6ce8e52b32d9e9f00f592c8d68b8e0d5a20b5587397fd39878e98f94f27fce81a0682ba4e6b04028e94f58a34dd70e9c38e40b0e8be37d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aacdbb09f035e19fabe2c42869323b55

    SHA1

    aa1a791877432621d37cc5d1914aa67207b7d454

    SHA256

    18bb609b1c9ddecb4e6e587eade97e8b0ac5f3833d5c3b88c000c1da07a3f06f

    SHA512

    f6c411b6d548f7f7d2a35686d78893858a78e7fa8daac1f1f6d7db72b5fb085df38b593396ab83ef4405771255c6ac8716e259ec26387e539b45dcff9c256b87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3718.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab37F7.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar380D.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit