Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

IPLook.exe

windows7-x64

3

IPLook.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IPLook.exe

  • Size

    207KB

  • MD5

    b02f94fff3d9c5df1a63c6289c658ea6

  • SHA1

    95473368f1b76bfb7f02e773015ec4f139421b95

  • SHA256

    5450f1c037f82cf5adfaf757e48eab1a1c4990b0cf35b95ffc86ac9786fefb71

  • SHA512

    ecf61f1377325109c4aefec93994584c3793fcb7a9c575cf4b66462baebc0be0c06451dfac9f5523e3e89db4cb5e76b6a637ea99b53200c35595a920d25db63e

  • SSDEEP

    6144:1tgbh+dKizKDf+6DfgeWfXZArL1mKOzayn7:1QwKLf1DfgpfJiL1Kayn

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IPLook.exe
    "C:\Users\Admin\AppData\Local\Temp\IPLook.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.16xia.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea873b0b913e4badcada65a89ebd8bfa

    SHA1

    9cb71c27d9a7932a76bf0e820e28a39bd994baeb

    SHA256

    2921a49d1c44260b71ecc7cc6ddd1d35a91131ff67ded486ae723b4ac2563280

    SHA512

    709e934a9e6e911d56d71596ee0dd54f3475b8491e837e9222e18e1de023ccb8194cac4752d5db234b3d3f59d1861094678a44d22991d5cc7092395537d06613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f49a037c759a73739c4575111269b74

    SHA1

    cfb3e2ef97f9e45745c144a885c4048094cd95a6

    SHA256

    38f235a54a92aa3576db034c7c52347ed3c5dd778f53f42df74374abaa6873c5

    SHA512

    e8965e72e4e1cc7c1f19c538f26de9672bd8d33959d620dc81a7eebf76f62af311774320f2dcaa4cb24f76e1d8192676d174b3b612cf2792fb9771bc793ccce7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0b0bd8a85351326d1bf262f7c5d92b1

    SHA1

    cdb9c700520773466e64b373ed5ce3c27737ed73

    SHA256

    cee2f89e3934d052641875aa35cf9b7bbbc00641f9a858b0986b1c351a587f84

    SHA512

    97b8cff87c24f5780538511450c04c78ccc8bbe3cae7d88847207f3dab5bb87dcefb185dfe96f12ea9841a101f4bc06c7e79a8b1b7da657b00c22a37ed05cc63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e8977b71d24ceec41ca9b9ae103608d

    SHA1

    933f11124a93c36fe76da4435f2e32a166424e5e

    SHA256

    80315035a8f0bcd14f8fa7d777b66af3f3e1c8f376c675dca67790ae40dec4f7

    SHA512

    cc79ea65bab6f45a5ffbcb45b1da0fa0bd8f270654bf267e76ffd719cc69af1c256b9c1d473fa3cc829b1ec022da8965c40bb6a3992ed302debd98037c874e41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a028513cf0fac4eae18d8099f2d263f

    SHA1

    ec5b6bff72c74c0f103506fa5e7eb1a929135311

    SHA256

    7d4e5a707da5a0e8015c25cba85261209eec8b7fdc033b2ed0de1f86be34bb1f

    SHA512

    e1ac4740276ada7d5ad5db0c395ec33b1de15f970acdfa167a08c5e0b8e65a87a8fe0f8e5f99357ca8ea4ea1170fc7d23823623168a39b4a5053f22bc334d491

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    095d40203a75074f3c806f31239c30fe

    SHA1

    04c6a44f764fdeb153eea9f703676600636247db

    SHA256

    139221abd38c399e08380b7b77752b94858cb2aa9995e1f57d2080ad6c3d9889

    SHA512

    4c3e7b660a8adb9ab1780ef6d7af778bf98c6cd235b0d8c416e7ccb1bea2f0fc3c0f40785ed778f0622e4054351ac412a3264269050bc0abcb2e2fd982074a6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e78208f816eb3894c57e0f739f02748c

    SHA1

    f2805b0ef9f0c53f662bbadec3252a632bf7e3b0

    SHA256

    75e6a82b1b7fa0cf62b760bf7db424f86881db2e582a5c63d9f563405c41855f

    SHA512

    adcb775440aff05358f626b5cefee4a41eb604ff0f235a55011ff473101573dfdf4ee43d3000021d7e02b5eb1e1e82504180e9a27eb1860e7e699b10c102b48a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9eab5e70cbcfe76a96e4de3d0ec3b53c

    SHA1

    1aa7ea9c77504d53301b69485a1f3910056af325

    SHA256

    2359854451336808b144688ea558a91e36cb9c3fbc1d65b237b9106f4f2b3097

    SHA512

    5d835ef66ba7ecadb4254eef43d9b2dbbe13e79e5da1485b2f5cfb99bf3934e688ecdc341556a822359ef6db7b3c842d3fe9ecff0ebf7c0b43d86f41ee78c81e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fdd48366838725dfa9dbdcd030a8b13

    SHA1

    8d09d120128941c0396e442b4914a1b99bed733f

    SHA256

    d837d7f61164121c5b5fdb9bcd9b4e287d2ca76cdb21273114199b805ba7aa69

    SHA512

    c324f5fc9bcc54a846443b7d32904bdfdb0a8ec484f8eea045c3f5ce90e7a314ae0aa25d3f51b1e9c1cd530496d3ba6cf5ad686614ab03268d24a931869f3f80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2eecb0550891bf7b558cf707cb18494d

    SHA1

    495fc925f0386b7ab7fd525eaf45917ccc04648d

    SHA256

    a1b280ae4bfebfb0b21e822c673968d467f4548f738c37e4f8c69105f75991f5

    SHA512

    0677690875ca1b5a191073178485a82d8c200e26420dbd05127103d6ed92a62535ef959e52cf23cfa6dcbed4ee3c63078a3ea1881bf1a57f1e5974813d79f90a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f294a1208c9b20ce0d5651451eb7773

    SHA1

    48d0f57d53d2d2696e31e58158dda0b53378712c

    SHA256

    b691ade79d52d45448c518b1f9087e1c4706f62d1580580b245ca0a173f3bf63

    SHA512

    04498cd45f26c992e16c3957f933bfbf072715df6f411d552ed765f5d15e9019eca52507de49bdc9d3240ac833045ba25834d772d149017413b23f110bb9a61f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCB1E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCBBE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3056-285-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/3056-3-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3056-1-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/3056-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download