Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

25a5ef4ca2...18.exe

windows7-x64

3

25a5ef4ca2...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/ԱմƷ.lnk

  • Size

    1KB

  • MD5

    3801cf5240ef322de5fb53224f763068

  • SHA1

    e4286f9b6e5986b6a237bc70fdc03e8a36287e11

  • SHA256

    23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e

  • SHA512

    3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    be2fdff059349256a8f28b23a5c02dfd

    SHA1

    b0c9a31f2fd381583716c868b73997b2ddcae284

    SHA256

    b3bdf74f0027bf92ce4c5227259b2523d80edaf0596bf220895a36ecbabf7900

    SHA512

    774b5e18dcf6d22f44525a20492a1b14495a4a799212c91ab5123e891b2c3360da21b574302ed8a83131ef688715b3f87aceccdf4820040ce754de5eb682ed98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9b89ab23584a170e3abbaec239c34c3e

    SHA1

    b372c9863d8be7c5dfa84589cc48a8ba819ca494

    SHA256

    1f542cab8b8fe062f94f39b16611763c252a37e5fc817c46192abdd8fbbde180

    SHA512

    92ca1efee4fcf971cc7c5a09579e2e53e4dc3d655511bd4c3e93db457f8afeba5ac16eb3563b5ee420b6be08c42b3ee025f3cf8f0c5b684f185b9095fe820deb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    81963bb00e4f102c4fc94b362759885d

    SHA1

    5d80b2286b0ed054da7e9b85a4de26184ccc8e7f

    SHA256

    81c44794733afbf28d144186204501e1862e309b590854d8453f9d796a427718

    SHA512

    6ecd52455d77ca54c97bc61449cc5804063ed20846486ee79e2736329e4a86bb5049e115697a42b46afa6532bdcf12b7a35342ced06bfd5b4d3471299c9b12f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    133fd621f43b7070df65548d1f8d8117

    SHA1

    87c67a9b878af7bbe195c56a8bafb34bee533661

    SHA256

    737f8a197a24edbc859c22db43886d87eef359448b1aeaca3c08560992d6342b

    SHA512

    1f8ecdeb460b1f4b6142b71055954f4716de625d236c6fca94799921c5d74a3b540efb3cc40404b84aa0c59f11b7b979dca94cc161125decd80422505c3e231f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f7056e5958aedea2ae91de4582ec8c7d

    SHA1

    dfd4beae4f484bb3f31a68033d2b0cd631dafa7b

    SHA256

    155431431d6df4e1b94d2facb9802178f78c472ceeac957fe024521bdad3e6a3

    SHA512

    6fc8e6fc2ef10d78f36e10e1b7bc7af818550ea344a3812078746707126d616678d68f298e851641d3a50088caf11ab96beb99df6c4a9081ffe94318585e16df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b196547a759fc57c64b66ea259e20061

    SHA1

    5e6fc4b3413f757c22b41fc92664f2901988b95d

    SHA256

    0a27a94c1f05f7cc99337cc94dbf177f479a10a1b696c0f0b1be51cc4484b63f

    SHA512

    7d0eed340ff93ef8ab9d4a7219c90f96b3529c51577aff0cf5497b0300d2c33f8eaeaa8f2ea036de367a6c3f08d982ab363965e69adb5f9f50b22ec096fef919

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    145e559162c29f494022465caa3a0802

    SHA1

    ff406f9240e9b8690eb833bc28d5d92bec5410b5

    SHA256

    1ea594bbe00876a13f2070bb70a5b860fbaa0beac954f366527cf9b6b720ad3a

    SHA512

    a7048470a7594d167f18d12ec7a3a8156726f0a3725ecd249a1acd5b941260168d31b3f3c88ae21294f6c65f91fd8c1a49c35b8b3b7517f80854f83c6e422ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ed8c99d72ae8af383cf2bfa0fdc17b17

    SHA1

    965e7093d7d1ed18ea7c08eecf08e58a58ef7023

    SHA256

    bc20ffd38e71b042f6c4710bfcf7dd92fb680170c0cf576b858ff092db8a3535

    SHA512

    85ef3c92fad2d3dc4c5ef92645cf6961f74499b49be49784058cd7aec4bb57e26caf5603282038636affe4c1dbb5846b2ecab1d9cc228b56f807d4781952c0b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e760909a04ebe3d3bd7650097b17a3e9

    SHA1

    a97d2403e8d311210e7277822d16c3373e2aa492

    SHA256

    5a3e9fbb7f711975376a5687b1bdcf741e5371da310b367256b13e1a6eb18a7d

    SHA512

    2ccf023bd241e919caae55f9c0bd7168c0ab1a4c2e5e0719aae4601e606bf0ea08a2eab7b39a3815e398a28deb43f63de3c746d86e4e98ef2dfc3926b5354ec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c852d1f5f521cf61e192e0276cbdd2db

    SHA1

    86b3a2b4d80d2d4fe56e6e4466af474e6c9437e4

    SHA256

    9b0ea1d78af4cb88fb7e912feeceffe271740855c6e6b0b7f507c941a406b20e

    SHA512

    250ca9eb7815f859fd39cf9d83ecc216a837d8bd796cf0d17cfde8c2967df2e685f51cde6f37ed649a80be35bdb91ecf4e46995d6edcddd3dbb32bbaaf0f0ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9fae9ce25eb74713eed23247fc4ebc08

    SHA1

    5a93abe62347c206b51608cb30b944c07091dbaf

    SHA256

    95173203f10f7de87b08365b0f5f44ee513909299def3c94743af296c62b60d2

    SHA512

    ea3bc19f950b67a3802ca4ea9429e5363f5a09ba678d2956de8392d692e5ea813f75125515b939ccbef0e5744517b05ab5b53c802806e4a8eb43740dcbe78da7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3db2d185158a076f65b0a57815540269

    SHA1

    6ee77a7e00fde54917502900ada7b6982d6a14bd

    SHA256

    04ec9fbc56771e2805ac2111d6cd3690239f458b66a799919f107a8f57e5e314

    SHA512

    e51151be4bc866aaa9ef77310f9d09cc39f76b11bf1355e95ace55c717754dc8795e3fce8875b2a6cf55b8e08b873a2d1707a29e1b98991b50c1a92f2b2c06e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2afe33c4e65f3da2ab6f6ec7e6c42b88

    SHA1

    97de1b8c304035536095c2536c2c780cc9ce3f1d

    SHA256

    ab4e68438e27b67ab77224df480c1392f9974ec3de819a385e09edf3a6b6f353

    SHA512

    0a2815043391e883634df428480512ef3efb4679c3a9457fd654ace843f8d9cc2cb5c9e014499163532388de62384199afebdb0f4b4dbca99c56256aeeec807f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a2efca13bbdcfb02d74e3e4ac01b83b7

    SHA1

    2b4a1743904bf7c308a5acf21fd94936ec343028

    SHA256

    302e0314651c925bdb19c12a2255614fadbdb0eba22fa444cd8302d7b1adfdf0

    SHA512

    25fd679b6c78f7eb5e4731ab28d27c14a73819cfff5001e68acca7378a29e9266fb0ddf551ce43a3ad426db1d3bc6de6216de58fcaac289826c4630e5f7562cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2b45b11acf4f67364bf27a85835e8c7f

    SHA1

    aa53cc7beae08a0d51c2312779ad5649f773d269

    SHA256

    c94afad606450267f62fe81d27fb2198bed56a2c7d12b0259f36c4729815f443

    SHA512

    10a541e8cec0db745563a5a980c9a5e46861a4b0095a5e5820ff4f1a2a99e606beed3382b400a2ad62e423a79186f67e147f11f031add6b1dbfd6e8c276b93e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5c43a7f9fd00e791f78cd094e724776b

    SHA1

    810060230659b090ea8e7bad8b613c5a67506aef

    SHA256

    bb1c9a186b3e60fbbad0d455d61f50e5463a2008d624842bdc437ed8f1189f31

    SHA512

    2cedc8f71504e291a7eb20d1caa66af569075425c15e35939d0a18c263e955bf31da194672022536fa298941e337e78e6649c9bcf494d1423c8524c8f5493d40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    81c99329fe4a56a706badac1b10af540

    SHA1

    2110fc0eb72e9873e3bd57670f41326abb5118fd

    SHA256

    887ae5a2197250170a7f856ae25a06eeb8cdebc0fa29b041ecf9397f0f56d50e

    SHA512

    e868f719a6909047f4dc73a1ee341a6cd7542bc3c6687e6a10f97838a3d41e5bbd5d92bf4dd0a1682e86de59be88af42cb5d344a176fefc3b828b357b62572c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b3fcfa280161e149c799e2a10a38a468

    SHA1

    f28888263d2666f4c66363c938bc771c5cee0d51

    SHA256

    8db3dca3cfe506fb782bff35666060305f53d6e282e1951e913667f9bf664b25

    SHA512

    2eb720d1fd645d905974c01828ae386de440e111a1ef080ad72e074291aee9268b448da1d8e14a149f9675a649e17916c7d4e99d689ff8cfd2475267de4aee2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    78289e3d81c4c49f4334fa857f0dba58

    SHA1

    78668708475ef9eb36f0cddcf75ba816ff4bc8cd

    SHA256

    e8e1a55b7c074aec73c9b3268e72c8dd6c70c560a05e40d60624f37adaf7363c

    SHA512

    5437116058c57248e2911e02f2e52df688a844dd09fc74dd248a7c92989af5cdbbe8e0c73904f279657f9d99f96953d5c6dad447d608a31b4f65691f571eb655

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3832.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab391F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3955.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit