Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

url.html

windows7-x64

3

url.html

windows10-2004-x64

3

Resubmissions

11/08/2024, 15:30

240811-sxj24svhjq 3

Analysis

  • max time kernel
    19s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    url.html

  • Size

    642B

  • MD5

    eec33c7be27bda9493cf31395ed5b9e1

  • SHA1

    b6bf81bbdccb25b8a19cfbea83e3af3bd52aaed8

  • SHA256

    b9ab53214107473d5e7414240f88fe05b5d4b222f75cf314ea484ed882981f82

  • SHA512

    4ea11e06cbc4a2e278ee08ab2f6069dee84aa494d1edd0b7c429cb8bff5930e0bc092a6b50edc6626cc5ea2df1990803897106afc4fdb72ce8b425da4d553feb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\url.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495
    Filesize

    472B

    MD5

    3f136aea60ae7c33dc0581d15e194811

    SHA1

    2e449fb186ad8aa6315fa924111e2691efe91ea4

    SHA256

    817f571095c874be31c7b4c98e070359202bf06292b3f7fa760150af1c7969bf

    SHA512

    bf5d39f049dbf6ab1ecaaf8be592de79ca05f609a1cf34c52be885e46c3e6f07b3f13e20422e6b5c31ca68a4fa91258f887f61c3948a54252fd653a937a28802

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495
    Filesize

    398B

    MD5

    03a3ca42e36f017837f59c43a15c0ad9

    SHA1

    75ce518209ac349b7d3b9e5e51d787e38ac0d2dd

    SHA256

    910409ca3ff8b31b7c430217a0445a8210b415db54963c669d73212e66798ae6

    SHA512

    a85ca85f26de35f1f61e198cfdbf78c4aaca93519cc494defa56d76c63b0139978da8b6cead65edea6e720754c1815404c45d33bc6f3fcbd958c0fed2e7684a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5d2b15740a52cefe14d7a670078aa7b

    SHA1

    39d3d023576d37bb2c5e84242ff1fc995a871441

    SHA256

    eb9879d7a74d688df9fe18090ab8e978c138a38eb3893de104b096a1dc4fbc77

    SHA512

    96a3a93ef04d536c77a0e2162722ec14089d9ef5e48ec8160f286ecb56596477bd35bd9c67ca3fcbd2fcadb79223c69d4847bb46e9321893a2078a85b3df6909

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c2sxdb0\imagestore.dat
    Filesize

    4KB

    MD5

    1885e90c7da8f65be9c015e225bf41f7

    SHA1

    5881d804cc156f56879f32658558ff8326528789

    SHA256

    e042e733def7c6115e4f4b020dc6b53d89544045667141575c0b0888447b611b

    SHA512

    28779f95847af82060363c2c27028142b6e5d6ed6ef0dee26f74a308a24f0b8c0533959d02c1813fa73b1953592f22a311022404a31b53386abb9d3e1a1e9e99

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\w-logo-blue-white-bg[1].png
    Filesize

    4KB

    MD5

    000bf649cc8f6bf27cfb04d1bcdcd3c7

    SHA1

    d73d2f6d74ec6cdcbae07955592962e77d8ae814

    SHA256

    6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

    SHA512

    73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFDB2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFDB4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit