Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

95d7253a90...18.exe

windows7-x64

3

95d7253a90...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

3

$TEMP/remote.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30683344ba29c6fa62fb90782763f7b7

    SHA1

    d14f8df5830989b34ebc8485b8ae7aef4ff9d410

    SHA256

    b399e48585de54e405bccad7753a8fedbd55f86830d75420d9a6a31d487aa26c

    SHA512

    553f5115af2b05b2e1cfaf57978bcfbe599a11d7a8648cc4b99d4c8028de09c18b3c33ec49b2e3b34ba30a3f07b5b7f8dda58479ce1e2c3d8387c0b521135c39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc4baaae61068e464d372aeef5a1b5a5

    SHA1

    7b8b2d1c22ba4b4c7569fb054942acce4303c53d

    SHA256

    5da952c547ce8a86e79b215d701c9e1cb17cb7e209fc6dfac91b6d6f6635a22e

    SHA512

    8076fd85350aad04cd5c520dc272d2ba2a706d7dc35f0793e4e67e3b1effbc560045525ddac9b27127fc3fa656c42a53a1699b89214f02a59463c9cdefb2fdcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f49286b77d9f50a0c8734812ae3307a

    SHA1

    582f18c45f0f04eaf0b287602485843923437013

    SHA256

    1b20bb618c11139cfd1d296a2e9b2fb5f93941126249999a748f2fa4387745d6

    SHA512

    3319ba1b2519358df1cb1b9f7d5b9cb3aef605740cd495412f48d72c24c621a0a877558fb1d53ea62a797d253acaff20089cbda013713934ac5ebf5ac2e9ced0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    876aff61598393cd539832dc7b2306f3

    SHA1

    6c006f454b8b7efd411e28c53a517f117297f29c

    SHA256

    ac5ba848b2c4d6ef8967d4767a09b5f2c9028ff01034005c7d515976a606ad83

    SHA512

    dfb87d6b3ccbbfc746102a85108acbced59c4250ecac2b98e97f6513f98587470b79fe690fc3f0796a5bb1515e9b8436aca1fea7cabeae6757f0f8b56f37b5e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    547c6a4826a14a2cd227ccde84f1ab5b

    SHA1

    fcce09f32247a6555a432da493405d59f08940d2

    SHA256

    d10d9d7e6053798c9eea9872963fdb6b0cbfb126a4a6bdd5fbcd9d60f15109f6

    SHA512

    8d7b45ffecdfa1171a6ead7f2b61b93250ed6550810dbd166988b0f015f02eed1bdcac7e506b5e7194cc1c462bffdc7faef0b903b88091cf10691ed9071a388b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba87512823148b39725d0554771880c6

    SHA1

    2d267695e38c09b6277969fa2c33fccd19862570

    SHA256

    7cc7846bc908a1a1fdfcd5f09d9dbb131c2bbba75c94421d2392ab03c46310c1

    SHA512

    e2de2c5b55e3c7cc81bcf368d73a6493088018980aec8f78bd993b3189015e82375d96db7e78446893280dfdce1a2e910d97b6f515cebfe09029f58b80bfef92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    341761ae09e16884fd3622122f884107

    SHA1

    812fbd851d2927aa96c1d710c79f9864c7048fe5

    SHA256

    eadde2419234ae3540d0ff55278c64843c8eac64a17b248b7243a008223d1332

    SHA512

    f86b74624d84a2cb1eae6fdf3dc35bb2fd5f0cd84086215384eaf99545000bd10c3afe8a03b0443702e197cb60ffda0f6860c957b71c187effd0d6523e0a3aa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8610a9558cfb1e9d5afe261ec7e6074b

    SHA1

    8f80cc16065437daaaea39f941d69b65b72bf27e

    SHA256

    9b3a3ff47c03b4ee2662322de09d75f306ca080b95000414eea031ec1efc0ccf

    SHA512

    1622bbebf6b2d805a378c5f86ac0ebb41e9e2b2e76284874459725cdf36aeb63a25c604f7992632c2bb1bc3e7f4057e5d0aeb9131a05e33a650085b8948f2347

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    298bf62fa9af714dc14e9ca7808b3718

    SHA1

    ebb01bd68a7c45dacc0666c1fb763a5195bf6283

    SHA256

    3b3da91613999b0d1fd81c398eb78245d7bd3c9f249195ab7d18a7b43962f28e

    SHA512

    7a9fee83c980cef2f99b56bc2943462d027422f38211a721f477f32c646a4cc2e5930eac6051ad9edba40e60e269cf991b529b45bd73068345f74e74b279965e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6006f394f0ba9fff6a14f19511ca07e

    SHA1

    0f1966dc48e6af44cde4a4cf8eae49c50cd77683

    SHA256

    13b8cda20beb94e9f25e7b0af3d9b27bf138113069b880c80aab4a6940b58719

    SHA512

    794adb0027ceb4492f61ba42e2142eecfbc0580ed52e4339d32ec69f0a06dae4406f38fda69f46efcd8ca79db32532e601fafb4f6d0bfddc2b1a421c7c05377c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5ee18532bb267737a6e8f34134ee625

    SHA1

    c413a77e6269600d9dec007063bbaac19c838c75

    SHA256

    60942068521748d778c8042359dfbcf019b06817b1d0b004c898958ec48a0a5b

    SHA512

    954c096647d10b12bcf24243cdc084a368d9202b86d9f8ea1cc9667fdd0aca4dd42d0fde46ec3ecd5b282423cbfbaaba42857c2e0142f67447a7eeeab87fa237

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab10A7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1107.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit