Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

lvxing360/...o.html

windows7-x64

3

lvxing360/...o.html

windows10-2004-x64

3

lvxing360/...est.js

windows7-x64

3

lvxing360/...est.js

windows10-2004-x64

3

lvxing360/...ata.js

windows7-x64

3

lvxing360/...ata.js

windows10-2004-x64

3

lvxing360/...min.js

windows7-x64

3

lvxing360/...min.js

windows10-2004-x64

3

lvxing360/...o.html

windows7-x64

3

lvxing360/...o.html

windows10-2004-x64

3

lvxing360/...e.html

windows7-x64

3

lvxing360/...e.html

windows10-2004-x64

3

lvxing360/...c.html

windows7-x64

3

lvxing360/...c.html

windows10-2004-x64

1

lvxing360/...o.html

windows7-x64

3

lvxing360/...o.html

windows10-2004-x64

3

lvxing360/...��.exe

windows7-x64

3

lvxing360/...��.exe

windows10-2004-x64

3

lvxing360/...��.url

windows7-x64

1

lvxing360/...��.url

windows10-2004-x64

1

lvxing360/...��.exe

windows7-x64

3

lvxing360/...��.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lvxing360/国内机票查询.exe

  • Size

    1.6MB

  • MD5

    ab4d973a85b9d67e193b695532faf043

  • SHA1

    25d5c37e2992c5f8b0ded21a16f6bd4d2e2f9ec9

  • SHA256

    84daf510d8556e6588c17769faf77f4d0f9f11925e763d06670f44b1e08934ca

  • SHA512

    bdb414a589cfb7eaf648090575dcf4fdbf46806a849478427dad96d2d0ddf559f2a625f90a51ad5a0a17f3a12c3fd721b8e68c976b5cd0ef92b72a5d0c1c2859

  • SSDEEP

    49152:P6GlsD7+DiKoHcudNHdQXyzMakc3NJSa7Oicgk3A/mdFe5so6MG8D5rCt50kajLF:PblsWDiKo88MyxH6LsNd1bj37oeSWz9V

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lvxing360\国内机票查询.exe
    "C:\Users\Admin\AppData\Local\Temp\lvxing360\国内机票查询.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lvxing360\data\ticketinfo.html
    Filesize

    3KB

    MD5

    ba79030344552a7af8e3e96805f26015

    SHA1

    dd9e6656887d693213b6e35e6c83c4f3711c846e

    SHA256

    4b2dd535df8be12bfbf468b26db42d27edcdded4922a9e0e6f38c06d58730eac

    SHA512

    d3f41231fae56d5f96e112156774d2757a66c4f2cc5fdf2af7b1da6330e90517b0094b12d0d3b1678f30b33972596d789dd73fd1ec7bef9ed6145dfe705b1eae

    Download Submit

  • memory/1512-24-0x00000000054B0000-0x00000000054D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1512-25-0x00000000054B0000-0x00000000054D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1512-43-0x00000000054B0000-0x00000000054D0000-memory.dmp

    Filesize

    128KB

    Download