Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11/09/2024, 07:25
General
-
Target
程序太平洋dapha.net.exe
-
Size
24KB
-
MD5
a2b0dd7a490c19aca773579858a8d460
-
SHA1
e39a91ebfddfe0bfa34147eb976a53c013cd39e9
-
SHA256
9e39a64ddf585f6ace211eb5cdbf43318faee82429479390eb6cb900c53caf6e
-
SHA512
9f74a23472f215ee6305cbad95cd39cdc617f0ee4fdfd29e95774fd5934eca8030aa288670ba8a6bf2c5bcd28885d27138b8752f07fdaff62349165c5fcec7e7
-
SSDEEP
96:/lx8Q/KUtRmNuOtJyg4DAfNBmVwq4ehCGsHDhRaeZXSKJEHOtJyg4DAfJtRmN:/TX/bmBKDArQwq3h2CIEuKDAJm
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\程序太平洋dapha.net.exe"C:\Users\Admin\AppData\Local\Temp\程序太平洋dapha.net.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.dapha.net/vb2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.dapha.net/vb2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5f50af1b09b0f9965d7bed8217bfe9bd6
SHA1cbb5ba4fdf224de75b28979cc14b6939b44c1e5d
SHA2569232410bb7a25e1e62fc427d85d7b36212979529027ea94b54b64959605dc594
SHA51253ca1f83034edf821498589fea9c5b5be49f7105a17895d1b3864f7e9b2487fcc458249c209ddda4bd1a70f6d5c7af4ef8b9fb5c39c762b1938ab022ff58d4c3
-
Filesize
342B
MD585a8066204c0f1e737a8e3bee2c3b4b4
SHA1136acbcfcedf8a3994eabf8bd75209179201888a
SHA256f456cf2d146694c4305c13ec1d9c01b5814be0f6b244dbf6f5143eaa7b888c44
SHA5121a214dbcccb8139c3c0364d315afd99ec41926129141f2a026d51b56bbbc24c493836653bbd3314ca8398cd62f997607b27dfeafe171e7b431dbdd70f892a994
-
Filesize
342B
MD5142bddb964e9d874469d05417b98cd9d
SHA11074391056d01a9e7616c2a54f66dff168812855
SHA25683c9e3f2dc2dc90383f55c102a76498e728cafdb9c2a46872a4f8aff6583bc30
SHA512f485a7c62d2ab797b063731ee2ba67e90e625a5a7e4f34ab24ae29430ee487ee51deaa7d4e4ef488767ce38e5bb974add0e19f6df73d92368c554c9f373a6a91
-
Filesize
342B
MD592a4d3345394eee4fe5ef5fb7575ac86
SHA154fef427a945d9df08df3aa528ba2241048b97c9
SHA2567f5f3d3ad68b402c4c7c4ff6a724f8a261755901209c0aa1118992c1cf849dcf
SHA512a430b5ef9c93a875292e77b093453b6f27f8ea3b0d698f0a3dbd35f43499bd4ec52ff45ef9474bcc0b02d39a7b561c0e83a94f8a12ad6a565583c5b1cc2395e1
-
Filesize
342B
MD5dc55a3bab1e6596b15b9ed24de959954
SHA12f37f274c8931ebc998f4792dacc50e4f57b0979
SHA2560f63dbd8ae83fee34c25b736db491db088c42fdae7428028ac8394a1b85c6672
SHA51219f43aee83681c2c31e6f836c6c68ee55ff52abd5c6633d6bbb700af678427042de8886a1a64f499eb802fc598e618d47a24f008431266dcaeda11e965730f4d
-
Filesize
342B
MD553afb5664fdc1c5ec64bd106d12a9acb
SHA177ae9b32b6b4e362799220544180518b60c033e8
SHA2566ed8e2572b9d6b25f31dcf32e33e4624f398d79954db59a67fdbf16dca15e0b5
SHA512450832524d84f432e1ca34f306f2f8c26318b29f33cb600fbd3eb5322ba88e1658b19ec961dd78b9ba2bde03a05c06e37620c0ba401cf793fc8926b7bd6befe5
-
Filesize
342B
MD59dcc6939c26546f54dd2c2eb972e9465
SHA139829cfd6c29d960c57cd371a2f630e05447a37a
SHA2561b4738fce814057981d984ff12c256b8f928bebb00c734ce5a58c1a5b3607b3f
SHA512a5e706b79fb4511addc37687fced5ba5d651afd9cca92d8c6e65431791e1aeecb8eb1964e2131602a6c011d41aff1b10d62a4c949f1a2e1d3384fdd3d790cef6
-
Filesize
342B
MD55f8a9fe388495585d45171d330412006
SHA162e734b89777a6d12d2119320aa2d99e6aa5361e
SHA256718fe045ff5babfa1e96395cebf8cd704be75a8906d81fe45a1f890d8487f555
SHA512552ddf655f103df5139d28268825c16bb32ff27acefcc00062c5af5c1915205c2004d7d4577fad55df85a9c02042b46b719950957d3495e536ccf8e6513c232c
-
Filesize
342B
MD50d3a6e62aabfe5f438a08b4ed83295f9
SHA187d4da7ebd0aa0e4943e1607d21a4242459a3fad
SHA25653a3edfbffd353e7082d919d31a5f5a95420a64ef0773c8606429811f4e994a9
SHA512b9e3045fcd447725258ffa10ada615c09822581a26facb09f1ad8ca897993a5e74524d5612204574d92e66fbd5db2455f3be50ce6b9cbe51ae95406b49b339aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b