Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

NO$GBA.exe

windows7-x64

7

NO$GBA.exe

windows10-2004-x64

7

No$GBA.com.url

windows7-x64

6

No$GBA.com.url

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    No$GBA.com.url

  • Size

    47B

  • MD5

    ee679e8c865bdeb3b69c0f08887d6a77

  • SHA1

    c5c00e4182a9d4a6d8b631df9bcd76045499742f

  • SHA256

    43e604518a55415eaed6bb103bb2a6384d1655bb8b0c527c1e4d22eda97421ed

  • SHA512

    613ceab71969e79545a25b0686a3700ed8d306686e779bfdc1616e6a1b7b466f51995f20b8d85ba6955cc32b8610582320a10a38030255c7e6af50ec84c2f52b

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\No$GBA.com.url
    1⤵
    • Checks whether UAC is enabled
    PID:2524
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
    Filesize

    170B

    MD5

    fbe5319df65a64bd03361f860d7aa63d

    SHA1

    4b87d40145d4d18a20e722e9de44af9186177f0f

    SHA256

    73e2f801ae6fbecbd949e076fd33c295d202dd971be81b9bdd7ad22a397b52b5

    SHA512

    c07ac25f3ae4edde52717efca163ab6e9528e41729e939e897d358d96fe78c8908d0a1c194819bcc423a03b544b22005c22a3fe3fdd55b6a6ea2837204e98774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    5055c0d7699f122263ec80c215622913

    SHA1

    b25aa83c9a12a8df2e3f33868b3488d1d5788592

    SHA256

    0047b76c10a6c3d22b31f57ea067c82c7991f30d4ca31fafedacdc42ea840015

    SHA512

    561b35f6356a6c130544f906128e41ca2c8ec4e7cbda5287d16e65d49041ce951ce279d179cdd66f41f0ecdec260d49f86a77e237a8c64a455594bea811a0eca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aa321b69901869f4430710cc6bb7107

    SHA1

    2535288559316db7654a03ab4ad7f18aec272611

    SHA256

    c6c805920650a1ce590188f8f9222fafee05bddf4712675e26a397544eb4fb85

    SHA512

    53eb3061923d2a6b5a46d641b81c2eea049ac678d602c4b60e4587b2fe2411891fa1a9722e6f1610875817c44d0fcff52ee16740bb0c39d9fa5134e37e06903b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    063b5f74f69bb21d58341f332f74e6ef

    SHA1

    d4904c66929236a604ec2b5673a6303d5ed1b500

    SHA256

    2182cb6a40cc98459772287dc616e88c45955cf2855e87c37db0a5cf54d86c3c

    SHA512

    18f7be84399ea50cfe9d173a44752518cbdf5c75fe9a607b6a6029a0f28b466f6b0b037f7430a5d1b3cec323d676445100e4afc985deaebab2ba2eab5db9bd48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2008fcda0b3029f797fb70027d498566

    SHA1

    3d8335bfc63999b997ec4ccab534ecd22c65563f

    SHA256

    6505c6f9c5a3e48336337990fcb3ce9fe628aed9e64e73cba6ed67add907602e

    SHA512

    2b7700192233cc47803439d84891035d01c8f83973d798557b71892f828062dd8d5b5569dc3ed6216ef2f0098df0f681aad8ff9dfea6d738ddd0d19bd0739c12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5538378f984839eb30e593cfd73db3d1

    SHA1

    74d8ee3a41365990df3a50ca4c35b0f1b55f9c83

    SHA256

    532609719b203af3c5af1306377df0aa94fd744e34d95ccd600dd6d910ee389e

    SHA512

    36ea6f1f80f55c133a0b86620a29e6fe5e6a2b368f5a8b56b646cec6a77e5d56a484bd94f87bce9a74818f91d2acdc3c24aac4fd3751327dde4044416296c781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e55bd04d6ac80186decb2ccbcc691f58

    SHA1

    d44b50c070fdb8e9d49024625d252e58db48aaa3

    SHA256

    5cab51a4db0c8ebd27a92ff36eb91454bbcacf8d53e95da9dd5e39191cd46470

    SHA512

    0d2c8edc8c0fd0a2ae9dc56d84a7796ad37db241e5975de64cdaaa524bf06cbf51b4a610ac8fb65cafc1ccdee961fb3296c8e492bb88ed2c4f94f081f910619c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f078e70ee47b985fceec3a06b61fc072

    SHA1

    2c16f0805e2fae974fa64b10bbb51ab8d7753b18

    SHA256

    3f353670cd623476b993589f3c417ae34bd7b4630a562f9b413e73371ed87073

    SHA512

    f92bc19774edbb6adca8bbaee8ac4f718769e69635b9133031cae2c6d734eb6e8ce61ab26b9a90d5300b88d825d2153c3f35658b7158cee74890e288326851b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be2c85b4ef7ab1e9465e1128c0307fed

    SHA1

    97a147d35a4a2e40cae6c5864194b82ccb6e442e

    SHA256

    bd55cea9c447902725937499ef8fd2ed747bf35b90967ab948e2c24920337426

    SHA512

    e42066b43f4b1b65c3ab9295d0190479eefebba1fa86f96c1bac9c6b017965daaafa7343111a435196cb3d327619ce044582dacfcc76d988d7926633ab1d4b08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bac9266a5364becf5f8b9e2618d43a6f

    SHA1

    7f2962df1a697400cc45d9d4620007419d5f82b7

    SHA256

    9cb2d8c492db4c09fc7de645ee5d69ff47c7f97e06ec0322f3c2c765af921c02

    SHA512

    a9cb8f7d486a223be633c1b298906a6aeb190f02188d1ae2b1999fddf797e3f890869310bc9ca149dc8d184cd087bea18836b751013b97be105122ebbdde892b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0a4fb495be02915dc6b0f0487f96cc0

    SHA1

    034520ef03eaebd23dd738e0b4cd3840c9cd82c3

    SHA256

    8a1ea7e0c30c566fbfc0acaaabd30d863d8a239cde99361dd3b8dbb88a894815

    SHA512

    5c45288dfc90df40e3c4ac6ea91e2d409d094c7525fdce4afabb8c2f2c17fb3b63c432c8ad55bec73407096c0a7b32af8104a1584ed7152e1a2a947a8a52ffe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f933349fd7a7679857c8a362207fc1c8

    SHA1

    b436e43c47028b6a07506571c9057f206b480a08

    SHA256

    4a6b484de0ef5f5622fafb9879ae74be22ed5c6873f8a6549e2b77c0044e45ad

    SHA512

    1d084872d60e9778fc735c578e5ac2a222098657ca3e83af6f42f6250d295c3e86800877fce3f43ee3f134723122d67f53a57d119ef24804c42691a9cefcf2f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be5d67c78102651e11ff4fec9b372a03

    SHA1

    d84e64bcad7037868abdc1abb4f0fe90b60183b6

    SHA256

    9055854bc8f9eef6f7e8ce8cdcd3b1289fcc3b1a61a3a2f1fcf86bf6115b2af1

    SHA512

    dca995d32ec87c30fa42ce2307343cdd3aa5c4c8ef647a2e2d40070db4107da3ca5a9c7f2c3c9b8e860eca95adbc3f2eb43b4a44494299ab700926446260cbbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98f88efb79a84c4d0efc8a1b9375a9b8

    SHA1

    2a42278bd5c154aa90ba4e977b3a848861d6c6e7

    SHA256

    75d10855665a45b698830efbd3bf533395ec1fbb0b7081221bf510314b2b21a5

    SHA512

    8f83d84b59fa2fbed19520b0663c2321a19130abe016e04713aeec3d0c969263f74b1f951861cd44a26d02f9fa729a9ac891178ed410eedb7af563f305f7286d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70a523f6298a56703e936403729c38fb

    SHA1

    1c9c1844e4cb89bc7bb60a21b7434b7a6672ed98

    SHA256

    04ab8aa14abf63c1defd79fb149379f2abb2c896ec6067d97111eee45be72ed1

    SHA512

    13bf3078acf1a2ab95f09dc8021f961006adfe0e10aa9a955a379138ff2f0eda0ccd9a4e2260504cb6c494265e083b70cb8ac0e94d41d5fe1270af24131541b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6785eab879a998b31cff66ccebdf859a

    SHA1

    94eb2b5d259fbccb07d8b2373ff35069f3c34060

    SHA256

    6e028aac72f0ad69af48029da4dc29eb3fc412ce90f8e6bd2eb06e99d61809d8

    SHA512

    c6c38e9e1190ddf3a93e2eeec1c154af346f6ec7ce0e0d38863f2b5b747021dcd88cef8986264809c798a0e6e6f7679bcbc66c345b9869598677b59e47ee02ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b0d6d0ef1a6d7b51730af99aff5030c

    SHA1

    f645a46eb680018557a2f1d628023b5aa466c8b3

    SHA256

    e338b4b3295ebf7326500769f9a66931c8ad1c10e3cacf091d6a491e79b81a65

    SHA512

    4e04cdbee5a7804e926f2289fb3c970935942e0217f55f1c71697361942e64b47bdfe0aba81fc20117e557c4731023ed062e49ed998279dc7c672acbd94081a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    074b7df94bfd7efc4ba80ea1f0c23164

    SHA1

    3bf7f56b865e09e9a16f3d8aad276693edf6128e

    SHA256

    2811efa776fe21feffadabaac5dbacccb2c25f87d0ff558c4a2f9982c7a66ca0

    SHA512

    618d9b07510019539b12cd12dea4f2576a100c5f7247ec855498061f8e132e8c2da565df659b3a15b7c6c05e163b874ceab9a6cba63c1a0200954e0baf205910

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48cbac82a5f386e3bb2e4206143a73ea

    SHA1

    0c7ab5c105dfffcc4808eca43dafdcf014f80e27

    SHA256

    e19dd83ab64683500dea4c94f7e3f9b0822b82c2aec9eb8100c6488aa7b2af24

    SHA512

    722ad3dd89a774d98b421f25975972f7f5fb28574c0528c2d185a13203dd625e3b1070e28b0fa9b58ad4ada43fa0b29af24b4e43499ef588d31e1ddfad41410e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    461882c9610cd046125f4a3d374c38c2

    SHA1

    caf7d12b93af3f35e0b456cea1fab400ad74ace6

    SHA256

    ad2b29e524deca2dbc802922c5890931c5b5caffc661ab305cbbca5c26042435

    SHA512

    76478432e9d57f6bdbfb098ce2c9a329131ac7ac5ef58da222558651348cacfe6d93c31c74facba64b2915ebc74a34e15f66412cdc5bd4a4f6a839c1b52d8e17

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
    Filesize

    5KB

    MD5

    d4fcf8a1b026e09d68625fc569f34367

    SHA1

    22a1cb79cc3c670f8bbb36c49f20e04aa5a9d497

    SHA256

    c75f1e5748de7c6b245b9158164997807a31735c64415cdc37e19d5a718f2ae3

    SHA512

    aaa82970664750a063a21769d65da2fecfecdde34b528faced533c31ae1929fad25c8e42209fe3d15df7faf83b5502d66f76bd5ad7189cff1664479ad08e33d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\favicon[1].ico
    Filesize

    9KB

    MD5

    dc61c5f4d2f89d8c8d78bf4a3335877b

    SHA1

    33d372ad34409c430743f55514cde6d9063d2f53

    SHA256

    81c365b3208565417b9188f333dc8e7353d9215eaf0be17ec129b3f5adfbd44a

    SHA512

    6a1c1d38cfb2141c1d1f0f4266a9aa288d65ef79b3578dcc8f3b451ebb0b96b45ba7c7d90d0a9ae3e9dc444774dfd614e9a947f1c28a8ba022a334069e6cb467

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9975.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9974.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2524-0-0x0000000001FE0000-0x0000000001FF0000-memory.dmp

    Filesize

    64KB

    Download