Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

GooglePass...e.html

windows7-x64

3

GooglePass...e.html

windows10-2004-x64

3

GooglePass...se.rtf

windows7-x64

4

GooglePass...se.rtf

windows10-2004-x64

1

GooglePass...or.exe

windows7-x64

7

GooglePass...or.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

GooglePass...or.exe

windows7-x64

3

GooglePass...or.exe

windows10-2004-x64

3

Readme.html

windows7-x64

3

Readme.html

windows10-2004-x64

3

SecurityXp...se.rtf

windows7-x64

4

SecurityXp...se.rtf

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Readme.html

  • Size

    502B

  • MD5

    fdb9d1d72b18241777626a9684200a17

  • SHA1

    cb2c46befa50a9c5ee61662b5a5813ff16658689

  • SHA256

    7dea6758ac440d2976253c48ec50237e630ba6ac063629cc82ca4e0dd8980dd2

  • SHA512

    5eccfe46b48ae6472c9609a928fa3e59db3799f892f804c0051fca7153090b4c594bada51f15a9da2569e4d6533afea8a4fccf83eef9396e902955c3e429ad61

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Readme.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    4d695ef5c428593f178d74cd5853fdaa

    SHA1

    e5ef53b8f35e155091414fb34e4451ec1e10b58b

    SHA256

    fc3b19a10e32bad31ff5ddccbd467885b92b56240c762787b451a84e8639a9cd

    SHA512

    0427c085fa1cf16e109a0fee6c2d3434c67c72f749c26c470423f65080496f931ee723c4a8a0c7f77f92e6714dc7f52f2cd784371763cfdcc7bfe52f90adc28b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aba9cc49a0cb902a71d6531386449619

    SHA1

    c8f84346f155c06fc8bbc6862ffe0cbcf08ca7dd

    SHA256

    faf4225c25acfb448dc68063c2fb0393589b946634a494c3c391ca3e3b1c9cb6

    SHA512

    955b1396886fef88ca1055bca27f672ff5c0e97d3c9f338bc39d678ab0fdb6dfdc03255d4ae4a62abd78f636eb0abd54b02765fa8ad26f206f4381c7727e3178

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08d373844f0dca9425fbeb50ad1f3630

    SHA1

    310cc64b85055b5d1104b50c1d382c3660bd5af3

    SHA256

    0237d0e4e76258dfe81876839d4955a2a09b4ae3243b02118a57126851c62b75

    SHA512

    30b5112ff1e7fd7ac55c6d426c1536af9984ea894ca9609e72fee439d72901032fa4837b7eff098a5f4737e1432c3a5f888373af54523cb75610b2a8e0c2e272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f648bf127a1f143fddd8aa36447a347

    SHA1

    385417605f91496ead46dc01b96295800458eb29

    SHA256

    9b558e2a20cacd3019cd771e074a8000392799fd39c53968dc61054c673edb16

    SHA512

    6ed18a59615085755a233281b5ff6714c3ff06d8a9c75d254830f98d319e24d9be934e4d96480c3ccde3a4d4a5f75ce04446d5db6ace44c12cf9831db2f1d6c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9316a1de7b1a6279c462d8675996088e

    SHA1

    f75aa5686c3eb0730adc6c4919bb9611db229d12

    SHA256

    280d91473e74b8bf73848801c8b3fefc98c4fdb51704d47a65602a88a75c3a23

    SHA512

    544c72cf8749fcb0b24ca6e4f83259318ae9476f8e22804dfee79dcb6818757b2ee8373765bde8204814b6e44d70cb14c30fad679b96933d612815635e29f386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a85f1b672bf2264188502ee270636911

    SHA1

    71ef96cc520e485c4b4352e763b43df59ff4ca11

    SHA256

    aa39d8b159fa240e333358015d4816b570a6fef7cb46447a46d7502a19ede853

    SHA512

    f96733a3d3c9ab1fd01868c59869e7fadcea531d875835cdfd8b09dad2141fce690d8fd72f62bd26d34dbb7d02fa366f8180c190776b8f9c9c54cf6eed152a66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66dbba686f53cd4609d383e59d653e1d

    SHA1

    c844bd42d4b29dcfe2adcbf30eed4cd2b456793d

    SHA256

    95628c48718c189a51d24026343ae894948c1fcd267e2d9e409b7b86f2b431a9

    SHA512

    9ec6107646f782029347759a52777810d50faf6b58da95ecbd1c39e8d0a3903aecd5cebd07747c24d73da5eb200a17b324abd75a89dc6d357d6ff5f75ff4ed4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f7203ffe3da5c0da4ab7e135303657d

    SHA1

    0850be528e40512f88b309067b37006d0918ffdd

    SHA256

    c6692b14d943fcdc6a8a28c6c40cb07218e7b4a3411b7a72e51db8172e28bf27

    SHA512

    7b5cc7fbcd1aaa3e88d210faa5bfdc8abde250b7d083dc2287d7e42a1f658232c6cc9e163a72ec7f3ada618ae6f52b2371b9d54e22a4ef1d8f9a02eb3c98a022

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbea35192925c987cbf20c12658ee804

    SHA1

    a4b850e23ef2511618c63421ce6ec88ea0e30c68

    SHA256

    596004b4a36dff07914c3baa06c5f1973e3ef0f4b34ca3c99c1d0c229d8c15ab

    SHA512

    3ed7c01b10aa4ab3b491126bfa19990feacb28e492b247919a72df65cfda7bfe10aa02c51837dcd23ad790c5387e860b000b93fe56005ea6d04ae43947b37654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56bd27dd023bdf09091f0c2bbf11306f

    SHA1

    280463ab6a6bf745be53d1280714405091dcce7f

    SHA256

    4940f3adba1d5b478ddef7e475782af11fb07d89a46b35480909fb5666443262

    SHA512

    7f5b40bf5ba6b3c733d221dc076aa29997d753534625041067508db1c2e9dbc9fd8483efc39e24f41c616bca3ab5ed5c59920a11f2b29b6bc32b2aa7c77ddf06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7da3c5104f0307f075ddf82202a6c458

    SHA1

    e066cb29b730a8a4808e7f8b79d4483829a3d078

    SHA256

    74ab98e25b0f2df9144e4fdebd0aa19658460e1e6d858e458469fd1db2b90854

    SHA512

    883378248dfebc4db51eb30c4a5c88745049868d109598acadace09be9b2508a9a615219fb1e0205d424632947e0e4553c0087dcde8ba784c805ba08c98cb8a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4cc332b5239ec5eed40143a29ffd11a

    SHA1

    9c95228d430faaf71dd82a7e3200ce034d3594b1

    SHA256

    ab6a6f6dd85fd0712e1550d666123ccf3cd6f5e57f3a827131ecb597176d767a

    SHA512

    66c594a23780868f8c23b61198a22818cd7b58b9c0159c431b7ca3d0b4ce46dc81db3294d54e5032eaa488ccd35e8791b359b9c43820532f34f3d97dee2f3a77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8851b276dc075224499963250b30d006

    SHA1

    6da559aee25ba4c1c8b9f102cc7e42638f521439

    SHA256

    8dcfbf80bdee3bb274ee72d4ad5ce27967e6f65e7db598b5bf73bf91f3332c2a

    SHA512

    23bd4dc67b62c3ed048835b897ef4a3680fbeee83a0d57404987dc70110ef253e25ec24209f3e07adaca946b213e159a8ea594498f658e7d9feb27b1e4dbedeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b0f44c6d6aef09e5b4f975e8eba21f6

    SHA1

    900e8fd2c2a2db16f1ab01eb8459626a26e7f6b8

    SHA256

    ba342891bc6e84b6f40c7ac9dd9475eea0972c00229c5801bed340b1f59cd568

    SHA512

    b4254a4928b03618009a96d9e2d7056f61de38d264500bcbb0d2480b921d5e4be994183b40e2ed35a0e2c3111a7d2f55994e71cd6a1a2988811258f743a97ee6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    5aef623630ee5b21513adc0f1485df77

    SHA1

    a628603df4baaa700c2522742400af88cbfd1c2c

    SHA256

    d8229a1826208db4a86f0df8869d21c4db25683d1950facedc36939416781e76

    SHA512

    48b6bab4b7b8553b1e280d00d45fea43904c505c72c2d21c87c82d011107db8778f9acaddeaf4e4a3ee7efb532dfb4d81a2474c7d0b7d6c0f407aa70aa48b845

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    949908efa604bf28f63e3abec38cb894

    SHA1

    0d8f87d9b9951f7a80f06d9acc1d2ab7bdd419c9

    SHA256

    693938bf525abe815aa33b3bc5b3c805491ca07a4f8285c8449c58050c664b74

    SHA512

    48590d62af3b40ecf7ebe2dd61fefe82659eff8566b85f54e9e70febda78170fd26fef469b9e010394a15a69e78eea6cdd1102797aaa6dafb9a687c23e57ced9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0DT5RC8W\securityxploded[1].xml
    Filesize

    108B

    MD5

    feba2179c57fd08042e3c12ed3465d7d

    SHA1

    cf590c5b00d736ae746cc4fc046e5e46a80c3646

    SHA256

    4738f5d22c4107506fa1b5cc284d96bf68ea14a8a6fdc9d1b431c5bbec828f89

    SHA512

    b0f257ef84acdfcfd7c0f75bb2c3d0ab6acccb2f6ed52eb9bc864dc7e628fe7e7abdf61a56f997db86d7192c893f63fcab463f99221ccd5fdd6104a93985049c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
    Filesize

    5KB

    MD5

    cf62f70c2da762738d746b0bc87f8890

    SHA1

    0c1fd10dc5ba73e2df14b555172f835289e8a0f7

    SHA256

    beca650c8b206cf1084cd6aa5351cef242fcb586d3c96d28b2b99a6a8402d3e6

    SHA512

    a5b57a2372a2c4068ffbf3b1021172cb67403db201a9965c3bba667fb55c40b8235e30b328c311efd80474bc8ceb4e22f932fd857d4bac774ea5730c291706ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\favicon[1].ico
    Filesize

    5KB

    MD5

    198e82940aa0aea3b8280ee7b8815af8

    SHA1

    a70218218f3e55d53853ab052148c349aafbad13

    SHA256

    2340e11b6f04989d1bf9056af69c8de98b5e087b4352599124f794b83b8223af

    SHA512

    2aee0ffd9e7858c4d05643cec68551e2f55b203e614f68a93c75e1cfada4404eb1fb5de830aa7bf6eb3a79666ee8d1553eb177e66ea97d34dc54c3c1d370c020

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1A76.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1A75.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit