Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 00:09

General

  • Target

    PaiPai/Web/Sucai/local_01.html

  • Size

    1KB

  • MD5

    3ac243fdba0ed0d6b4980ff3608ab344

  • SHA1

    1cd73cccb498a9693d3af11a8c53a27660a747f8

  • SHA256

    376a7620bd4b6bbcdc7c4717c09023ad74ae825fbe4cc195d66ab62911f12498

  • SHA512

    05f75866f52b598b905e7d5ba901ced2f8434c70188297ef0f262d300003fb4e42a8d40fbc2647f6b81facdd9a90f70b7bae42b8e0a75bfe83ebefcde2698aa7

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PaiPai\Web\Sucai\local_01.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d631907fa819ac4468d2d127bdd3870

    SHA1

    cdb4538595cb449590d821228f4e54914e2ebeb9

    SHA256

    f7e3d10d6c0d7e7bd020ea26c99b07deeab92f5a41e38873d2d60bb99dee2680

    SHA512

    5c476ec7e3ddcb2a13f73cc4bf3339a757e35d51ee50585443a133d5797cddecf461999c295f429f2ea22d6e6f285816e971ebffdabda0be782951c50d4b3017

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    46273ccd168667500b51358ca8631f04

    SHA1

    b2103eb101f7d9e23c02aa17a493bd071adca31a

    SHA256

    c7787ed660f8abe1a8b743abfc65c3324f06da023bc585d28c15612b622fe6fd

    SHA512

    8579c4ed998047058b9e48fe4acdd90c93968bbb90ad1b57d715c0f42145e3408723a4b7bbbae3bb2d37d1a0a35ff976dceddc7b812610077140e6502635816b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    991d8b7291f76c472fe67f8adb0b4e27

    SHA1

    45d76dcb3cbbc5c2d0b3f0508e20356898a830be

    SHA256

    bf47830f5b2ba83bfa63675aa48aeef534054693c686f304d389ca68ae69ef7d

    SHA512

    f776c236d31869f9673c71142ed52e7fc8c09f1a1b7f582937c7df029eb56d44ce1d4f4501598117ea3fb17a7088b2920d54e87d62a5e50a88ea544d06c190fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f489a530d1e81cbf59cd698d385a76e

    SHA1

    51a44c7d4b8a3c012a8b22a165815f3349a0f38f

    SHA256

    6bcf3b25ac30b461f1995a8d287ee09765cd4336e8ec49af6c522a021f5f0e03

    SHA512

    6b15194c3b436eda5a1d21752a25fbf09203e793b54a17699e02aa54ef105476c33e0aa517487e4d0dff36ae9e9a6a0878582ac91f6be394944623c1f45ef25c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e7e1a4aa0ed4dae805c05004d484eaf

    SHA1

    02dd930ccfc6a7140e1867e2b944d7fc861eb2ef

    SHA256

    7cf854b7ff25345da45ff4e45564a78c477b0f0def5692d6bcba506989a30d5d

    SHA512

    483826354824c99e8cd6134cbffc24ef3cba414feab061a10fbb9765f7c22a403c10913aac940edd1cd22cc7fbc1649019ad6d99215d843c0fcac557b999c6c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    347bdcd7acb3fe06a448177b69e923db

    SHA1

    f1a09ae14fb7fbe23f8184acef3ff1c76ba4e482

    SHA256

    7cb8cc7d9b652861141d3332d38ccb87fe0f6b1f3d0a557901fa7d8e405b16a2

    SHA512

    747f8e5f5316a8bc609053ce6472ab2eeb3489f3f48d23e8d71d0537b67ade43c68acc537df67d26710cfe4e4c3920ed4c67b38576b08c39e412c27d4f5467da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b36a8d88d738d15f08cf5cc8e27fbb1d

    SHA1

    497c612270f8956784e3b3f3ae18bc63ac5fb491

    SHA256

    968ebcc13eea1d4f34992655bc842b135ba6e0b801723ff8ba4b34d4659ea58d

    SHA512

    c82c57529b30e89506bc4157027fef042f4a48409e161049d9873850e29e6f38d85136f91cc4acfc86e0d51a11a2742313ab15f5be8d74e8355921c3a89ac10b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dca68eb4158e0fa06f0195ae1f0b6ab6

    SHA1

    a9fbacbf3af1580fd8976aca876700bd36fb396a

    SHA256

    2902c10d1a1ebe65ba2eeada62c22bb18d71a04ec606c59583554d96893a7580

    SHA512

    55b4660b9aa1975720beb46450a0bfe970bb751c08807d598cc5a410e68c2bbdd730fa0e85a458d14812c492158ff425b0b92f89e066741256522c17497c95d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    69497bbf5d6ea2b20fbcf000014dd25f

    SHA1

    f6df043529b80f73181b1994d735f6c1e06dfa97

    SHA256

    063aaa47755075f76c723a8c05d967156d5ecf9c4d7916b328c42078781ed2eb

    SHA512

    f13f305f68cef1d4e205f9fe9fc61405fe5fc4e6b4c4340f1abbdc62264ac02e77c543fec0d2837ed601d050091af2a9f01df83fd0165d0cce1fc530b55fa2c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b239ec56577242be7285d1186304c80f

    SHA1

    ed9abda09ab559ff719237946c6907486f8ebede

    SHA256

    1602ad834df6c49715ef6c02293d968f9bd8b3e9c937af2c53276e52e67b5488

    SHA512

    2b75758489ba4e309e0540b1a2771e342b445bab7e029682968f075a3756d85874534cdff66b5759e176a4fca63fe5303693caadef7ed6b42bbabb67a7a930f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e382593ad2c01cd1196d64013e849bd

    SHA1

    9a3e597048b5b5838d804ae53b5f37edec006c40

    SHA256

    ec3b4c8ffe59b677fe6c32f5bb1e5eda7e8785b42d1f9c427c79212b56ff11e5

    SHA512

    7dd23b3302cfe25ad31809e06773e3b099784658b0d17dff3f0f6f883f5bc097d490efd6819ba6c8070099b09d27475b5f442b48ef3c247f5779480c8e322a3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5f415f448f91d63df1065ddecf77239

    SHA1

    5021b48e818a4797d028191d9b701382d5e7e25f

    SHA256

    b80f1833531c3a4c80d2d8eaad7be950cf841bb3a7e1abd3a6cc212b41007f94

    SHA512

    899a846433e22367ab8fa27fbde6094441e520179150f22b99e68046160710b53e6320e44beeedd10167392d3ebf6e51c6a9a0e59fe9081576974b8d9e87275f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4700be9a600686770f205f567e6bd50b

    SHA1

    a1e4d4d13ec85af6aa76c3add444c48b0b6b6ec4

    SHA256

    9e3ae9710a9aba9dcc8dea6aa6bf84efcfe96dc1bd2d415cf421ed601529d880

    SHA512

    067ea61d72c3991a0586a553f3b3cd0dfc16a2964321fc05e99410dce82ceed4133a9d2d2ba241dbd2587d4c858c229e13128fb57d430076f3d5ade9c94e489c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee486bbeb90e022dd6216d6a28fb65ef

    SHA1

    203b7c48aff4ba8ed0ab50a3ea132f87c6eca06c

    SHA256

    974af09150fadd7f37878336ea22fac9ea9e9f908c172473124f9a5487abf013

    SHA512

    d4cf59bb2330660faad9de95d4c43fcbaff5877b55ecd256ec73040ec4e9c0aec806c65a878155a0acfbfe28ee8f774d89b3ab16b74f3c9dd706538c2561bcdf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fe8edaf9dad8e8e04dceb982abe3587

    SHA1

    cced18e8b31919a25dd5fb55f80cef1ce7802ce1

    SHA256

    692bd6be12a1a4610a691b64d6bcbc6b49d827cb9b1d83ad19039b5c9e6f0e76

    SHA512

    9067b55246463974be872563fd92fea73d56fc29a08d15dc372e1ed5665bd8a6a56963bc4fe06efc6b164967dae8bfe146a36ca33b720ca9b5227fdbe781db69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    792edeebc6c496a6f043ebd2fa95362b

    SHA1

    396103d6a97711ca3b4cada865cdeeed54da22de

    SHA256

    2bc6ffca4d76328f0cd2fe8bb9a280b181879de6eade0aa9d850a32a7d211766

    SHA512

    abd7254128a497a31b13487c3b397cd736c3148d69b41105bf46c1db7c6c25f7b0e04c67200302ef683732bc0da1c5cbb9aa4dbcb91210bffe8e9e9c8f9ae641

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88720afa1584f6a7953e6f83bf939a28

    SHA1

    019831f294066e1077bcd565dac7bd6222dd835b

    SHA256

    4a6931354c92f0fdfe30bb53d21016169dff1e17b9865e881c64634adba1d771

    SHA512

    48805f295b04e75fa723aefddfb0ea42990a97213ab768e94e827fb565ad611d8ba24b0af6fc18ca18a1f5919b7c2f1aa3d7531586ab12f50b8fd4285c307edd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d7c43b9364e9e3759eafadf13546777

    SHA1

    ba13fe5ab72b87a6c97350336671257f6db501fe

    SHA256

    ad14f237b161216555c1805e8ded33bdc0807eb285fe5f14a925446e93949061

    SHA512

    3649fdc6ce928d146856af561c5028d920f35d79761fdd33e61b44b1126d497199ae32e5e3ff94c989897730a03a244e406a6d99a8bac874df923e6dad773c91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf092748a875830d5e47f87741b4ad70

    SHA1

    20c3a2153d72bca95829c18912ee743a3f22f882

    SHA256

    e71ba599b9a2407d39232379cc9c2bc9e11a057d5f2f94ec7b6fde7e3382a935

    SHA512

    e2c3052e436cd37f993e94d2de21bf779e5980956eff7c3949d4a0408dde12a7d56a3dbe845fca6693820d8a1b93e3a1f3f624ca4b98b03161559814c7a99764

  • C:\Users\Admin\AppData\Local\Temp\CabE0EF.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE150.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b