Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

IDM/!)卸载.bat

windows7-x64

8

IDM/!)卸载.bat

windows10-2004-x64

8

IDM/!)绿化.bat

windows7-x64

8

IDM/!)绿化.bat

windows10-2004-x64

8

IDM/423Down.url

windows7-x64

6

IDM/423Down.url

windows10-2004-x64

3

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

debug.js

windows7-x64

3

debug.js

windows10-2004-x64

3

document.js

windows7-x64

3

document.js

windows10-2004-x64

3

welcome.html

windows7-x64

3

welcome.html

windows10-2004-x64

3

welcome.js

windows7-x64

3

welcome.js

windows10-2004-x64

3

IDM/IDMFType64.dll

windows7-x64

1

IDM/IDMFType64.dll

windows10-2004-x64

1

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDM/423Down.url

  • Size

    188B

  • MD5

    b2059163656eb8f22b01316ddb2815d1

  • SHA1

    be7680bef5af84b50980ea370e85c8fce924707e

  • SHA256

    ffe55c2d3687ceedc7307d5b7df085a10d946f04b5f46a1ff61c88fa53beed7f

  • SHA512

    480945fa03caeaadc81aec2f1872685aef44bafb73bb0a3be697c76696e181f80c2140084d7abdc2ace457e2de12aac63190310e8c3d47a6eced60aceda90a29

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\IDM\423Down.url
    1⤵
    • Checks whether UAC is enabled
    PID:1508
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    479edc6b9b0e70b3876a240ad91b0c15

    SHA1

    7e6b6686add5e2831e58918a69660aae51d7a8a0

    SHA256

    10e7f11b8c88ba91494efb71ce04149fc907b7d920335dcdce30c933cda519a6

    SHA512

    b605c06c23cdbc6348c5f4d2247e86d5936c80231ab2e97bee4533df8daf2a43ebfaa4d3aaf95bb10d902701d5329a114eec1540ddda10bb2a6d41dd8987fcae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fb91a27eac770e9da7cb7abd2a2220e

    SHA1

    b88fbc6caece73fb35ee8bbf5757fd9c31d608ed

    SHA256

    73d798a0b2deed0d40647c42784c891352aa13af5f5ee7a151ef4d9ebc5f0a9a

    SHA512

    65c6e051d56b6462f2f2eaf6e40705086b85776b035bf7bf423318e1d26bd17c88279d21c175568ac380d5e32057ce2b4b6f7b6653ccaf87b13e69ce3e06e141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f6e176ff4feb1f9521e93fc71068685

    SHA1

    5b214ac39cd09dd5fcea699a09b5dbd1336ec78e

    SHA256

    f06137c15e4cd2573325f4962ae1aee53bdacb65d2d169351ee74913680afe99

    SHA512

    f86255df53b3c09fe129186bc80e597b9a6c651075935bac035f42142703ad46dc1146d8c83559e1511fc21504adff42d0ad91048556d14f6cc4b70a88d1ce55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17b912053c91a9fc142c17748115ac14

    SHA1

    74981f70c075254be5c6cff851f644ea67653973

    SHA256

    d61dfccbf1bf650441b06145faa44c3076f0c5336578889912061c7ced4cd1c1

    SHA512

    28dac8277629714d6db808c03066cbe2d443b44b4d1be9b5d8eff1e53281c4a48df8fb490815d463455d3df4f639433113b4826315c40ebcfe33db1293e579d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fd18f313519f8fc28b7972e41183e9c

    SHA1

    f159a523e77cfed8623b2666f3aa5991527489ab

    SHA256

    414b3e5557b76b1cbe3636c9adc46aff276553836f3281c5b6eed0c3a2b5d703

    SHA512

    13fc9edbe53b7c6163d1ea612995c0c4367954bbfaedab9d525032a4195d7fe7c8ef1c72d3934b9bbbea3c8ec2888bdd571f50bd07a0a907fe345fb7c9f4fb4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fe7e282f6b3823b3fde66af696dbdce

    SHA1

    0dc9b6c0456ed7051a7dae7f95b7e98dba8cee43

    SHA256

    9c763c7eac1ab6b8a8e46f8b3f8460a716fe55e35e1770470f4c6fba6cb13315

    SHA512

    316fb63ea191032e23a7a971bd01f21095dbbff51ec97956071a9493f37f8972787bdfbb974ef3c5f9ca9f11fee151aff4546a70d4f83e51ea451f8db93799f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10203dd6c32e129bc948f03dcadf3162

    SHA1

    dbe8e31a3898e344313ed64be5815c7988493b1f

    SHA256

    d86412668872944ed56f30bd0f0fbbfa3af682af4a796fe51641b9e7277db8eb

    SHA512

    371f6546d517b1beb973373dbcadf1ec6b1483531607f803da6f5523b3f93c6865dfb4a7c38b602a50e942104b0609368aaf7c6e1fdb94e0360ee705c73967de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    202576b3febd56baf69526bb4c5d13a6

    SHA1

    bea58d1f96c717efe1e3445ce6212a2b58df5eb6

    SHA256

    03bc46959b76c80c8e145a7d2165a505e891bad34b545291a0970464c4247c93

    SHA512

    9130ede8b0e9d462068ad2d3e504483ee67cdd287dccedec7e13db8d0352f1e752aff70c51d534e8a03a539860f985f3b4ea3337b7d177366bd805a2a9f77ab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    8804658bdda721bb6f75aa93cf2c298f

    SHA1

    1bf7b0028420b7c7538d6ea1cee4e2da36fb5c02

    SHA256

    b7b2265919fb966ecac0f0f79a2fd7c3264cfcca9abb32701b4b37e5cb7d7fa4

    SHA512

    b1affcd9efc292a341db2d41b3268a6f1f0fe7a20b3d54250128b055b82433c46398e1a18483b7accfcd8886a1b82c8465481f49a16094df5d5b534e73c85a27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3861.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar47DE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1508-0-0x0000000001E10000-0x0000000001E20000-memory.dmp

    Filesize

    64KB

    Download