Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

wl_gx-juyu...cn.url

windows7-x64

6

wl_gx-juyu...cn.url

windows10-2004-x64

3

wl_gx-juyu...cn.url

windows7-x64

1

wl_gx-juyu...cn.url

windows10-2004-x64

1

wl_gx-juyu...��.exe

windows7-x64

8

wl_gx-juyu...��.exe

windows10-2004-x64

8

wl_gx-juyu...��.htm

windows7-x64

3

wl_gx-juyu...��.htm

windows10-2004-x64

3

wl_gx-juyu...��.htm

windows7-x64

3

wl_gx-juyu...��.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wl_gx-juyuwanghewuqi2011/请先读我.htm

  • Size

    2KB

  • MD5

    b554a60395f7711be59224c39467ab35

  • SHA1

    1c71e44b46cb347a9328e44e2e30fcc7ea5323a4

  • SHA256

    08c75878724ddcc1954412b251572446d5427ac48f91c3fc88c2284287c19001

  • SHA512

    021a4439e536f9e698529534689f7264e735c3719edd955f1b7b378a632052d650c654dca4e132ca8dc6f16966af77c149b2aa165a854ea43fc44b32f7178de2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\wl_gx-juyuwanghewuqi2011\请先读我.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ba839b8f7e29a3908f0cb8f8ac292d6

    SHA1

    c482a4ea0865b0adcf39a0ec12238cb6be7ffdee

    SHA256

    9b4acecf0b2573270e83092c227b3025acfe378c4eaa76fa1a966108eb0d22a8

    SHA512

    d8693460ffd94b1a71c8177d7b57b0e9f26345c5fb2f5a35ed4ce057da0e10403c7e7d5315eea1f0da4a7f28a041ac3ae1ced7fb7b3ed1ce01ad4ee8b7f5fe47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43a9255e46b023ed3fb7f66140a93f39

    SHA1

    e8d6ff98af2abfcf986ff9cb0ac6971c9be6e535

    SHA256

    f2594f8b970cd45d809342e9b26deec9643d2dbefb615c5ed45f51ed50431d1c

    SHA512

    3ac917f2e9518bac70d8633c504a1cd4a5eb638cf6a3d2c1bf5a99f8ba0260163ac5961b07e3ebd33d4b974662d1b4fb76f445166fab7ad4e2ee1ba5c79c4e79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac67a5f7fbf95b4921c72316ac90c8d0

    SHA1

    b5d6d1e6331c2644d32382f5988f98b1bbc3e087

    SHA256

    c55787e4c745c4e3f483404dc5c7a52971adfb1a1e129a6fe89333085095ad8b

    SHA512

    af54ef17c41e0de3e820306769aaf16fd3d8f987b2033e1cd92548f0c4fbd64d0dec560952cb3f1c0e09fd2bc4da06f371e9f8e72aeeda442d706d19f8cfe5b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54136c8c910f1e0ad68fb93466e1a7bf

    SHA1

    2710242632008442f4fe8a404746b760813ad3b2

    SHA256

    2bcb398088e9f3ab1fb3445edac2433fdb9352e6bd0a8e4c7918d568f9e2797b

    SHA512

    6f60146367d0d1b575c3192fc48d9bae64d03f76d188afb611ffc2531e0fbc710e55d762bf136da69bfb3ead604f11738352a7eb776fc2d089b3878fb64eb820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11a91a06ecb893d251eb9bce86d39d44

    SHA1

    3ec67ed7826f090f108f5a33b16a61765053a8e8

    SHA256

    6da9fab9cc5652d4a856ffbccaa6d925b0c0f8205bf45babbab2708893329f2f

    SHA512

    d5d67bbc88152c7c0cdcf0beb3fe1c286c32da7fceeda25b9aa0fe79de7d00093560ed768a810fe083a909a7847fb5c45aa3517e42c939df1d3a9cd4a2ef5957

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40f1b55567e56adfeb8ccdbeed01f692

    SHA1

    d7e749eeee768e22d32022aeb9d9aeed999f90ae

    SHA256

    e594a619dddc31e05b03ba56c23b5d7b899f0d3a9daa0beb0e88cde08979a423

    SHA512

    b5aa07ab80df054e2d1d3586103300892afe397a4282a17840e83623f469f024ae28075a58ee8e3fb291b2d6de00bea4292eda3bb9a04dc09c3ea5535f3cd29d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd9f3d841d788a0e50cfa506541dee0d

    SHA1

    b46da21dba42814c49edc61130a7b42f0f561044

    SHA256

    787a9bf5540100cf166fa2c36efac1c92db1aa7efd9c61fd8dd5a2052852a5ee

    SHA512

    35f865cc090d7d30f33a52d3654bdb54a993fd508e192f975877b896e52098a9da0cfed8309c315526d1417f0c191d95acd606715b52f6143c906d0bb77adf6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    694340442543cfd67b036f4f6ccfd63c

    SHA1

    256ef30eba754ea11ad73484952954edb4c438ca

    SHA256

    b2488074d4f5b49eeb5e9711d6ac41940f4cf71a0ebe8e7d920c08bc70a01b74

    SHA512

    fd54b106d74c5a644b0f704575e02ff3045d1325319d554882b1c728bd470493e69fa576bd1b6da8fe4a77a7c7b7cbf9dee5f05693445bf6154670443d335b4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5f45a6cf0ade2cbcab8a4717d10ef61

    SHA1

    c3b3fd9af7b6df25bc7eee897e2817b9045c59de

    SHA256

    4efb969dc6fd2155fe2b90fea2162007f77f1f66f85a88d3cc2a33daf6454d24

    SHA512

    8949cfa66e961194265a4458da73d1444ead8db98b77e245c6f479acea4d4bacf505704eb3c9910ec1a5400c49768bb23c37a0339da7f0733154d73c33fb3c61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5c048a5c7e972cf47b5a16252f9272c

    SHA1

    76dedc59193d20c6258c2b2e5a77275e13539726

    SHA256

    7a8c3ceed05b8f9ebc41f6ab5140a6c72d53792836e91977fec03b3261e0c192

    SHA512

    88fbaf97af762d44133ec98c194d24c28f047fd9ce59ef6bb67c1320ac319b20c1f52bbaf84fc365b92a7142176cc78cf3bb4814cb609d31f5c1e1d2be1c0d24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cff4fcf876f616fc58f2c1e622c94d38

    SHA1

    562f54678490b2f35b032fed80d2b8efe8183d61

    SHA256

    ec55ef1d1c845c39c78873f351761cab7190bf5be678dd31e5fd3e0bd70f34c8

    SHA512

    3f7a6fe484a238d92b232d7d8a4014cbba4bede27b5beab99d8f5953af60cf0839f1aba4449d57cf4cce6680efcbc17bd7c690d5952c7b1a2db68411b2980103

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4cea89034064a7fce07f8d3ca9238d3

    SHA1

    a63774701efdfed61fedbcfdf2aab1d01ee30efa

    SHA256

    fbb6d965f96085e0d7b6ab1380965390019f871a1c825f22cc63b5f7366bd9d4

    SHA512

    156ef3734a1ea8712368c6d3e8a622bb50b6e5aecace6889339d4075b3eb1bdebd25cfb253cbe880248d8faaf9aa336ca0b9b181106127de48dc36daa8182677

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74ad3c112d560faad6d8f510f9f83213

    SHA1

    115318e4dc803e308c8679a42015fe887baae0d2

    SHA256

    6bb682ccfd8ee90ccff1f586d9dc3b0620639383ef52c77df0885c65365d3fdf

    SHA512

    92d0b1a30bdb0c5cda4d725d6ee4add2705ca599d7d0da7f46c10ea2ff904bdabfbef3c62b1ae6467216e4c2bba3c4658dca15e37593b94e68949593a95a4d8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4cc9ab00629e3842be41d11c0baf864

    SHA1

    cef8e0c4979f4675adc702da04b2e55239ad61de

    SHA256

    86283a19f4ce92dd03d34ed127457c5053aaf2d14fefbc76eea865c97276efd6

    SHA512

    dc439a2d341f77aaf1bfc5b06265875da1d96525dec05a79143921efc8a0f57405b0dcd6a9dc9c35da341689cd36f64d209d3ddf0319a5423e1b0f6db61fffc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b21e0558e37a28c20357b8b69fb0cde8

    SHA1

    8984446a0c938b1c53d1c07386cc31cdd167b457

    SHA256

    6132208f839a11695f22948405083004937edec62b02021164a3c8afc5d1d4f9

    SHA512

    f2f816864e2d3903135b972895b03956a684ee1ac55dc3a9401c2b3b8f0f33cc2e0e2adb48bd03bceaf1c97120f75b05f7ebf74afa9f074fd96c5db36043ff40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    303d0e14db0343186451ec37569e1ee1

    SHA1

    486366663606bb393d199a4c3b976bbbf086ae09

    SHA256

    791f1903ab167adebb7bd22e71a83bfba3641d5e05cb40a12829dac09a764bf0

    SHA512

    13198e902a02063d3c7ffc7bb5dab21b7b74a097a36ea4472bd7d75ca091350b7147de3066754a16ed6192dd5f7ef63c6dd1177f12d5c41e3d8d1f04c99a0058

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5378ee706438c56ca803c60cb1ba1fc8

    SHA1

    4183577e761343dfcb3177b2e4c3317d0eed78d8

    SHA256

    8d3ebedaabd863289ec4e1bef5925d05ed5ca26fd4f33685b715c5ce92638860

    SHA512

    c0ea0570286c8a65c1f7ff69cc531564308cc38355f727946866d3acb7f960b0991f931927d5d834c0e2dddf3befd636353aa9b3b4db528b8f88a4cdea788ebc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f37fc5ef5bda1aca60c5b81884e5dc6

    SHA1

    f3f5f0aa7087a9aa6f888c317afb1fa517821092

    SHA256

    3872c0d39929ff151c6dae9074fe2d9d1e220399fb157ff4b8e9604d3a14d22e

    SHA512

    bec539aa4fb86b3c07c326c08aab819e385994fc28ea1b71c536abda69258cf9d223265076a8078c6f549e7514cfad14b03174d3205a3b1f63876f5654707dba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f143b545edb7c803c20a4abe11e0444

    SHA1

    ff65a3936084957518e564b298b30ba648b64608

    SHA256

    76ff7f95dfbc6061ec127c2c136c60624306b95be6dab056ff8fc1f06556ffdf

    SHA512

    65af696b9608c54ab09b3b6f69c15c869ddf77d75f9fdec7c49f885ac50931484f00b1df821c23d258e69d351946835af5e356059bfe37df111cbd9874437082

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF651.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF702.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit