Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c35b3b6eac...18.exe

windows7-x64

7

c35b3b6eac...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

CI3.exe

windows7-x64

10

CI3.exe

windows10-2004-x64

10

GLWorker.exe

windows7-x64

10

GLWorker.exe

windows10-2004-x64

10

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

bass.dll

windows7-x64

3

bass.dll

windows10-2004-x64

3

readme.htm

windows7-x64

3

readme.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2024, 16:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    readme.htm

  • Size

    9KB

  • MD5

    5b96088417f22f5e29a2e4085001c336

  • SHA1

    3e65d8e17273abfdde2d03d01d112e0672db4cc0

  • SHA256

    8505c9dcfb645ebb69674413fd343ae032b17655b870aa0ec05527fb0725e21e

  • SHA512

    31cf772129525a9a31502715ffdc3b48144a294bb54e092a943de0d6218e31e873687e025572502c518fb733f90747a8967a2d0022f5af3ba166b1d34626c7df

  • SSDEEP

    96:SM7bUxV3bpKQj6ZVcZPBPMDhi7aJr0QDBcjrfB/7fZN+D9oP0Bq+XEZuZSbuJgr:Sz+ZViPBChi7aOZE9oFZZv

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\readme.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1936

Network

    No results found
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     10.2kB
     13
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    805 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    825 B
     7.8kB
     10
    12
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cfcecaa1a8830e274e43c3aec82353d

    SHA1

    6214675f6f1daaacabd551c6c86094ffa0236598

    SHA256

    5aa3485495d62998635aecea281cd9ea6cebe48b49733d243917105b8ab7a28e

    SHA512

    14eb01663b992a7636ef8ecbf8ad385da3dfd7a338870b69ad119b6919bd6850016938935aac0152ff6a60ccc6804cf97c63e1cb91d4f6a20073aa892d3c0602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43f37a436f4d3dec259a9c01a20eaf2f

    SHA1

    3dc44308e45079a0dd1770eb64f1dde4d9ac4171

    SHA256

    ad5dc06a869ad6ae5290566e1d8dd5a03a498a6f91e39bc0eed2bb80aa4115d2

    SHA512

    91a84b0de78eeafb522b77958d2424d9ebab00b57aba1683ab8790013d8b1c01b840f51d133872a5587f227552b3df727b990423c59736e847f0bb55ad0a286b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faa8adde7684b00497f53bfaa8066497

    SHA1

    799591a005bce4ace7407821f7e68537d1119048

    SHA256

    dd5ccada9f8b384b0c277836cc524c4d09b9a30cb951b68de706f6804f53e307

    SHA512

    630e9f09b559c48490a313a96f30c3b5a264a5fd91cbe1d8d6edfb14dc7c7e080c5a8bbc40f018fc1ed4653993d5f5da033698d7d9c2c5939cd12d532bb7d474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    beec7b7651d67e0317f75f8fd81c23d4

    SHA1

    406e99edf35d5500918478c09b5b835c740dad20

    SHA256

    f41f49d0fa58128293d08d9e3e85d200d6d687e58a7da2a183dc27a8c3e68d28

    SHA512

    e173d8e6eea1f81c804865ee94d058e5522528c2ff316c9b410aa70c4819743976c97fa82f4254706ac555d47a07171edfb26163ffef064af242298bb835ac1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3758e4493184326cb586eb959a915af1

    SHA1

    96934e16e63daaadf77e0bedb2c76dd98d6800bd

    SHA256

    f0367d93c1c37f27356aa849e8ce255f666a552f430b1813690f2690f6f7eaee

    SHA512

    bd1f0e86696a37a59b85daabf4f0a49530425ef7ad12c6c684aaaab1811c3c698ab18f1dcaa74d47385e0c85f7089d6ee67f7d362375623f347a388f1ad52238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22c38736604c5e211654af7a8fa85926

    SHA1

    a64696891fa94ae7ebc348d894c00591bda1af6f

    SHA256

    7e6a2943d611cdae982edf7d7f03ff0518d77c6147efdc2c17d2d5e9c1180ae5

    SHA512

    e7e634b0ad8680903aeb51a1efca1dea352a7c2943f8a5c039ddc7c5e17fe5462fe263babf3504a5f40cfa8f8c9a6be3af21541ae98a75f7845aa9e880c6a009

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec83ece8cf020e7676e81bcdba2a2790

    SHA1

    d82f0d80d78d7df1185cf7637ed7374a75357349

    SHA256

    e06c4c7a4fdf6d1104a722bde9d8f488836092e091cfef291157768ee157cfb7

    SHA512

    4b4c41a15a38ade4caf3d92d9570ea78cfde9ee63f7ba545f9b9305aaa2354ed39825f70d5d22807c1ac939a9729f0feb533e7c4fa717daa9e953a774fbaba11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f7221f8223e7acf53c6df7877859e9

    SHA1

    dfd6e999f8ee589f13862943c2677f9061fe0af9

    SHA256

    97043ec81d72b94af420f1654464a25cf1130d358729a698892b7e54c88e1082

    SHA512

    2655c3c4cdcb489d8225f30e10103734ac28c1401c421633e8b6f22a6d42591bc3447ea344e9253b88fbfc72aab00e3af22c8a84a9b79be1d4bd18628918c32d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dce69d2587103d1334b0ed1712dccb9

    SHA1

    60e756888c7f8dc9e6e6e7ad13edb6127f4be606

    SHA256

    31b4fad6f0bf481ab980457c02831ff472818b28cc6cdea54f948580e573e3a7

    SHA512

    19373b4a529fcc2d298e452edccbec1357794e23aa2aa7205845b8d78b3c33a761704d9ba4a54aaa9cb7b51dfb9f9aeccd8696785559ed62729ca2d1d097fcff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c23a3c84d8050ed704c4cb21bc7db40

    SHA1

    2f67cf28e49998fa885efbc2f7ee09f6b6215f92

    SHA256

    16587a294a2e0f4ef5818f2840f7a08671895ec89e6d1414f64e873204b43b0c

    SHA512

    49563fb484e7b6cdfea24189b3daf59b51a51ef8ca261ed82bf52b10593dafda31c14f2fe365ba8961c8bc6f3f4422e03e903d8482c1b6128d0fd5ae30a9d28e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b6173c1a5f42ad97b8864c46e26f992

    SHA1

    70a141d443982c2c92d58bc70dda01409680a4f5

    SHA256

    9c4d5f82c4f8d4f710681e642c1351d6a8c0e0b4c2d771120ea0ace6e5dd0b12

    SHA512

    5b59e719eedceff7a7685e1d9cee7913a304ea524880f807a48f3b5dad6c698867487af9159f4c8ee35550f3398236ff0f7003d27b37239dc0068dd41085235d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78ce3ca838a85d5971e2c4f12ab44283

    SHA1

    b7233d8c68cdc4748fb4868b03f8e69e9cb2ddef

    SHA256

    80238516b7d13f48a8ba097836c3e98d9731dae488a000e48f2d9a3fe8e9f5bf

    SHA512

    1eefb0215b0f606ec938bce375b3ec4a7453342578c051935f77d828500f4baf335bfeaf17a46f68adf420f4b88c519b8f109d29dfab8ebe56bf059574228477

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    588cc801c01421a447afc21a0cf22e84

    SHA1

    30c6eafa291f17619ea211bc5a3ca179e7b83524

    SHA256

    7201145a78314c97fb1cf882c87b3bd0d9e2359c5d5784f93ea7eb61c75d1358

    SHA512

    b2657d68ca2cd0c04d0e894947c7a1a8718e9d741a330b576fba4af6a3828fed9d741c0430ea3a6680742a01b50abc75746c271f5e03282474d7e2531dd2eb37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD184.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD243.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.