Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...6a.exe

windows7-x64

3

JaffaCakes...6a.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CCleaner.exe

windows7-x64

7

CCleaner.exe

windows10-2004-x64

3

Interop.SK...ib.dll

windows7-x64

1

Interop.SK...ib.dll

windows10-2004-x64

1

Microsoft.mshtml.dll

windows7-x64

1

Microsoft.mshtml.dll

windows10-2004-x64

1

NAudio.dll

windows7-x64

3

NAudio.dll

windows10-2004-x64

3

Skype4COM.dll

windows7-x64

3

Skype4COM.dll

windows10-2004-x64

3

cafw.exe

windows7-x64

7

cafw.exe

windows10-2004-x64

3

cladgenius.chm

windows7-x64

1

cladgenius.chm

windows10-2004-x64

1

decaptcher.dll

windows7-x64

3

decaptcher.dll

windows10-2004-x64

3

fbclient.dll

windows7-x64

3

fbclient.dll

windows10-2004-x64

3

holfix.exe

windows7-x64

8

holfix.exe

windows10-2004-x64

9

ibprovider.dll

windows7-x64

3

ibprovider.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/03/2025, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCleaner.exe

  • Size

    1.6MB

  • MD5

    fdfb209c5a04b7784bb0bb4af7f0b31c

  • SHA1

    fe5a7301bcf0593e59265a24e514b756577c30bd

  • SHA256

    c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7

  • SHA512

    76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f

  • SSDEEP

    24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks for any installed AV software in registry 1 TTPs 2 IoCs
  • Drops desktop.ini file(s) 6 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\CCleaner.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
    Filesize

    24B

    MD5

    b623140136560adaf3786e262c01676f

    SHA1

    7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d

    SHA256

    ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140

    SHA512

    68528a7eb0efd59bed8e77edbee80ec654ec3b8f58a82b1c8ce594dcd3aba07af28268aa83f161837f63ff4278068238aa294e0b5649a688db5a483314df6700

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
    Filesize

    24B

    MD5

    40208d46ccb89b1749c419e751697a83

    SHA1

    31a7984cd78857ea28c0b4d535490ec0b03c5b1a

    SHA256

    8b02755694ee6cebcb756398c714467e70bef2f3ec300b1f5db0bdf3bf179ded

    SHA512

    d7643090980ec02668f3bb5ae9f341178220d5e655078c55f7dc19598c6e4d75dc4eb5bc7d16ffa24aa191a31b5ac148843d22a454bdad6756cab7da677e624f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
    Filesize

    24B

    MD5

    ae08a2f7fbf44ad3cb6cbc529df8b1dd

    SHA1

    bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6

    SHA256

    8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f

    SHA512

    4ba54d565403b82b8c293acc2da5a4c6bbbe5278ea9449720b18901f58a68c3e91c494d763a3de4f3c295bad5685156552c2979453a8765e0b994c28f378f089

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
    Filesize

    24B

    MD5

    3e9c4eaba2c54dfe525197d54dc10532

    SHA1

    4b71d8970e657835ebceee5ec79faea2c1422fbe

    SHA256

    05da3daa836dc6ed72144dff35f8d90396b4d524dc35ef8d8cd01d86855be858

    SHA512

    d6c71d6d749ee3599216208ae7bb0dbb45153cec956c447756c826b06dee139df0903e18400cc73d143164a6e766e29ac7e6f6aed9b2f865b5bcf55caf2f5177

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
    Filesize

    3KB

    MD5

    d19d2dbcf116a4cb9f5fedbcad9c9f33

    SHA1

    2984d9a292290213a7598863bf9619d0915a7079

    SHA256

    723ffbee70bccf84084457b6c1374f9b484a6a7282f8b12fcb2805751ab0fe59

    SHA512

    d70f594d1a94a80c11d166f705e302793b767644e7db9b4b7eb4351c41a863b62d3579caac6a1287bfedcb9cf8287d3d0fa1c5958985c32d1cf0dd533dc26388

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
    Filesize

    24B

    MD5

    2034995f0bbaa16db835b462eb78152a

    SHA1

    ce19b1a236f95307067d4979f8dd96c70d69c18a

    SHA256

    62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799

    SHA512

    3427f74d944eaaf5a3e1dd22dc566c718be58e4ceb53ba414c72bca974136cac2f1cd8d0a2a0377ce3918c3f83b2480fffbd9088be135fe0fe48c5a499fa6759

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    1fa6c177835a48dd88483039d35cde32

    SHA1

    c39aaa5780e2b91560d3e600e37f83c7d9378930

    SHA256

    41e0fca86f268475f248d13b97f1f10b4304e1f1e1e6bf1f78735c83fc261203

    SHA512

    382c3b22be8a16ed7511c8813908f8793e19f52009122fa6f95aaac44880481653a446c5c96db6f88831246b0da0d330f25b5330a613d7b8a3740529ddd501ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
    Filesize

    16KB

    MD5

    02ebdc243a6872fe107148e931f15878

    SHA1

    7b1a96eb42adfa090547c54399889b1648b69a21

    SHA256

    04d0e18dabf1e2cc573ff871d85e4ce7415b8f63b85964bc9c9e33bd2d03772f

    SHA512

    03f6223f4cf97bc1f7fcfbfaf6dfdd2908a112ff598c1f6d4a2c8b43992ac5782f5466b9c7df0e9149b3b7fb82ef3ca995a0cba2ba9a48478fd613be6969b98c

    Download Submit

  • memory/2488-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download