Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

https://github.com/D...

windows7-x64

Resubmissions

18/03/2025, 19:38

250318-ycrjca1kz6 6

18/03/2025, 19:35

250318-ya273a1kx9 9

18/03/2025, 19:32

250318-x86gpsw1hs 6

18/03/2025, 19:31

250318-x8flaaw1gs 3

18/03/2025, 19:29

250318-x7f6es1kt5 10

18/03/2025, 19:25

250318-x5evks1j19 10

18/03/2025, 19:16

250318-xyyn4swzdx 8

18/03/2025, 19:13

250318-xw6a6swzb1 10

18/03/2025, 19:04

250318-xreyeswyfv 8

18/03/2025, 19:00

250318-xntmeawycw 10

Analysis

  • max time kernel
    38s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2025, 19:31

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\explorer.exe
    explorer https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
    1⤵
      PID:2624
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1912
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2768
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:2040
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:2816

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
          Filesize

          2KB

          MD5

          e0285ddb857e171a76e173c47285cc76

          SHA1

          f0cab189d1ee917a0539d10cad4d1869f26e1a12

          SHA256

          538fbcf41f44a28758f1327558eabeccbabdc1ad4c404bd9440d1ff5b0b06396

          SHA512

          8b4ae2a315054a2a34f17db3fcc5e8bb54bdf637edc3745923768dd01bcba311a38a0e48e085b06ad3fe8e846877c72e49afb770e0f40ee4e0a3998326ce0e5c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          71KB

          MD5

          83142242e97b8953c386f988aa694e4a

          SHA1

          833ed12fc15b356136dcdd27c61a50f59c5c7d50

          SHA256

          d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

          SHA512

          bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
          Filesize

          1KB

          MD5

          f77c5a81cd7d1fbeec7951c2f5c1a9d8

          SHA1

          e6fec120e2f189e1ce0c5343884a99e8c8aac316

          SHA256

          b115916bf92d0a0797d5d693701b2f8947b0b3d45c7ade1e615b9bcd3d7d56a3

          SHA512

          bf64b8a55da640f9e2af0b3ac3ae16470c86d8842c6a4e1fac2bad23b7956aa51cb89f90b615bfdfdacb187681c0c6e05f5037bd4c34d65748c54ac1fb69e2b5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6b4cfc9a8bf9ac76998377f6bf2e1dc9

          SHA1

          e95373bf8617d2f46f875cf7ff43a75ee7d84aed

          SHA256

          1ce9f0fbef853caf3eb44f888ac59043f7b54f9e388c29a3a86daf4632d943fc

          SHA512

          2a2e4cb927ac9608b9e6ac17b9ad7a1a24dcb32be2c47f029238509fd2ccc0fbec01a57888c1a633778b0db1e1389a7e76c9ad476968fe3ab85be07c9ace8057

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5a3b1f54b970601e6702c87bf84ef084

          SHA1

          6fca1765fbd8b9236d31788002927cc548d8df68

          SHA256

          a3905d24193cc0d089f89e5cca6fece27dca85e711c4b24ab0f510dd5ade0999

          SHA512

          3d4a202ebc85fa43e64e8284943772328b74258385a9967a54749866dc30b0cda490d22a51719b33777562a43d3cc25e66d10988a2878a4808af084eb0d545ba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dae78c03129d6d29a1f17aedb88706f2

          SHA1

          8904c5e7057cd0b5de465ad0673f093d53794769

          SHA256

          759ae2666b136d4f4ad31d469455dd03901c49d04e82384e8f5d80e6d892f10d

          SHA512

          4a79d51c11609bcd7fe16eefc59090e1732d93d43705efaef743f419cef558d20ef6d3e12c6913a47a8138a04528c91361cb34896cdf23f5fc88c818222ae6c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ec74da974968e1b96f88c3e112999d97

          SHA1

          3618dbe701c21ab59d0786490c0df4afe5417e71

          SHA256

          c4d2a83bd25cf2d264ca171726796b80353f21a549f21d6d61abbd6183829c4c

          SHA512

          0c2e7c4507c8fac0c914db4dd03a8f02967235da6b22c09dcf816af1ac93fc58e00c9a5b7ad8ebf3d38997bfc59d39534748d7077d0eeb61cd57ad2303a6577b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\78076te\imagestore.dat
          Filesize

          1KB

          MD5

          d39df99fb7f3f65e70684a478abddc9e

          SHA1

          c2cd3475ae76648674e2a18aea4858576331bc89

          SHA256

          15319e75c6d9f27ec256da74a66805be560cdeafcdfc628f22fd472c5bc0fab4

          SHA512

          8145c14d75040ab83c51a56a74b08cdbcd6f57256cb8ab1acfab6eb0b27076f88194b341c91e50378d4cb991218a523e4c7d8e4cc277415f64fbb51a1f551b5d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G4X5UFP\favicon[1].png
          Filesize

          958B

          MD5

          346e09471362f2907510a31812129cd2

          SHA1

          323b99430dd424604ae57a19a91f25376e209759

          SHA256

          74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

          SHA512

          a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB00D.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB18D.tmp
          Filesize

          183KB

          MD5

          109cab5505f5e065b63d01361467a83b

          SHA1

          4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

          SHA256

          ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

          SHA512

          753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

          Download Submit