Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

23/03/2025, 00:07

250323-aejphstxdx 8

23/03/2025, 00:06

250323-adrzhaxqz8 8

23/03/2025, 00:05

250323-adkkestxbw 3

23/03/2025, 00:02

250323-abxrzaxqw9 10

20/03/2025, 23:27

250320-3fd5mstrw6 10

01/03/2025, 19:51

250301-ykw4sszqy9 8

01/03/2025, 19:50

250301-yj8ffazqx8 8

01/03/2025, 19:47

250301-yh1dfazxev 8

01/03/2025, 19:45

250301-yghr1azp15 10

26/02/2025, 02:07

250226-ckdrka1m15 10

Analysis

  • max time kernel
    5s
  • max time network
    4s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/03/2025, 00:05

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\explorer.exe
    explorer https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
      PID:2716
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Da2dalus/The-MALWARE-Repo
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2128
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

      Filesize

      2KB

      MD5

      67cdf23e74ba35f10f9ee7b14957191c

      SHA1

      35aecbc88b18ce121c7d9769b1494a2938504298

      SHA256

      75976d208476ffc06f53a3dc530993e7ca6d9cb43997896a2c890d257e94d77a

      SHA512

      c618d5e3d2fab34396ae796da39f3e334a5b12a0d71f678b40a26693987d954ba6458e894463197c49f68c4ee45839585e3ca7ebfb5908d89e16764fb444d765

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      71KB

      MD5

      83142242e97b8953c386f988aa694e4a

      SHA1

      833ed12fc15b356136dcdd27c61a50f59c5c7d50

      SHA256

      d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

      SHA512

      bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

      Filesize

      1KB

      MD5

      74caa5d616250e674ae7b216846e913b

      SHA1

      7fdd545fb1bd84f22a003468ad78de94701e8d37

      SHA256

      8f2a2685ee3c07f0301bdd416b32d707b027295a72394f24da6958f5693d6c00

      SHA512

      1cf179347568e3bb49712d93c33dc41c7b127e16fc5e6b458900b4c813a9df764e12b13bfb0e0e0e6725b9a9ecf6dacd46b0953c80382d55b9159069c12423f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

      Filesize

      488B

      MD5

      4797dbf3eec0ce2aa43925110854ea7b

      SHA1

      2472a9c23087ee82e92be892a55503bedc56f5ed

      SHA256

      cb3d5fa255150c61ae5a8e4909eaa0188095e58b809accb020f73cc64a7d7df5

      SHA512

      f35fb18b3abfa38fe6da9d7bc767164641246d652ef6388dcb60af9761657e14127b8bb4da9cec6f73d873b3672b3d72184aba77b9cb24b7a0b8813b75c0134d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      9e9a2d6a0ffe7e7a0cc662bbbb8de2a4

      SHA1

      7ec463a09336afa3217dd8c4fb30bfadcb12f039

      SHA256

      4cc1b7e00c1776b25eea001d029239a761b18bdbc4b4718fa07a49740bfbccc8

      SHA512

      534b0af646bdf73455973386dcb8bb65daf96ac581393878bdb57312b8a43b82ad534638c601bda0e9e81d6f71ccb003e66a6875cd4402a5182b6e41b98bf9b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      182ae4d06a968cf3209e5b056373d011

      SHA1

      b5bdb2c2b7aed552b20e561b0f06a994088ab7b3

      SHA256

      14091bde4c18495ac195cbf53c777be293288d7a9aa72b25bf560705aea80c2a

      SHA512

      d1fb277383d84918704b616a9e44582b6549eda15420e22ec3422b2da77505e3924f16e355174adacc145f25caea0d4b6b14ffd334f392a791626085dfe5f262

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

      Filesize

      482B

      MD5

      569b2f185bf598d3fac113af9270c445

      SHA1

      27d352afef978a89d2d1c95f474755d0b760ece5

      SHA256

      067aabf86a305e8bc6d5c9c7ed8307b835f191dca2cfc38627a09c9c9cba3700

      SHA512

      892fda101ecb3ce2725974641b4bc27ea9f04eb9a0d408d40a812180cc073cf5a24f7f93a7ad99b80c30c0a1065c8d892c796ef9699dc2492db5030607f4c031

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax\imagestore.dat

      Filesize

      1KB

      MD5

      9ddd23cb07a3d9c949f9285888085b20

      SHA1

      6abdd1216c847d53331fc0f15705b5183c9c1da2

      SHA256

      0eaa912932071bdbc1614704f502b7ffc228d923b7f94fd75ec0c429baaa29ac

      SHA512

      9a1af99ade0cbe9d8b241f2805ea4fa194b26a65e5680dfbc29432db19cc90e3254c91bb6e39df2c2f0b83cf8c3b046151f4fe17c48493e1c9ba67e7afda1677

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\favicon[1].png

      Filesize

      958B

      MD5

      346e09471362f2907510a31812129cd2

      SHA1

      323b99430dd424604ae57a19a91f25376e209759

      SHA256

      74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

      SHA512

      a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

    • C:\Users\Admin\AppData\Local\Temp\Cab11A.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar23B.tmp

      Filesize

      183KB

      MD5

      109cab5505f5e065b63d01361467a83b

      SHA1

      4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

      SHA256

      ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

      SHA512

      753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc