Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
1Static
static
authorization.php.js
windows7_x64
1authorization.php.js
windows10_x64
1cf7msm.min.js
windows7_x64
1cf7msm.min.js
windows10_x64
1cf7msm2.min.js
windows7_x64
1cf7msm2.min.js
windows10_x64
1common.js
windows7_x64
1common.js
windows10_x64
1custom.unified.js
windows7_x64
1custom.unified.js
windows10_x64
1frontend-m...min.js
windows7_x64
1frontend-m...min.js
windows10_x64
1frontend.min.js
windows7_x64
1frontend.min.js
windows10_x64
1frontend2.min.js
windows7_x64
1frontend2.min.js
windows10_x64
1happy-addons.min.js
windows7_x64
1happy-addons.min.js
windows10_x64
1index.html
windows7_x64
index.html
windows10_x64
1index.js
windows7_x64
1index.js
windows10_x64
1intersecti...min.js
windows7_x64
1intersecti...min.js
windows10_x64
1jquery.sticky.min.js
windows7_x64
1jquery.sticky.min.js
windows10_x64
1lazy-images.min.js
windows7_x64
1lazy-images.min.js
windows10_x64
1phpmailer/...php.js
windows7_x64
1phpmailer/...php.js
windows10_x64
1phpmailer/...php.js
windows7_x64
1phpmailer/...php.js
windows10_x64
1Analysis
-
max time kernel
134s -
max time network
157s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30/08/2021, 05:10
Static task
static1
Behavioral task
behavioral1
Sample
authorization.php.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral2
Sample
authorization.php.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral3
Sample
cf7msm.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
cf7msm.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral5
Sample
cf7msm2.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral6
Sample
cf7msm2.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral7
Sample
common.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral8
Sample
common.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral9
Sample
custom.unified.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral10
Sample
custom.unified.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral11
Sample
frontend-modules.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral12
Sample
frontend-modules.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral13
Sample
frontend.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral14
Sample
frontend.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral15
Sample
frontend2.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral16
Sample
frontend2.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral17
Sample
happy-addons.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral18
Sample
happy-addons.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral19
Sample
index.html
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral20
Sample
index.html
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral21
Sample
index.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral22
Sample
index.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral23
Sample
intersectionobserver-polyfill.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral24
Sample
intersectionobserver-polyfill.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral25
Sample
jquery.sticky.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral26
Sample
jquery.sticky.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral27
Sample
lazy-images.min.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral28
Sample
lazy-images.min.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral29
Sample
phpmailer/class.phpmailer.php.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral30
Sample
phpmailer/class.phpmailer.php.js
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral31
Sample
phpmailer/class.phpmaileroauth.php.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral32
Sample
phpmailer/class.phpmaileroauth.php.js
Resource
win10v20210408
windows10_x64
General
-
Target
index.html
-
Size
380KB
-
MD5
ca5016cec286967c8e40c6f0aa2d1d29
-
SHA1
3fff9cc3bb6e23a681e8a0d7ba13ae26f4a76894
-
SHA256
cb152da0a7cb2e7179c33e7170c366b8abad1993498ea9fd4793decb11686aa1
-
SHA512
4fff221e11a9595dd27f5d5a3d276099a57568d31a56320dd7d43fe821ba4a584f3a5c1f1b0f07553d9bf09595df5c0ca636c161904c09b52e641a396be33ec6
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "337094096" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "181708080" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907770" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b10baf6e22cf3649b432e4f3c0d1112e00000000020000000000106600000001000020000000d3292145195cce539cd8b70616c11043dd0dd3b6f9cf6cbd838339f284e5ccbd000000000e8000000002000020000000f37916a9d3c5cbf6af27e2abbdd477ff373285481711ea74735d355e3543e57e200000001ed7973ef6527356a515654189362859cbb3c42d714d7360f04853188678cfa2400000006d469a194fc93b4deb64ba434913b60ff972bbb04873af44365b8b70cf34933748db1022cff346a8bbf21fde48467111a639bb7641d4049b89d11990dccffe7e iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707222237a9dd701 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b10baf6e22cf3649b432e4f3c0d1112e000000000200000000001066000000010000200000009ba55cf83897581711dd107caa9d200670401be343dbbfc001349e7818802a8e000000000e8000000002000020000000ef98435bbe0e208b197a54a52dc92fe7d5937afc8cc9c9a3f39258c55b01e1642000000000488cfd22584d10aef182295a916cb3d9a9095d4fea1490e662809ef1d89a5140000000d6a28ae5f124d9eb3ffe68e75f6a1ac7abe4a11ca3c49e72b7bf4de451c22e81674d676affc3d8b24a43838dd154bff2accc736ae4c881abd100f562688b8465 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30907770" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05a78237a9dd701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "337077502" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33B199D8-096D-11EC-B2DB-5210EA48215F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30907770" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "181708080" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "248270620" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "337126088" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4016 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4016 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4016 iexplore.exe 4016 iexplore.exe 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4016 wrote to memory of 2300 4016 iexplore.exe 74 PID 4016 wrote to memory of 2300 4016 iexplore.exe 74 PID 4016 wrote to memory of 2300 4016 iexplore.exe 74
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4016 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300
-