Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
api/index.js
windows7-x64
1api/index.js
windows10-2004-x64
1api/index1.html
windows7-x64
1api/index1.html
windows10-2004-x64
1d.html
windows7-x64
1d.html
windows10-2004-x64
1d.html
windows7-x64
6d.html
windows10-2004-x64
1dx.html
windows7-x64
1dx.html
windows10-2004-x64
1dx.html
windows7-x64
1dx.html
windows10-2004-x64
1dx1.html
windows7-x64
1dx1.html
windows10-2004-x64
1dy.html
windows7-x64
1dy.html
windows10-2004-x64
1dy.html
windows7-x64
1dy.html
windows10-2004-x64
1img/a9af12...46.jpg
windows7-x64
3img/a9af12...46.jpg
windows10-2004-x64
3inde.js
windows7-x64
1inde.js
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1js/app.js
windows7-x64
1js/app.js
windows10-2004-x64
1js/bootstrap.min.js
windows7-x64
1js/bootstrap.min.js
windows10-2004-x64
1js/jquery-...min.js
windows7-x64
1js/jquery-...min.js
windows10-2004-x64
1js/jquery-1.7.min.js
windows7-x64
1js/jquery-1.7.min.js
windows10-2004-x64
1Analysis
-
max time kernel
132s -
max time network
159s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/09/2022, 02:29
Static task
static1
Behavioral task
behavioral1
Sample
api/index.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
api/index.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
api/index1.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
api/index1.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
d.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
d.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
d.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
d.html
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
dx.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
dx.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
dx.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral12
Sample
dx.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
dx1.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
dx1.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
dy.html
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral16
Sample
dy.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
dy.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
dy.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
img/a9af12039d49a275069d56ba60e31f46.jpg
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
img/a9af12039d49a275069d56ba60e31f46.jpg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
inde.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
inde.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
index.html
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
index.html
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
js/app.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
js/app.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
js/bootstrap.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
js/bootstrap.min.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
js/jquery-1.7.1.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
js/jquery-1.7.1.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
js/jquery-1.7.min.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral32
Sample
js/jquery-1.7.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
index.html
-
Size
44KB
-
MD5
75bc6e964209ef220b8a32f77a3ef96a
-
SHA1
1946e24a9d0739a1a24605790ce26084252729e2
-
SHA256
3270d6084c6c28c6c6918105379dfb6a24ee89508aa689e472e617c0835dffa7
-
SHA512
5484bbc4f604fa2091fec23c3ac30b9513b2fb5eb1b6bf67e8c51aedc629ffbe0f18e098b44d37859d65e09ceb407add00ce9226409a53f80fb8560f5134ec7c
-
SSDEEP
768:RhBjM6r7cmTJh5Gs499JQswtICapQjQeTSP19kDSfrtBQSfMMvXtt9rScasUhrv1:Rvjp7cmTJh5Gs29JQswtICapQjQeTSPk
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ee50e63bc3d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFFA6EB1-2F2E-11ED-AB20-4A12BD72B3C7} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369376372" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000009bc863fd0221960e43e7d4ddd2a90065a6007e0f6504afd72e9d389b2b29fbac000000000e8000000002000020000000ad2b8ba21680a9ad19a224ac89e333e4b5dfc60b5eedc1965a7a02af37039fa120000000af31814eb77c9bdd81d1522f66357d7202fcd2f009673d1c7b6de4754d36a3c440000000d4d86ab97c89bb735e296f69a1b1f14f8b586fa2c42ec60338c6e8a7da66f75d22c83e57dd89417d8135f44136251ba8ea26bca0fd069bd3cee4bc58c53f3208 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000005a59a71a3e635944927be3c51ff8ad23b7722a754908e758b75f256d2ff978a0000000000e8000000002000020000000be48859b1ae6936be69494d960c30d7a23b870f9fb7f5003bdc813338cfa3ff39000000039e05f0ede81b6e1c157208a32fc67a9d67a9ccf583c3511aef06ecb49ecf7e81b7de69505e526572d9d7402e14b1509202590c7d72d1af5dfaa740af70790ddc654d48ae136b24cb149b1ec7f099cce4e0f46df4bee8b8e8ea6618e1406f36c0f3aee68f7c08feed9ae6d82341ff6f1cb5129103e30a0377ada95c62c02e595e8a6e81c2771ffbb176993837de43002400000006822a84eb21fac52c799af88671fa3b8b97f26569ba8a6439888bf8bb3ec9256023d08560867b725d30d209cfdc3448ebcec1eb85f761d83841a8bc401b29abe iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 880 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 880 iexplore.exe 880 iexplore.exe 1212 IEXPLORE.EXE 1212 IEXPLORE.EXE 1212 IEXPLORE.EXE 1212 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 880 wrote to memory of 1212 880 iexplore.exe 28 PID 880 wrote to memory of 1212 880 iexplore.exe 28 PID 880 wrote to memory of 1212 880 iexplore.exe 28 PID 880 wrote to memory of 1212 880 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1212
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD56c6a24456559f305308cb1fb6c5486b3
SHA13273ac27d78572f16c3316732b9756ebc22cb6ed
SHA256efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973
SHA512587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cecfa9e3f6472cce3647b5822643a421
SHA17f5e4ddd97c985de171ef60e6621c519c1c235b3
SHA256f837cd438cbae48dcf91ff45efb2cbd89c654684337768ac9741bc3e97707df3
SHA512353c6686c19e7b79ed95e998000021411963f8a6e9c8c87419c5c88c42580f6462a78f32fd896d4aa9a94689ebfa20da2b379555e5d0e5b4babdb52e86c5e05e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb92d81889ae9a850e857c3ab291a7e6
SHA1e8907ed23679ea1fa48ae10f65709402cc7404b9
SHA2568ea8b9c3b6df31a17b374ff4af9b2ed02345122eb3df4f957e9855087f3fd77c
SHA512de16241e026db6b2e3365d30e5003404b377bb54f2ad5ccbb4f4a3968da428ccdd4f78b15e03e5dd0def6c4bc0649f8cbc3c27cf94546b10465a73f5d0c743dc
-
Filesize
608B
MD5afb58fa95b5886ec6d0ad6c88c2b5c16
SHA15dc7eda810e4423e9db182f7700b1c2c4fd9feff
SHA256dacc7c4b6c7f72936502323e225ff47c4c07a31901ebc6173c8e715c70a4ce76
SHA512f6bae0ccaa8b5fe5c2388eadb881483937b5a67f65cd50340679eaf2fe99971a73b4adeda9e7ee98af3ce1a8248fe853fbe90fc1f10455832952778c5f24833c