Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 10:09

General

  • Target

    14b056c577bb2f2132ea6afa84e1b9229238f2e99068648bfcc2917139d92256.xml

  • Size

    28KB

  • MD5

    6a5cedda9f0022ac7378b8694e3d64f4

  • SHA1

    b3d9e005db9b71d1aa457c32ad96832763fa6162

  • SHA256

    14b056c577bb2f2132ea6afa84e1b9229238f2e99068648bfcc2917139d92256

  • SHA512

    b40c89458f99a16143f319737527bc127cc0e84441629e52b1d47e3137965262cdef2f66758b9c2c3fabd41460d243e7a097a7e8cbd13d93f6f553679bb893db

  • SSDEEP

    384:tTigZJtl/df3u0x2w6s4w6seRagQ4pAS9qgtgcVfrqLFtx0:tTZdW0p7p7OQqFbXrqL/x0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\14b056c577bb2f2132ea6afa84e1b9229238f2e99068648bfcc2917139d92256.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1404
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1484

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P0NUPYVA.txt

    Filesize

    608B

    MD5

    7a2ae9b70c3d621d739c1a3b805ae2c6

    SHA1

    3bd12a48b1f0c44f08911d325e34b9d98d31990d

    SHA256

    b7f5f065e3e394673cdc1d40895730f550af60b002b0a5a16a72fc58f7ed0aeb

    SHA512

    2936bbdd3d6d50fd58d3a14b0db1c3c6d40e846c10d5f433a962f7164dee87f43edff88268b4bb7759b27ed7d4a1d8ec9b66a5210679b27ffb79d93e5ec001d9

  • memory/1632-54-0x0000000076091000-0x0000000076093000-memory.dmp

    Filesize

    8KB