Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/09/2022, 02:07

General

  • Target

    iPRS導入包/App/FCM_Report/App.xml

  • Size

    1KB

  • MD5

    c5cc9f821ce5b929332202b6f8fa0896

  • SHA1

    16f5364a58c75a56f9bfd4e0f19dd0c138734f94

  • SHA256

    6729193d39f39980b6d169bd0a6ae8e0059f3306ef365e19acfbc8a98554a00f

  • SHA512

    da3c51c2f28cb6e948bed96aa63dd32a120b0da1227277609b45a0de5ae57874a4599015e1cf5c5ae3bab39f364e6eccfe7642fc95887e8e7730194b0eaafe5a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\iPRS導入包\App\FCM_Report\App.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\iPRS導入包\App\FCM_Report\App.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    f6d292a2a65c9e87797c7b0fb3018460

    SHA1

    10b53657072ae3d240832b895e721dddfaadb6b3

    SHA256

    68851b0ab7e9b1a9af4944d0459ae8adf3531e9345d2629f99f0a7ee5b8d0c6f

    SHA512

    390095530172a02243c356b7d6049fd9b1da0e3a9f66918f0a2c1fee0ec27667724ab58266c46122ed6e5fd8389b5debf1ff0308285d136ce0cfcc7c3555d77d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    2116ab68de936679a27a58ea6453c061

    SHA1

    9e11647b8bd5ecb3d4865426477af5b994eeb755

    SHA256

    d38c2bc61c39d0a2c1c5a6473db7b8db2909f3a9713b652a3aa9c5a745b6e129

    SHA512

    e11e9209e91a6b940c416dc6323fe43f3f7fc904e8a88847d35ab367322fbf8702057b2ae545abf1abd46326547bb1ed43dbcaddf419c815ca0fbef28a53c549

  • memory/1964-132-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-133-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-134-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-135-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-136-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-137-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-138-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-139-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB

  • memory/1964-140-0x00007FFEC6450000-0x00007FFEC6460000-memory.dmp

    Filesize

    64KB