Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/09/2022, 20:07

220928-yv7y2sghg7 1

28/09/2022, 20:07

220928-yvyelsghg6 1

28/09/2022, 20:05

220928-yt8tysghg4 1

Analysis

  • max time kernel
    67s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/09/2022, 20:07

General

  • Target

    Benefits_Enrollment.htm

  • Size

    894B

  • MD5

    8980b1a93fe78bf6e0af956c2303f35a

  • SHA1

    053fbbb80de7d672ada8e2ec6fafd4b1440e2213

  • SHA256

    28ffced68f4e723ff44888dcc1465ea2b4872bd7e629119afab7a8b3c1e728f6

  • SHA512

    a69fa95113ad43562d2acea40787a4715f2ff983561a7d2124cabd0a29d7dfa5cd808f62a24ebd8f09bd22a93ce2c09545603222e78c386738b2b6c0c9ca747a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Benefits_Enrollment.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3540 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:60

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    6e49f7f1e7d5faf70613dcb484cc70e4

    SHA1

    b17a7107140658a4cab09549a23c78481a299026

    SHA256

    038c08b412582a9f36e5eb1f65c5786f84e5239f26e7534c790a777265657142

    SHA512

    98c3a2cac5680aa57680405185be9bcfb38ebc417007e0a911044b1b5aee96336c40eaac0c7a308cb2b3e3e2e3a37c3cdc685f998e2a99f40978588cee8f3fa2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    e5d756b82bffe3bade04032607ddef73

    SHA1

    a9973a3298789515915fda9499a85953c265a1d6

    SHA256

    9db0a2e1c037089854aefdf5a3432327a00a8d18d87c829e713858b794381840

    SHA512

    f71503cf20f1a05da1d4e8f5169df0f5e8c7cb20d714c73cf0cb6ff617d5750407d82302d2bb5e9c9113691d5ae20a5d7482a82d7e0ce04e29d4fedab4e703b9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\81BVSVT4.cookie

    Filesize

    615B

    MD5

    b0c713bb7daea99816432bc2b1e00b22

    SHA1

    4702ba8c42689533a0e7a04e004a83b2e230d2d4

    SHA256

    823d33e4d8262559016236769b5845e334aa6b6d662000b09af99fa9b01ca90a

    SHA512

    8a3905a3de93ad99595f2e49d596de983e652c9533fb746a01d63e171c9beb56ae015cc8b57dafd46c93d04fd86e83313031aa2a4eb8248d0976be2faa523aee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\E56QG6HY.cookie

    Filesize

    615B

    MD5

    cd6e33c5ce8a8f6444831362cd460998

    SHA1

    d7ec0104529b979b4378f9dad2d1e5cdb08723f3

    SHA256

    1c34f96922e4a0310b03446ec171f362c50722c4104cef6d45d1562494dff2d3

    SHA512

    6c8a3f414d9a7df3d07c7ffb7638c1acf466abbf11a2b1d9c5f154a89a1381015cadddc7ef86449623e63e2a6caee71031b1459c9b5f31a4f03856ddd05fa03a