Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    138s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2022, 13:00

General

  • Target

    https://milliken.iad1.qualtrics.com/jfe/form/SV_cT5tsyGlFTkQjXg?Q_DL=5PyYlOCvhkLM7Zp_cT5tsyGlFTkQjXg_CGC_hC9IhnlyfoSAk1L&Q_CHL=email

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://milliken.iad1.qualtrics.com/jfe/form/SV_cT5tsyGlFTkQjXg?Q_DL=5PyYlOCvhkLM7Zp_cT5tsyGlFTkQjXg_CGC_hC9IhnlyfoSAk1L&Q_CHL=email
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1756
  • C:\Windows\System32\MsSpellCheckingFacility.exe
    "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
    1⤵
      PID:1140

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      340B

      MD5

      7ba74bbd3af4dbbfed6e29a87c5e87e6

      SHA1

      d81c8af12c2a69fd334cb6ec87280e44bbbc9976

      SHA256

      19de08c5ab98964786ebf9b2872c60babc307a2222fb163f71f1a45a7e8847f5

      SHA512

      73df9f3e15823d7c9cad49c78c7e8624a79e0e4d221866bff2f1b31d24441a303209d8b2cce2fc75aa05a481989c317818c92b2f0f0b96d22f679a5987abc5b9

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat

      Filesize

      19KB

      MD5

      e77a2f1687786a5129967d530d16d20f

      SHA1

      677e17ce5ba261bf179305630393972db8250a67

      SHA256

      3a0997325a3d9594bd4a9bb0196ec23e99023b7d9a0cbb5786e5e07a24d446c3

      SHA512

      5bcb8eb7676437945ebaf12f62b108b9b3c579564e53735bd1492ededfa0f916585682f8673c3759305a65934cbd6c72e25f3affd89d5713f66909b6a4efdbd8

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\favicon[2].ico

      Filesize

      14KB

      MD5

      521269841ff7f01a1772f3856e636d01

      SHA1

      7deb793c8e6cb57c23cb3ad1da6ceaca9982adb2

      SHA256

      65e99ee3b805f7b1c8b08159161e3ad53960640a2c3f952d282af4900d1ae572

      SHA512

      d72849a984866c1ad66b88d3aaae7cff27cac05ece4a491cd7afd8d31a05557e726f502f4223802d10212a1cf8f769c1484263cc20ee1064e3ac2b0be7ad9d67

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZAZFA5CC.txt

      Filesize

      608B

      MD5

      356b63331e60efb983f59e544e205274

      SHA1

      807ab593acf2f28e5f4936850f8c26aaa5e93a75

      SHA256

      9053b4860924b2a3e84cfde96e8b21d31697e046cd0f79bd60154f6293942b65

      SHA512

      2607db6fda6fdff9d75806da9f6f567eb6ee7d2ff4980ef24885dd4aa6d512af57233893d73288fe60da139fbe1b3037809e3b294709cc663523e57748ab1072

    • memory/1140-58-0x0000000000290000-0x00000000002A0000-memory.dmp

      Filesize

      64KB