Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    85s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 07:58

General

  • Target

    http://helleniqenergy.greenbyte.cloud

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://helleniqenergy.greenbyte.cloud
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca6a1fc29d33a9bcdfd0505416896b42

    SHA1

    826c2fb91f6b5ad6d11751d9dbbfad16e292a0ff

    SHA256

    154ad4f010209eada09a1cab795b310b8df0131cd5cb047503af9106c4ae14eb

    SHA512

    f5679d33efe2d6d06add931c96b311ddb740288e0f3aeb9fe4e340518cbf4757a277cf63970ce3baabf63b97222b2779477e15dc7d9022130841994d162484ec

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\557GMS1G.txt

    Filesize

    597B

    MD5

    36d2d1c1b4dd15085cbcb3932c6f2dd8

    SHA1

    8b2e7437c896cdf9aaaecee7fbf78b0ce08c6b55

    SHA256

    d65734db0ff3d5792c8389375d4988555da2bc3b7509ea27435af82b7f5ce326

    SHA512

    a12dcc2bfe2fa76611e45a261af170165401ab769ff8f1d3357a9599a70f51da552c60e52a39df0cb9a299dc385455484556e1ea0bf92421752c9ebaa6d0b3cd