Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    172s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2022, 12:48

General

  • Target

    http://admtienda.live/A22SAT2022/?hash=YWxtYWNlbm1pQGdrbi5vbm1pY3Jvc29mdC5jb20=

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://admtienda.live/A22SAT2022/?hash=YWxtYWNlbm1pQGdrbi5vbm1pY3Jvc29mdC5jb20=
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4452
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4888

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

      Filesize

      1KB

      MD5

      2ff7625e84887471e8aa67e6ac11f735

      SHA1

      cf9396de83f5822338529f1c0c51f41da5eee8d8

      SHA256

      27e0b6144c294a9cefbba0145baea8e299a0fc3b1bd897bf9c3f6dc0109207e9

      SHA512

      6fa10ff0000cd4ef9ee689e70adbb5f181019be9d74e0fa74276e3f1a045a2f735e4f705d3d0cd9acb2f1a7772bd56be2166a3bf64da9024bf0d9b3dbfdef556

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      471B

      MD5

      50e10d0c1d47ed3dad34cfcd6a9d764c

      SHA1

      7ccc215400c6c89e794dcf3b8d7b7ed006e94fec

      SHA256

      4e194f75beef2d97e3b4e3fdf4a49b5ce0b5f7f112097d3093b33d257b2912a3

      SHA512

      7f67c1ac984e0f2de6cb3e12fe856a86a0e6f1d690ad668fa11c94932c5846f12008fc375187e0c93f40026613096184e36aa4804896f736aeb1bec27fb265aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

      Filesize

      416B

      MD5

      637dd01c0ad487a17b3a3da71ec31976

      SHA1

      9ea99cbf4452cdf51c60f81b92f6b541dc170f2a

      SHA256

      2305b4b507bba8897b9ad0259d54752c924479abf8ffa288374c0c91b3f7c3b7

      SHA512

      cd8572898ef413d09ba2ce4da12b1f28ac7cf0bb90953003d7fe5cd1e720688228508a631decbd911869549e070052be8acd58dd1c1387c1d657a9a1c3c35513

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      404B

      MD5

      1a7315716ec5bc8c2e4f905d62f7c4d0

      SHA1

      92647405b5871900a1fc33a51583f33d00aff95f

      SHA256

      c1da2997b4208e7be89d3ca5faf3d0fed9ac1d20317a4dec2d068fa22ba74613

      SHA512

      d01f952fb856772e661080b6f341f108ee6a77b58767474a1c7748624d5126e7b1e0eb4d67b7956ec743ff93d2fac2a1fb9fb8fe3afec37f74a43ff4995dc0a1

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GMQ6XNBF\29092022-new.zip.f71bpwg.partial

      Filesize

      7.4MB

      MD5

      0c136c2a555dc3babfbe7718e2c74c9c

      SHA1

      ea8cc19275d76c3d48ef67a7b7dd3dac9b66d69e

      SHA256

      05527880453634d4e57e470593960486809e6bf5c1c5e21b1ab13fb82cc2994e

      SHA512

      b785eb091bd79c79a382048e9c56a860b62a132c92cdcdc2bb6f225c558b8e22e3bedac0fbe3490bbb6c77df4e5a9cf1a6643dcb7d23a7884150e4d732296c37