Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static
static
wp-asset-c...ain.js
wp-asset-c...ain.js
wp-asset-c...min.js
wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...re.xml
windows7-x64
1wp-asset-c...re.xml
windows10-2004-x64
1wp-asset-c...ie.xml
windows7-x64
1wp-asset-c...ie.xml
windows10-2004-x64
1wp-asset-c...al.xml
windows7-x64
1wp-asset-c...al.xml
windows10-2004-x64
1wp-asset-c...ue.xml
windows7-x64
1wp-asset-c...ue.xml
windows10-2004-x64
1wp-asset-c...me.jpg
windows7-x64
3wp-asset-c...me.jpg
windows10-2004-x64
3wp-asset-c...go.xml
windows7-x64
1wp-asset-c...go.xml
windows10-2004-x64
1wp-asset-c...min.js
windows7-x64
1wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...rt2.js
windows7-x64
1wp-asset-c...rt2.js
windows10-2004-x64
1wp-asset-c...min.js
windows7-x64
1wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...bug.js
windows7-x64
1wp-asset-c...bug.js
windows10-2004-x64
1wp-asset-c...ar.ps1
windows7-x64
1wp-asset-c...ar.ps1
windows10-2004-x64
1wp-asset-c...es.ps1
windows7-x64
1wp-asset-c...es.ps1
windows10-2004-x64
1wp-asset-c...nUp.js
windows7-x64
1wp-asset-c...nUp.js
windows10-2004-x64
1wp-asset-c...ug.ps1
windows7-x64
1wp-asset-c...ug.ps1
windows10-2004-x64
1Analysis
-
max time kernel
111s -
max time network
158s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
15/10/2022, 13:42
Static task
static1
Behavioral task
behavioral1
Sample
wp-asset-clean-up-pro/assets/auto-complete/main.js
Behavioral task
behavioral2
Sample
wp-asset-clean-up-pro/assets/auto-complete/main.js
Behavioral task
behavioral3
Sample
wp-asset-clean-up-pro/assets/chosen/chosen.jquery.min.js
Behavioral task
behavioral4
Sample
wp-asset-clean-up-pro/assets/chosen/chosen.jquery.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
wp-asset-clean-up-pro/assets/icons/icon-cloudflare.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
wp-asset-clean-up-pro/assets/icons/icon-cloudflare.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
wp-asset-clean-up-pro/assets/icons/icon-ie.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
wp-asset-clean-up-pro/assets/icons/icon-ie.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
wp-asset-clean-up-pro/assets/icons/loader-horizontal.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral10
Sample
wp-asset-clean-up-pro/assets/icons/loader-horizontal.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
wp-asset-clean-up-pro/assets/icons/premium-plugins/gravityforms-blue.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
wp-asset-clean-up-pro/assets/icons/premium-plugins/gravityforms-blue.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
wp-asset-clean-up-pro/assets/icons/themes/betheme.jpg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
wp-asset-clean-up-pro/assets/icons/themes/betheme.jpg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
wp-asset-clean-up-pro/assets/icons/woocommerce-icon-logo.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
wp-asset-clean-up-pro/assets/icons/woocommerce-icon-logo.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
wp-asset-clean-up-pro/assets/script.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
wp-asset-clean-up-pro/assets/script.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
wp-asset-clean-up-pro/assets/sweetalert2/dist/sweetalert2.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
wp-asset-clean-up-pro/assets/sweetalert2/dist/sweetalert2.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
wp-asset-clean-up-pro/assets/tooltipster/tooltipster.bundle.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
wp-asset-clean-up-pro/assets/tooltipster/tooltipster.bundle.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
wp-asset-clean-up-pro/assets/wpacu-debug.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral24
Sample
wp-asset-clean-up-pro/assets/wpacu-debug.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
wp-asset-clean-up-pro/classes/AdminBar.ps1
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
wp-asset-clean-up-pro/classes/AdminBar.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
wp-asset-clean-up-pro/classes/BulkChanges.ps1
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
wp-asset-clean-up-pro/classes/BulkChanges.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
wp-asset-clean-up-pro/classes/CleanUp.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
wp-asset-clean-up-pro/classes/CleanUp.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
wp-asset-clean-up-pro/classes/Debug.ps1
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
wp-asset-clean-up-pro/classes/Debug.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
wp-asset-clean-up-pro/assets/icons/icon-cloudflare.xml
-
Size
1KB
-
MD5
a6f95823344b1b66f56a9eb699384d5d
-
SHA1
b2c33f92ffd27c2678823f6a2df2bef4b60dc284
-
SHA256
e0edf50a3b4ce9018914a131a8250f31837d5d3cb08ece7f805c4aac70593436
-
SHA512
f83c69d85fd3966de6b6f89cba9c532188d532d8a50eee8c86c1fc2bc3c5f3a7730446237104adb230a2830f2274887c939cc13ddc0b419c18a5d17f2a815316
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000bab634daf151230daf9641bbae14bb387510ea30bd25651a4df1c62e8ebf18d6000000000e8000000002000020000000de1d190d9426b3c74e63a9ee796a9680eb37303142d2436a773c6b6583530f7a20000000887e54eff5acb6600461dd7617d5baf3da2c91a247d344bd0065cf32abd8a57640000000a81be064f6c64a145947cc4adea1cb5be27d0b7a569b14bc8bc42d2a1b3fc3100c7decefe5795bc08cb036c233e6c85794f35b6ce3364e982f2761546651077f IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{906CC861-4C8F-11ED-9D78-7225AF48583A} = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00c02669ce0d801 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372606482" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a000000000200000000001066000000010000200000006340ffd3980c673a30f891889e8d635a2c9e88ffed142e518452d091d62882aa000000000e8000000002000020000000ff40a2bcb6f94e88d55c86d95631f0a8dba4a77d2243f6d5bec0cab2d1f36495900000005b552ab44e9b5127cb8a412eec5a16a0d8d98499566205dbe76056c1b76c53411c6520b2d237130067f42ddc800a743ed522bab2a2b43f26c1ef46690626cead1e7e28c5c1da80cc1efe451a1db7ed95353a6142af10b1371e606e6728606dafbf61f2ba6233ca025d4963f38b75bdc87fa57e1d944636b284d069a2d5f2c3e746bcc829e13b036a59c477e6b52deaad4000000044235a86cbda59a5e1d7e4debacfda00c3a157df58401bc7227879a6c52d1d0f4d45846f9dc1137df20669fc88b3f361df3910e7bd4311c1e79a31c4bd6c4aae IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1384 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1384 IEXPLORE.EXE 1384 IEXPLORE.EXE 584 IEXPLORE.EXE 584 IEXPLORE.EXE 584 IEXPLORE.EXE 584 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1344 wrote to memory of 588 1344 MSOXMLED.EXE 28 PID 1344 wrote to memory of 588 1344 MSOXMLED.EXE 28 PID 1344 wrote to memory of 588 1344 MSOXMLED.EXE 28 PID 1344 wrote to memory of 588 1344 MSOXMLED.EXE 28 PID 588 wrote to memory of 1384 588 iexplore.exe 29 PID 588 wrote to memory of 1384 588 iexplore.exe 29 PID 588 wrote to memory of 1384 588 iexplore.exe 29 PID 588 wrote to memory of 1384 588 iexplore.exe 29 PID 1384 wrote to memory of 584 1384 IEXPLORE.EXE 30 PID 1384 wrote to memory of 584 1384 IEXPLORE.EXE 30 PID 1384 wrote to memory of 584 1384 IEXPLORE.EXE 30 PID 1384 wrote to memory of 584 1384 IEXPLORE.EXE 30
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\wp-asset-clean-up-pro\assets\icons\icon-cloudflare.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1344 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:588 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:584
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
603B
MD566bda89c00520dc64112955bde300cf0
SHA19d7c6bb7f720d59699027d88e58ebc1b02951c2e
SHA256bb58f13009218d2a8e70d8907ef6cec1ce763760deb2d68bdcbfd30f687ebdd4
SHA512cc054ea1c878593830dbec638c2e269332a2bd2c9884acacd9ab9d460c77d17e5aff0bb1c4c3b6bf0547e8ffba19f93fd3800a56b5f51695eff579e0f01f3a8b