Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    73s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2022, 12:18

General

  • Target

    http://inmostcases.ThischangereflectsrecommendedOCRSuspectpracticeandisOCRSuspectcompatiblewithC99.whichrequiresanexplicitreturntypeforOCRSuspecteachfunction.SourceOCRSuspectCodeSourcecodeforallprogramsisavailableatknking.com/booksOCRSuspect/c2.Updates,correc-tions,andnewsaboutthebookcanalsobefoundatthissite.AudienceThisOCRSuspectbookisdesignedasaprimaryOCRSuspecttextforOCRSuspectaCcourseOCRSuspectattheundergraduatelevel.PreviousprogrammingexperienceinahighOCRSuspect-levellanguageorassemblerishelpfulbutnotOCRSuspectnecessaryforOCRSuspectacomputer-literatereader

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://inmostcases.ThischangereflectsrecommendedOCRSuspectpracticeandisOCRSuspectcompatiblewithC99.whichrequiresanexplicitreturntypeforOCRSuspecteachfunction.SourceOCRSuspectCodeSourcecodeforallprogramsisavailableatknking.com/booksOCRSuspect/c2.Updates,correc-tions,andnewsaboutthebookcanalsobefoundatthissite.AudienceThisOCRSuspectbookisdesignedasaprimaryOCRSuspecttextforOCRSuspectaCcourseOCRSuspectattheundergraduatelevel.PreviousprogrammingexperienceinahighOCRSuspect-levellanguageorassemblerishelpfulbutnotOCRSuspectnecessaryforOCRSuspectacomputer-literatereader
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4956 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    460fe13d503bfbb113c3ecee607f5a31

    SHA1

    52df07ae073bae09b9093fe2c60ccbe7e8dc47cd

    SHA256

    dfd7a4b3a98874808e3623cf75216dacd47b4389916e0faad7e0ed289743ce0b

    SHA512

    383f29a13884ec9268eaba1ee47bb73243ec7f4eabdaacaa77bdb2de2b0cde5f000b7ea527179c75cfa30666a06a9333268e06b4cfbef91f4d2b82c119818d23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    1c7d10884a361361d1f6098999d3b132

    SHA1

    f7f9407e684cda6e45632b2591eedd0ab72743f5

    SHA256

    bfa28b465ae23a5b13c2931ae3d2d484cf47430d765f41286067a48d0dd913b0

    SHA512

    20dad6ccef4a7d7fc400101754b6e24ea1a00d5f1349ab02e17925c3e60b771138341bdf5b209d6df51846943f8aa3e21b7bfd388d58222036b4168f791609e7