Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    79s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2022, 19:38

General

  • Target

    http://y2mate.is

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://y2mate.is
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    f74ccf16d555237b198c3b12844f42ec

    SHA1

    043df1cb5d4ed4f9d00d280a621ef44f58a78d97

    SHA256

    be1451b587e46cdb1a8ffe02ee6c77c2a51a8f5a8679ab63bef3006abe00e86f

    SHA512

    6bf0b694874f1e462b24cbc822c56d2d91a59b4a38aeb250cf5913ddf694df462e6b55d8bfac5e2bdb7e14b2c939cab5fa48c566445aaddb832dff621c1e5be6

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

    Filesize

    5KB

    MD5

    cd0c70f87b3c15b0778c20dae8e8f045

    SHA1

    64a6658550490ff755dd59e4f7117e19c5b95a4d

    SHA256

    d970721a04e04c70a4b9191ed0ffa61275478c5d02f0df34bc5509e13fad6793

    SHA512

    8a8253a410cf76f9b180b0a8993cb806b2a7d75dbbeefc272e2de247fe193200fb5fe231c1f8c234cae890c18098a28a09f9564cc7866456643c019f5963830f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1CXUHDCD.txt

    Filesize

    608B

    MD5

    88b237d12dea84a1b96a94ebde366956

    SHA1

    be574f5eecf810b31bea5772cfc235becfcd779e

    SHA256

    adae00f5081dc429302f5f14527e95434b18f30b22fdb9ea5131bbf81fc34dfb

    SHA512

    00d633f72af4d50c8aa26ddd93e9ca94e8024f95ebaee07da3f0d8a310cdf61c412a42292a3c0ac8eb26961ed0a72d5f15ba3a3fde43241e9a0fedce2312a4a7