Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    67s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 19:38 UTC

General

  • Target

    http://y2mate.is

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://y2mate.is
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4156

Network

  • flag-unknown
    DNS
    y2mate.is
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    y2mate.is
    IN A
    Response
    y2mate.is
    IN A
    104.21.4.123
    y2mate.is
    IN A
    172.67.132.18
  • flag-unknown
    GET
    http://y2mate.is/
    IEXPLORE.EXE
    Remote address:
    104.21.4.123:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: y2mate.is
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 21 Nov 2022 19:38:23 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 21 Nov 2022 20:38:23 GMT
    Location: https://y2mate.is/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ssLJROXeZWrVaVpiLdQ9%2BEgfiE%2Fw3lDKrB%2BPmUEpn%2BsDAf88NpT4Gxu%2BYLNM2QiP6w7KPVLsdKXDaOCkHZr893B2kLNg%2BEM1SOLp6HZf0lYnbl1OA9ZxhoRXGYA%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 76dbe2a6de000a67-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • 104.21.4.123:80
    http://y2mate.is/
    http
    IEXPLORE.EXE
    532 B
    849 B
    6
    4

    HTTP Request

    GET http://y2mate.is/

    HTTP Response

    301
  • 104.21.4.123:80
    y2mate.is
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 104.21.4.123:443
    y2mate.is
    tls, http2
    IEXPLORE.EXE
    730 B
    2.8kB
    8
    7
  • 8.238.110.126:80
    322 B
    7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
    8.1kB
    15
    14
  • 8.8.8.8:53
    y2mate.is
    dns
    IEXPLORE.EXE
    55 B
    87 B
    1
    1

    DNS Request

    y2mate.is

    DNS Response

    104.21.4.123
    172.67.132.18

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    cb295ed32b0acd9eac87bcc961fb315a

    SHA1

    a580f2d38c9d1611e25b6aaa3d79b54eb34d3ebe

    SHA256

    980abeaa872503211925db8acf8bdcdff0bc3c6deb2182fd698f6a444d2625be

    SHA512

    974f48bdfb8ea90a49cfa25cacc98c9a145702f4e4967dd6ffddd5eaee6144189499682e80b342708e04f812006314b04e5715492170d0f63c7b0530e9cd399a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    7KB

    MD5

    f739b394d30d392d8eb28922bf5a7e12

    SHA1

    78124ad341a0e03ecbb7660011409767e6678fef

    SHA256

    4fff638b8a8f8004eb7a6f5d71ba702373ece50bbe85f499d00d09e7c86dc543

    SHA512

    48cf40407485d1a22f728220a64dc15e85cf051a44104019efa868cc7fccdefcfea2169eea8fb72be819a8c67892aeee72fd22deca31b8bfbd3f8018e55e215f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    b4bec6f6007eeebd86328185c535ffa8

    SHA1

    8c790c1d41d75cd5ad7808902bb39b5f72dbba72

    SHA256

    b68c3bc9ebcddd263306d192ee18992ababa784451b404c34d92b90f84c5a046

    SHA512

    1460cee403ff271b4688c0edbfe255e43cd1cbabe1175eae60edee755f040785d817631f4709089fd085f49287e37e0b3f81d51a417bb1a0e99907f20a051a94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    232B

    MD5

    684e12d6a5c25ec8689753d73b8a49cb

    SHA1

    1d8e018b8d0e0191a35197f828a2e94b20b9966b

    SHA256

    96c47ea309fd736c8a94f206565958dd130c7c6ecebd2d98c7e1ff6bcaa23d60

    SHA512

    86223dc6d44809ea833d5fa4fdf877cfe9bbedd74c795763fd2383e4f0d67aa9211934ea46dbd2fd25416791a2ca9797b532084e3684cb40e900e846387bc882

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.