Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    201s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 12:02

General

  • Target

    9e1dafe76857560288ec1c16ef46b4652fde28c8ef5ebe390978ff9b1c00be82.url

  • Size

    117B

  • MD5

    bd9757c771061ecacb2783a403b23f52

  • SHA1

    a56359bb8a2f6a230f8e010163857da9128a99e7

  • SHA256

    9e1dafe76857560288ec1c16ef46b4652fde28c8ef5ebe390978ff9b1c00be82

  • SHA512

    df511b0e29b6fbd9e42d0ffad2b0c5f9cfaea46644bb14f73b82178206db9033b02680459499028bed6e86b52a5d1db5a37f509321b9068a622b2a378a07308f

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\9e1dafe76857560288ec1c16ef46b4652fde28c8ef5ebe390978ff9b1c00be82.url
    1⤵
    • Checks whether UAC is enabled
    PID:1776
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1640

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a8fc863c050d70c78d2905db68db357

    SHA1

    3b3faad750a410114275232cea35e4f247276b6b

    SHA256

    7e029c44276b44b5b58fee5ed5ab13f72d3c44d34c9f52cd5dd8c6c06613c876

    SHA512

    d899044290d9fd49873cb5f90f56646f2970b52f28798849b0b2828be346c33295c65489cbec4da9e6ee53df0f4431b36dc21733ff52afb840bd2bd6dee142a6

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

    Filesize

    13KB

    MD5

    cbc9c80794e6b159e16f0c39602b6d2a

    SHA1

    daed0a940d1553db7972cb6e42a909192515d129

    SHA256

    ac5954ad418c1fd495fc24aaa16f507b57df5d5d92ea10de19d7529da464a2b8

    SHA512

    74df8b9f63b27709e02aad83bc2d02133aee78d9b45cd644ab0766478257484fd81d1901072c3e22115fad7a1350718e8cdc73790c2dff5f16b5e8da1e58cb45

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2JVSW3Q6.txt

    Filesize

    603B

    MD5

    cef98b34b0aa3fabdf423afc45589e7d

    SHA1

    1092dada3ddba112042f3b34275eca0c67e56ddd

    SHA256

    5102c865dce1be8b613815d3e9b631154c260eba0b4b0893399ada6d7f51eb35

    SHA512

    2975aacf9b9d0b7e609c85f7d5ee3565855e8ba93c19e43831b132ad6cc170338d5264b3d3c01bbc5e761cf70581001ceaf8ef12665f5d1546707fb7944ea6ce

  • memory/1776-54-0x000007FEFC1B1000-0x000007FEFC1B3000-memory.dmp

    Filesize

    8KB

  • memory/1776-55-0x0000000000340000-0x0000000000350000-memory.dmp

    Filesize

    64KB