Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    211s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 17:50

General

  • Target

    http://www.qq.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.qq.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    961b8810ccd25b2fd17f83999305e109

    SHA1

    1e83b0293a0e38c6c4522be528296f8182011f93

    SHA256

    19c101f0ed2edf4daba365485db536b9e8980eec8108f5761610e06d8ce28194

    SHA512

    69c19ba7cc12ae9d53ace1c204ba4e5f83136fe861bb00c392e3751fa75f63c57676a3a2b34fb6cb429b4ed080c2962ac0808ae8747d7f83a54cc99744926181

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

    Filesize

    3KB

    MD5

    c39e49411de5d941494345c5bb2a06d2

    SHA1

    0411efb7bd6cfd26b51d0177f819edc3d0535500

    SHA256

    8037c340a63334909d038c9ad6911d08af1513c9c489462d6284c198f93d786f

    SHA512

    2c7f310837f3b11abe22023bb947044b6334a478722081f7466427220a1a6cf069957933098d3370ba410cdb247bf3ef1b7daad059b92fae7abcc263c923de63

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QPF95525.txt

    Filesize

    607B

    MD5

    c6ecb1fadefad8dddab1b7be90af987b

    SHA1

    03ce535b828537cc33e10fbacc27c84d27d1a731

    SHA256

    64d54d9f8ae1627501364bfed283be013d6f36d0a46949eafefe77445a2e1182

    SHA512

    c28b017992c514bc84f5a2dbc6efa28589629c9985443e71659b87f93c4e87dd630357462d8a5592d4179a6dc8f1741c739eb490c8d6c837377f3f9c54a556ff