Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    185s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 01:10

General

  • Target

    f8e37e02fb5eb8b1483cfd0af13ca51f79db0633620eecac7e071fb430e6dab8.url

  • Size

    202B

  • MD5

    868819b9da6957884d3d2bbb0d3a7ca4

  • SHA1

    0c665b27dd2c7f7d496625432ad37cd16d13e262

  • SHA256

    f8e37e02fb5eb8b1483cfd0af13ca51f79db0633620eecac7e071fb430e6dab8

  • SHA512

    3afa09969af8cfe2bd71f555c8d99dbef8e7ac5305bc2679827344f54ec89ebfd30358605b2c62263b0ff197d303858ccd3ec12df98342212f1a8480e9792ca1

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\f8e37e02fb5eb8b1483cfd0af13ca51f79db0633620eecac7e071fb430e6dab8.url
    1⤵
    • Checks whether UAC is enabled
    PID:1352
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:732 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a6116ba16f442628cc4d5f26f2d35988

    SHA1

    91008050d36290eed2c65207648ee0aa1d23d07c

    SHA256

    9c87f3ae8ff83b4d2140dbb5888d0f447f8850da202e730766752d2503f819db

    SHA512

    f211a1dd01da4d5366900d5dbacc6ad5aa5d3fef40f1a3722246c1aebdc4ca39dc87c05ad7d87a2ddb398fad3b503413ca67378a880a243f629491558b4dd095

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2DL8L239.txt

    Filesize

    608B

    MD5

    c60bd2262da5c427f2ce99af9d53b46c

    SHA1

    4eb9134f3f013702e2c9cbb8e416e55be4f7af09

    SHA256

    d43534eb272738d5d419cfe6739dd42b24412f76d89d9939c60604205392929a

    SHA512

    81d76a26bcaa7773d54ecfff28ff8c79bfdd5d81fdfb73758187ef8f1f771e7afb95aae16d98cdff5292c7a989007fc3dc37e9971e44c85c3ca3bf82323fe2a0

  • memory/1352-54-0x000007FEFBB31000-0x000007FEFBB33000-memory.dmp

    Filesize

    8KB

  • memory/1352-55-0x0000000000350000-0x0000000000360000-memory.dmp

    Filesize

    64KB