Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

shipping_d...df.xml

windows7-x64

1

shipping_d...df.xml

windows10-1703-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    224s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/12/2022, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shipping_document_pdf.xml

  • Size

    298B

  • MD5

    3861a3795095fe81fcb8382d2b9066bd

  • SHA1

    2cef2af9a35d636c3af48902c20891ec49a8e791

  • SHA256

    b19463cb9b847bdfc7dbf8133d9702d0a0ecc4175335c4a75db211e0196f84b3

  • SHA512

    8e881d7f7a8236d36aef500473a3dbc5a98d46c1596d33ab76e4669f858d86c6b4881c0882c37d2d32b888fcaf6280385932ca5ffc6a5143d625c71b8fc8b294

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shipping_document_pdf.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\shipping_document_pdf.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5096 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3544

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    20fe2af45581dfa321e30289ed8c04a4

    SHA1

    dced3c2fd35b49d75b86d2cdc5d6f304d641902f

    SHA256

    a01675691065a50cf25a3b574e5c611864630193d97cf55aac526e3ead79dc43

    SHA512

    d758901bf4ee3d0208228c8889412888f76adecced519b0d78bce506231eb54456cb833614f6c89882e37af9c778aa9844394a99c6937088f94a512c2c2d854e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    7b4de5b37117d1b943c59a54d1c85f8a

    SHA1

    fdd43a365c7f63c589a59833e1c4aaa5c7630247

    SHA256

    0bd27119f92fea69f638f0aa55541dcc9eb71b871c62e095badc403ed515824d

    SHA512

    5665f98b1592be535af51df05b932a869936453a9b4f9a8d1ae994930468aad79add88800311a643bb0ad30d5fe4a77aee55b439615eed8e37d36bc5ec02d097

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YYNPDQLN.cookie
    Filesize

    615B

    MD5

    5e838bae6592df76b48bd7a5f12eab5d

    SHA1

    362da4d1256881cf9b803ad85a94e280d1765750

    SHA256

    4eaee4bc65712137effec193981b02194d3981dee9cfa7645366080184a94e98

    SHA512

    30b596a1ce4601771c8157371a7b6c2e9be773f9152d99306881cee88b0463ea133dd0fd3bdd637ea764fdb64b216ac2d73a14b2b030ac30ec211173c886b9e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YZGVO3EB.cookie
    Filesize

    614B

    MD5

    52685e7a331c8adcd6bb99ded172db81

    SHA1

    2209d7b28cc592aa763bd8dac225ec63cb1a8c91

    SHA256

    d4862550ecb5b719f7e20ad975530c03e0b273b6d59285f6a6ea757556480b2e

    SHA512

    089b8d7dabc078498f9fa25f678066f2f067733c0f7054fd834ff4fce89f4e7ae4c45cac96fc0357564922800de8b757df6f79961fc9341efff8597980486af2

    Download Submit

  • memory/1980-120-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-121-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-122-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-123-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-124-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-125-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-126-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-127-0x00007FFF4CAC0000-0x00007FFF4CAD0000-memory.dmp

    Filesize

    64KB

    Download