Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    97s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 04:39

General

  • Target

    Instalador SisFarmacia V4.0/src/Reportes/Proveedor.xml

  • Size

    6KB

  • MD5

    9d4f5e13c0a172a49faded5669fac695

  • SHA1

    c6e87cc6c0de21d84c35d5c000b6449d272c8d6f

  • SHA256

    f06e22c8f462bcf0441112c3af7b6ece86bc79dd5db0f40d69c5d563fedd416a

  • SHA512

    5bc2568282284043b2e80097b318936f5fe7062c8a344d73d5b0467ebe63b5faac0ce6079b39bded2a988709d583da1d745e5feb0262310d7ce802bc0a3301d3

  • SSDEEP

    96:TRylxqsWDWnDuDlO/gPeyi3FBEOEdfZhHXcmzZkzd9Kuk5:tlDwDuDlOOJvHXc8ZkZ0uy

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Instalador SisFarmacia V4.0\src\Reportes\Proveedor.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2028
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:908

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VCFF2KK9.txt

    Filesize

    608B

    MD5

    61d4cf7ce096f4bfb669df03bbfee5f9

    SHA1

    4ba796e3d8caa5fe704cfb2772c71012decfbe63

    SHA256

    ddbca8b257b4e56f951b738f65c862d6eda1a59499e39a467bfebed07f89897f

    SHA512

    248bd85de5d35cfd34fdc42651909991d7853eab25268ca1ba531985dacc799ae218b7215c0c91366b95537c1852540ebdde69f40210e1b528131080f40a64ee

  • memory/1672-54-0x00000000753C1000-0x00000000753C3000-memory.dmp

    Filesize

    8KB