Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    99s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 04:39

General

  • Target

    Instalador SisFarmacia V4.0/src/Reportes/RVentasPorFechas.xml

  • Size

    14KB

  • MD5

    5c0fa0ee9e0a85ed9695ce963fb337f4

  • SHA1

    a087bb76c9dfc709c32565a9fd5eacd040af2da2

  • SHA256

    51fd99c2c85ce3e18b9436334d30141ff97d96831b6937caf6d0d5815e4dff25

  • SHA512

    975c5c108a0292308dff742516e9a3246ec0628a4fa5726313933097a757258e2a27a34ebfeb02f12eb85c3a8858b9b5c5bcde14258187237a14dd890908cb65

  • SSDEEP

    192:tL6RDwDuDlOwDy5ydsM/0Qx9WHl1Yv1Yd1YMVoH5CR:tLmSAkydsM/0Qx9S9G5CR

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Instalador SisFarmacia V4.0\src\Reportes\RVentasPorFechas.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:588
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:544
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:544 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5ZOOXGDC.txt

    Filesize

    608B

    MD5

    1da405349087e593660570cbcfcde1c9

    SHA1

    1ba13121ad9d153143c43a1325d42f278fcf0d87

    SHA256

    eacca3c1e938e88cbabaf5dd7e92bc65016c0a3783185f611facceb341c126eb

    SHA512

    5d3962a663a3a8c1264ace22f2dd94fae2aa53c66e73b539605e460d892ff515abed510ca9f2cb7b7701414c95358016157dad567077a0278002fa4c3eda3514

  • memory/1780-54-0x0000000075A31000-0x0000000075A33000-memory.dmp

    Filesize

    8KB