Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    97s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 04:39

General

  • Target

    Instalador SisFarmacia V4.0/src/Reportes/Categoria.xml

  • Size

    4KB

  • MD5

    f49347fe54e8bca2562c468ae6c0493c

  • SHA1

    8a1c551dc3cf303e27c726719c3b78b53f366acc

  • SHA256

    478db2719c98a8900debbec072197882b0bd697b88974c6d6f40286070dcfdb1

  • SHA512

    acba80f7c0d4ed903c112b23c58d629553b163837b1f37c2fa3b8d5897fe62533b67d3117f7fac9e3ad2d96fe7b9d36454789370ab23f077b055df1e80ca452e

  • SSDEEP

    48:c68KRy9vrxE+fqflGmfGfc9fRDWJfRDmhfRDlDhfNftfsdfcfmD+f7fpfsMf3fzz:TRylxiG0DWnDuDlO/seLKRC5ryZvyzE5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Instalador SisFarmacia V4.0\src\Reportes\Categoria.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1012
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:692

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C6GJ27U7.txt

    Filesize

    601B

    MD5

    d8952420b4126e194c7ab5c42272264f

    SHA1

    b626d6e736c0d971f4ba5ae7b4894f2c85000256

    SHA256

    29a37391e8e3c13aae42c6c1be9425c4cde57db96bc045e3fa2fbcc131332be4

    SHA512

    00a6eec8ede3024450cc09e1dddcb882038545f58942cb360feeed336dcbcf4331f7f3349bd35663e3dab9e31f0655cb2c3d3f9defd42e3c1fe5ff2fbc0ad465

  • memory/1780-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

    Filesize

    8KB