Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    104s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 04:39

General

  • Target

    Instalador SisFarmacia V4.0/src/Reportes/Cliente.xml

  • Size

    8KB

  • MD5

    5bfccd164d7c1fbd8d104b3c5c96223e

  • SHA1

    9da5fce34ae97f82ba691e510af94def32f63039

  • SHA256

    e950470b23a031ce90ec79b3b1e855e4be5ccf963b8c0cc9f8ac0a2edbe69954

  • SHA512

    dcebca242e1e91cd9248124685687e8bfc56ffa1a5ebd15448ff45aa71f2fcefd77bce10dff5590dfa5bddda82f39b598d8b91d7f220dbe7ffdc1d6ed805e148

  • SSDEEP

    192:t1DwDuDlOm/eaWeyjffsFZNwYIwYSwYAsMN:tpSAklfqMN

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Instalador SisFarmacia V4.0\src\Reportes\Cliente.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:552
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1632
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:688

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\23BHQCGI.txt

    Filesize

    608B

    MD5

    4d827b6560a48152e7cf6fa2099bb30c

    SHA1

    f7b22465a9a52f86ed39a186f25c853ae19885fc

    SHA256

    f0db3894efd8908711c6d96856aed08a1308e9be089133cb23f5c7f574461a0c

    SHA512

    4513e6b6a9303793976a03723094778fd0047dfb54e6fe58b186e251f50ba6c378dcb24704ce165093707c8b8ee86dca51be74c3439171561ed2095e5a70d1a8

  • memory/1388-54-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB