Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    68s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2022, 04:39

General

  • Target

    https://links.twiliocdn.com/ls/click?upn=3kZIcBV84MSbPEonqfrF6dGb3PJ6jbldw7J3yS57HqemXns2WYta3RoHKq8W8aC7dpcuZO6hV88bATZHBHyDHuPY8Ti9l76WpI7y7y0-2B0tfTn8Gz7zrrkV-2FqxZGEI1pUggRA5KvZyNDlgUTGzsSR5rFfvu49i4FzNZBEDTmqSXLz-2BjS-2Bjf-2BB5X3MM28mG5mqN33bPAsfcGzJkVOBS-2Bi77lmHW-2BqyMM4w6s-2FBmRYFZJwc-2FQSdBAtKYDuQNtode72oF-2BMITl51YnqWhGyvO20o-2FgKHYhn9uVuvlSoek2hZYtD-2B-2F98Mu5Xm2Tz0-2FUIItjKvjtsY_25yE1MSaF2t4Ef21OWLU937Q4MctB958zt48B7-2Fz705AW6RPC1OO-2FOtHRBOPrp0ftlhcq-2BLLFeNMaPZXnmJezAwWAADYQPilh7PUkufv4oX2kmmZMGJZwP0NkmL3tftxzrvioCtYHhFT5OcI-2B5qPyVtyW8fDgQSZO9erPYFlO0AHul9Xpt-2FWygFIiS53ZNxpeJ5UNjr9umOoL6SJIQm9UyWN4XZEiSLudEkLt5B4UgsRiyvqO4REK4RvVC8zu7xv

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://links.twiliocdn.com/ls/click?upn=3kZIcBV84MSbPEonqfrF6dGb3PJ6jbldw7J3yS57HqemXns2WYta3RoHKq8W8aC7dpcuZO6hV88bATZHBHyDHuPY8Ti9l76WpI7y7y0-2B0tfTn8Gz7zrrkV-2FqxZGEI1pUggRA5KvZyNDlgUTGzsSR5rFfvu49i4FzNZBEDTmqSXLz-2BjS-2Bjf-2BB5X3MM28mG5mqN33bPAsfcGzJkVOBS-2Bi77lmHW-2BqyMM4w6s-2FBmRYFZJwc-2FQSdBAtKYDuQNtode72oF-2BMITl51YnqWhGyvO20o-2FgKHYhn9uVuvlSoek2hZYtD-2B-2F98Mu5Xm2Tz0-2FUIItjKvjtsY_25yE1MSaF2t4Ef21OWLU937Q4MctB958zt48B7-2Fz705AW6RPC1OO-2FOtHRBOPrp0ftlhcq-2BLLFeNMaPZXnmJezAwWAADYQPilh7PUkufv4oX2kmmZMGJZwP0NkmL3tftxzrvioCtYHhFT5OcI-2B5qPyVtyW8fDgQSZO9erPYFlO0AHul9Xpt-2FWygFIiS53ZNxpeJ5UNjr9umOoL6SJIQm9UyWN4XZEiSLudEkLt5B4UgsRiyvqO4REK4RvVC8zu7xv
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:748 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2024

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c93f478d3107f47196f1792157478b4b

    SHA1

    b2aad7868f7b0c350e599a3ce66699abcdb31fb7

    SHA256

    14275f1e6593cbaf27ac27799621e83e2081b0212757feedc2b7de23e402c62e

    SHA512

    3643a43be6e8a915c022c9d2f0ca0f75c0a1dec413a4e3a974db4673b10d382da73cea7ce67f4c3845e6c904eecba1b5eef05ed698e7a6c810986717e809fbe4

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    5KB

    MD5

    22a729d780145eca967c46296dd4a1ac

    SHA1

    96ecc88ebbb86974de6f8fc8b2a4659a8fc5cc43

    SHA256

    7ddc7ee89aba6f94f4e79d690ad4a29b7e2295e4411cdc540f2d77dc82d1d711

    SHA512

    0e875352dbfc76d2a905779f5193a3029bfe6b9d42d1fb689d0d3f0d0de5c4cf920cbbf547b46ef59552b164fd53220864260b191a5524ece0d6fb5ca4def1ca

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7T3IPXNQ.txt

    Filesize

    600B

    MD5

    f1dea5853c6a841aa8f708114899751f

    SHA1

    67a98f123466504b6d989453760a9f6254c00f80

    SHA256

    b19eb2d41e5e60a6d59cab75a888c1ad049427921c8dc6f80e0dec4e03dd9730

    SHA512

    b17389120e6b8bfd4e45cf36c2eaa706be5f2e633dd3420283da0aef0c4fa084c5056e42289d1779a43e1a0891a119c37cf0c62f489080f4c7f3eed746a6d6b7