Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

11/01/2023, 15:26

230111-st6fyahc2v 1

11/01/2023, 15:20

230111-sq37eadd28 1

11/01/2023, 15:14

230111-smrn7sdc95 3

11/01/2023, 15:12

230111-sk7yeadc88 1

11/01/2023, 15:03

230111-sfc78shb61 1

Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2023, 15:14

General

  • Target

    https://github.com/LeandroCostaAnalistaTI/Ferramentas/blob/master/Planos/Ferramentas_UsandoRoot.sh

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/LeandroCostaAnalistaTI/Ferramentas/blob/master/Planos/Ferramentas_UsandoRoot.sh
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:956

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    685b9e0b2723d309e54aa363222cce84

    SHA1

    b55d4cce00388dab385aa7c5463c73a0a2ddbafb

    SHA256

    b2a383b928f7b75dcac4cfd75c6aa5fbf94eb7653d1306a556fa4ca2cab2347a

    SHA512

    8cd28170cc78a394da3d28b2620fc701ecd3297ebb150a5aa67eea3a2dcba5b4669d52c2d2ae053ac43a5e505399903469d7a4b2592de18b5aa549ab7ce868d8

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    5KB

    MD5

    f299f674b608ec91b50091329373ff55

    SHA1

    6f10f95597b7a6ec6ccfa1d98a9cb7691c32f27d

    SHA256

    fd5e702fc80c9f18c89b2aa2d7f0986a6109db5201e90c99371408b3e0c4da47

    SHA512

    ad89cef73f18be406f092b9cb784104c1306a59e8feec5c393364ab0d8aab45aae48dc64c3bd5931007f7ac1b8ce99d2257377e49b69025bbf24d7da7b6a67a4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LOW33Y15.txt

    Filesize

    595B

    MD5

    1463f0772665f2f3606e1a4e47735e73

    SHA1

    29ef4d5f8ab38aef5e82d62d5a68b6396249ff17

    SHA256

    52d4b9ebf356f5a891e82edade991441ac654d8d9230008a5238b6ae8067c232

    SHA512

    68c0606b51511c2ddcbc07be724812316ac38e8f4e1fab9328157f84bdb18806a63f10469a5e870082bde4e32ead180a3b0010204cdf43a7b48a8abd654837a0