Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    88s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2023, 14:48

General

  • Target

    https://t.paypal.com/ts?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f233c146-9f16-11ed-83d1-3cecef6afbb5&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=f233c146-9f16-11ed-83d1-3cecef6afbb5&calc=a33a9d877b68d&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=op&mchn=em&s=ci&mail=sys&appVersion=1.141.0&xt=104038%2C124817

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://t.paypal.com/ts?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f233c146-9f16-11ed-83d1-3cecef6afbb5&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=f233c146-9f16-11ed-83d1-3cecef6afbb5&calc=a33a9d877b68d&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=op&mchn=em&s=ci&mail=sys&appVersion=1.141.0&xt=104038%2C124817
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:748 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    ee0a37a05b705a5f66ebdd61da30b479

    SHA1

    136f52350f4f9213cd7a3062b4143b64a54c9549

    SHA256

    11a400393192414706b8051b4b37f3ef76d81885d41e0259d17a1517c2ccf56f

    SHA512

    c724734022d241f608b8b9515a6c1c87b4899f2d2dc2ea637a6c2acfabf7f00864bcf4478359f9ac5de31316046151e25eca389b8a9d136d4d84fcd61f9670bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    fbf9b38315ef0dd2ab28079c24838be0

    SHA1

    d5a3f81ec7ae6c6fdb534613a38582d438d16658

    SHA256

    91b5272f62bb4b4534ed1394de1a4575d1b5bb048b7f630214c4bd8b9fd720e4

    SHA512

    3f98c2fdb88ebf12da5a03acca707f4ba136adba6f32c931d966a517d466e7c1b0444fbe180c14235ebba4cc6618d58d95fe9e9926642d445b5836a4eebdedcc