Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    128s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2023, 20:30

General

  • Target

    https://playvalorant.com/es-mx/?gclid=CjwKCAiAuOieBhAIEiwAgjCvcstyCSrbrOAVbQbsONUUV6-dCtFqXhIOwjs1ICaqwL8OMfhF1J4SyxoCQs0QAvD_BwE&gclsrc=aw.ds

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://playvalorant.com/es-mx/?gclid=CjwKCAiAuOieBhAIEiwAgjCvcstyCSrbrOAVbQbsONUUV6-dCtFqXhIOwjs1ICaqwL8OMfhF1J4SyxoCQs0QAvD_BwE&gclsrc=aw.ds
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4980 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4828
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3cc 0x33c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    627082c64c12e33958757c71e493e289

    SHA1

    76523ca1f952da5ca306f72c6efd497fe90085cf

    SHA256

    4939d97986cdabd824b38fc8ce3d4b8b6ebeafb7a113d2af94944b09e33454c8

    SHA512

    2cb4f47a38d99edfc1c25e520970fb057acdf589da1d097d0a621f020cdb843e8c3fe559d1098b04161f22d0596ccaf34d526b4ead38e5bb94421a5b209daeb6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    562a2ae88939de103d7705ef36b034e1

    SHA1

    03a6a1aed8ffa0f433985164a26518f7c389b4cc

    SHA256

    e28bed6224a441705e9e189430e57eeb67c7fe3e522b854b4a0dc7d6c00f0baa

    SHA512

    fb1220d9bf1edfa5786b3aa5380d69582a3778fe0dd1b8996304ef1d1c663d6c1224a83a92ab4781ec9ed184340e3670118d3d64067912261df0ddeda824c6c2

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat

    Filesize

    1KB

    MD5

    90c5f2575bcd8fc009a4204b3fdeb962

    SHA1

    1403bce78a92e3c4729a7570d86398eda3421846

    SHA256

    b11c2d9c2dbfa16989c9dc98d582ecfb935487eb42852bfa86647b9e7608ac90

    SHA512

    03a98633dfbe6b773825abd699ff29086b17e80c8a71a6e2da7cb6eb14360728b891e91a535b56c2705c001a417545af86d2f8ee496e732c30eed844b03575ab