Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    85s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/02/2023, 14:49

General

  • Target

    https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4616

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    7KB

    MD5

    2968bcd90aad32d12807327e658ee03e

    SHA1

    3c8f0451b90f22796b9d751cb12ab79b841d07d2

    SHA256

    c80150fe8977ac2587cbbdb4156835a2d3b57e87f6d40966659f785f16abd64f

    SHA512

    58d00c85e796bace1c47c86df71e589972583a14a4749a8195341aca7cc560a74abafd7246fb754c4c885a5a7c8509dd53c36a5a3f23f346621bbc11f08cd66e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    232B

    MD5

    8d1b481c24a885c4b6278e375bba646b

    SHA1

    5fc2618a7f610ca961935aa7173e3be5979efd94

    SHA256

    38965ffa39dff9769b140147ceec75cd67049af024abfd8a6d4f0a72113bea80

    SHA512

    86f92278161bd031774a050d366e04af4492c5e37902968cfd1ead095a9f203f13bd0c5334a45af778aa031de3e3d017a15de4d4e66f9d3d5fb0759e559d008b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\xyoggsx\imagestore.dat

    Filesize

    1KB

    MD5

    dd47e52c07db61554329bcab3790fa9d

    SHA1

    3f26c966f7b0e3439ea944025fd7cfd3e656f072

    SHA256

    79b888f76d7fe18f6a32daf0ea63b2892c8f74a4e2d1b9a0aaceb6a694a3a3c3

    SHA512

    9a58a6383b462a469c66d091e999c5e03e2df15dccc55fadc0d7767821485166f4760e7b6688b790d70b0445661224472c36f549d6adb0f9695c54b6fb72015e