Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    108s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    08/02/2023, 17:02

General

  • Target

    https://support.google.com/drive?p=collaborator_accounts

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/drive?p=collaborator_accounts
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1528

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2031ab374af55b755217bde2cf093008

    SHA1

    89902f654d577c7a89381fa488c31872348085b0

    SHA256

    05b2471e39661682f37af4fd8212837d44715f74c4b839211803cc51a0d2bce7

    SHA512

    b125ddd3d99f214859e9e51d55d4aea480aebba9ea318d3e1f3992457040bbc1086d7a5203d2922639f32996d3baf5edf0a1f5b296b47123c0aec69f28a4c7d8

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

    Filesize

    5KB

    MD5

    f74fd5633b2e7a2c891e8362adf7dc20

    SHA1

    f5dfb80b6c1614457bfecea5feaede10f57a15f8

    SHA256

    b63121caffb7a879b4a11d0431f86b60f157737d3b68ce9443422f4e3df45c6d

    SHA512

    489e6c6e9da5ac0f1d655cc79860d2a6501728df96b82a86e15e725eebd0fe0877cbe9f4e90e54e6dee4b5526dffd26785131ebfe6e9a2c38bd804e35ebe7418

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZBIV112E.txt

    Filesize

    608B

    MD5

    046fe2d07fb48fe1c81434cf6d019874

    SHA1

    58042d0d4b234cafa678b29c5fb72105be579107

    SHA256

    43d0e5062f18635ed799f7217c3bd9d3113ef9336b5192072673b765164d77fb

    SHA512

    75bc757fec4e6e448665fcf857b0d6fd83f4d1dd08ad88fe8a21a723d5ff3308875b9a8483fb53b666280d2d9bb48b8385ae4e76e76c03553312c669decc97d6