Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2023, 17:08

General

  • Target

    Invoice V092300450[12605]v2.html

  • Size

    202KB

  • MD5

    f876c07faf4b55e3b32d571d818f6525

  • SHA1

    d38c42463e4ad83bd5a23bbd70534a39dc5d5cf2

  • SHA256

    ea17dee8a1275c3357120e0ca16030d9f163eb90fbc593a7ac7a945176d1d47f

  • SHA512

    378f4779d346f2ef253ac1e5c6212ad049c041f531e8e00a24502c559d936a6c549934347745f11c94ff14295ddd5d60ad46b42ceb7a516e303cab7dabf2d530

  • SSDEEP

    3072:EIRG5ktKyVUtbH6B+ErU9p8AFHfUhqP57i:EIRGJmB+Er0p8mskP57i

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Invoice V092300450[12605]v2.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1464 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1464 CREDAT:865295 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    1KB

    MD5

    b1c9a5e36db157c425cc6d9a8813a548

    SHA1

    6c68f998843724c68198afcd1d56bf1dc69b5d54

    SHA256

    c950a63d980f0d05eff25e4ca462586d1fb153d55f71d5343354037d61c9c2e7

    SHA512

    c2b569d0c504d58d3af8b3652db79d37112401f21b44f7abcdbde08cf13f367ff60443cc91910d636ba64f2aa7af6c313d318ebd6186dc1d7cb0e8a427560558

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    446B

    MD5

    11e47129ae40cfb88ebe64d48ef79cc4

    SHA1

    3c209d98feaa13f63be0a5f8b7b05f7f7f62fbad

    SHA256

    b8f50f6d4fb7fa8f965d63ff1fc572523939ebc1bbe7cc32810965c36a327015

    SHA512

    5be56931843ed0dd25ba2dc1bc55341188fb076414feb609e0e901e308548d07700167f165753df903204174ed8591cd916837762a499784becfdbd4c73a6a7e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6527c80b4d8e30cf51eb5effac6ac5ad

    SHA1

    d71cf5c1b336376e131b2f34e3739709b1b0eba1

    SHA256

    b72abaefd6a695ebcda747017acabb55c84e10a29f0fe52f6260e0d5e9c8a4f4

    SHA512

    20e3e3dc2afd5839bf10181ab3ff9ff72c4244286918d4a7b8f62c89b4a4ee32ff1f3fb8c1a4a3229a0d008f8f5d099df4c5e8ca9f1e05950364d1e5c0d3178b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    949e6a7c5ef10ca7ec326f5c14e2b4fe

    SHA1

    b3e036145d372470300f38c1d5dd9273ad598aba

    SHA256

    ed2f95c6bfd3d777a3cc9ce921391e60bc6ab803684f9f9629228a3169b57070

    SHA512

    005c7b2fc5204a7680770b5cd6b63795df661539377b00866bcef3d7abb4f0040f81cf4724a99d70800e62bbc993620d7c9b31a7f3145dcafe08ed34b46f6987

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    e89fae6a4491a1dbfd3924992524966e

    SHA1

    0617103f66f7cfa9301b1ff39574e29e60f35439

    SHA256

    4d755d075acb13fd4c7f7ea20444e7e8dbd96ee4a92526aa5d6ca40b45bab8af

    SHA512

    5ab754d3986553bbfe90375ea149f3221424e4e4822178989c9f3718c1e1024dc891c058a460c21ed71bde2a65d4ceb97246f6af839da10e14766a53e4b5edbd

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

    Filesize

    12KB

    MD5

    d12285f6897ab481684b7a8215d1ae1a

    SHA1

    b0d9f1b0c5304f42247aeb0d37fd4033383ee2af

    SHA256

    5b85112d1b679c980a40dd00a271367075dac021fc9e38b940b690243011edbe

    SHA512

    bbb49cd5af8c18c7712f59ca58ab2c50b0f90172beca75c6f7f40adf1fb0a5b2fc074ddba3ad7c8582f44391961a3c0a9de498436dfbcd5c4738e68d0cf2cfb8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CZPTRDS8.txt

    Filesize

    108B

    MD5

    bdb6ed17821030ff704a23d90648027b

    SHA1

    d6854eb469ca3b5b8ac7d7380afc76bf858ac0c8

    SHA256

    b155162a7c0f8269815a9fa6cca1820ddee72f260e5a022662c1b7d5d75f831c

    SHA512

    500b68f4392051d81c172d470726c077840094ad12d4c3cda1138c93a6cced0023f3d9a20262eef3650ef19cfb8e82cf40292b7ad7a9eb20b10a4d4f7cd37e2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DE3GV601.txt

    Filesize

    190B

    MD5

    8f5eedc08681d8db123619f70332d45a

    SHA1

    a8a8314b9aeba4e8a735a33e3c4d0413567d3a31

    SHA256

    e7d9447ae2939ad46b0ce2a198efaac15a147ede31c6b48ce59bc53a29243844

    SHA512

    6d03c261bbb62b1abd95ed01a2e40a865fcb7a96ba7fb83f12e244398f5b00090257f285a7da93c65bf26d6e1832fd6c354bc1cb514d366ae0c8fad85eaa2c1c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FQSVWLOL.txt

    Filesize

    607B

    MD5

    f886991d412f0fc9cb3e5274864603b6

    SHA1

    13cbffecfc3c1d909e4e5ee996d16fe7041099a2

    SHA256

    f55f3305a9d6f1af461aa480c05f9739555dc27f39984ac6f571c1d67bbaa773

    SHA512

    6934c280c5d2d8a30046b1a14f341f9c3711f965585157b0c3f37e97e6dd223752ab5a0d6b258622e7515c4edccd8aae5d9c24027bdc5e2851569904c084a9fa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UFC33Q4V.txt

    Filesize

    266B

    MD5

    d3a795fe7b7287fe28797f0a5abf7c48

    SHA1

    479224b8d523424ec223b8b02edb5443583b85e2

    SHA256

    929ab0961b6fd1fefe31f061c06ea64bd53bc1f628ef5c42266be2793a3d23f2

    SHA512

    20ce4c4e97b4bc3ccd3da7edf6885b5b3081d5add171a5d38d9acbe6f54fdeb9985a0a4219ba8f86a3b4b4296ed11663b0ff7233d7af5debe9b3beb96f16195b