Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/M...

windows7-x64

1

https://github.com/M...

windows10-2004-x64

1

Analysis

  • max time kernel
    74s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2023, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/MaciejGorczyca/DifferentSLIAutoLoader/releases/download/1.2.1/DifferentSLIAutoLoader.zip

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/MaciejGorczyca/DifferentSLIAutoLoader/releases/download/1.2.1/DifferentSLIAutoLoader.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1404
  • C:\Users\Admin\AppData\Local\Temp\Temp1_DifferentSLIAutoLoader.zip\DifferentSLIAutoTools.exe
    "C:\Users\Admin\AppData\Local\Temp\Temp1_DifferentSLIAutoLoader.zip\DifferentSLIAutoTools.exe"
    1⤵
      PID:1892

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      340B

      MD5

      aa3426fb635468966c2898c05af724d1

      SHA1

      78dd15cf7196452f95986a593bad7a84b1618a51

      SHA256

      f1cab43f200ca3f7117d20dd78dd58850adf073b7bc5e449da917017876dcbdd

      SHA512

      504e5cfe3afa049e7c2adeb392f252374fd1b3eabdd37f4883a00e6f1165ec99728d5d6734eddc550ef8117bb58329e3a4fffce33cd378d5ab524db3b8b1d585

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\DifferentSLIAutoLoader.zip.ogwyob3.partial
      Filesize

      191KB

      MD5

      58eaf84b2ab10f3b7b5308e0d1a9957d

      SHA1

      f22458c61c880e564c027db7c25a8c84bfc9cd30

      SHA256

      b8155a8d7256b42fd55ad2b691bb8d360a9e5829a163d6fa84251c98302fd54e

      SHA512

      7c9f3a9ab9e0d849c8dd51e54e5f75a1792f7dd95441fca67ddc169cc9b0d3aa11a9abe086bf4e58c75552133d61eba917b19a21cbec84c008d498661604cb6f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HGPXWKX0.txt
      Filesize

      608B

      MD5

      c25b7a242d1135ec1a71c0903e77e859

      SHA1

      d08d4cdaea14a77010b1d9968cdee2fa6a35585d

      SHA256

      eda8a0c8958f3662c9772007c9ecd0567c446195df1e580afe936da046e6608b

      SHA512

      3fce11cba623aaadf7946b61b36aac98ecb6fff904e8ebe4b85616f83855f02d177b3126ac3217592220e217a291c7b12cc9706c3dfb17fafb1031982a96eef0

      Download Submit

    • memory/1892-55-0x00000000013E0000-0x000000000140A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/1892-56-0x0000000075501000-0x0000000075503000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1892-57-0x0000000001015000-0x0000000001026000-memory.dmp

      Filesize

      68KB

      Download