Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/03/2023, 06:20

General

  • Target

    email-html-2.html

  • Size

    19KB

  • MD5

    8aca1d7fdd579b9aa70562847ceec77d

  • SHA1

    2776e9e10c4f6a4811f8ce7973b88252f5572d11

  • SHA256

    05bfddae8da8c8ec477f8beef6eee7e5a22bef7083ba32fbff283b30dde5ab33

  • SHA512

    c3d6d97680a26d518f196c8885349f94217acf556f25db253a3f68912a1e72f1da2f10deba2e453c892655f8d8e4a46e3870bcbcddbea3d62ed7ed00b3efea59

  • SSDEEP

    192:/7wjebFwZdkvHHw0u8QBBFts5bEhK4W4L3I:zdvHQ0u8EG5bEdW24

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3480 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    bb4cd9db319e8007cd72aa17af4b76a0

    SHA1

    8951973b028c09c71a792feff54e3096454a8c42

    SHA256

    aca8049efb96040e2124d06db9c9b2f3c5ce4166c831dabaa421e14cb5da1295

    SHA512

    6187a2b310a672f9080b9865115f44ea827a4f013f791105efc1f7641f11f9759877d61f5c50140fcf892b95318f1276eace9f78161dbcaf6e011f31e34f0729

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    ce7c9fcdc98238922d8965cccfefdaf0

    SHA1

    e0f330fed622968b3012a360380bb056c2287fc6

    SHA256

    b5800bc5a223a0e5201eabe1b90b102707d72f2277af067fcf6301af0922c652

    SHA512

    b02ee684291d2e858855ef28df6c9705ed0cda84cb5a82e3010867f324fdb77f1878e1e1e54bef89ae7a3359981861412fc856337e65fd3697fe9a1b38323dd5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9V1XUPSQ.cookie

    Filesize

    612B

    MD5

    614bb875a302b2b5736a167cdd7de869

    SHA1

    e86b8dd88b301b978318b508c511ed719fc7a652

    SHA256

    f1cb76a1338f8a34cf3ae0c9afc7053c987430ee1424224d3f4e45e4c57ea029

    SHA512

    0cb53c106b0afb39bc06eb2c81df8c3d14ea31680b9b00d648dac2b049431e81879125fa6bfa89ddf75f89f302c76828542b346a2d61a094fcda65e74fc1248a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\H2W2ZUWY.cookie

    Filesize

    241B

    MD5

    d06cbd9b2b60b4f72079cb4dd7b4990b

    SHA1

    843ce39521bfae3c8d6feffa6c379ba8feb0a4e2

    SHA256

    815b53788ccbf0a3505ba6b4ed5f10efee0d27bc3765fd026c6424578470e8cc

    SHA512

    351e120718b76683c5c191f9fba619b26bc9b85b4f3de52dc99e8adccad8741cce368eb05654c0484596ea2f5b5b6ba0c0aa5e4b005e8750a2a41e4b720820cf