Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2023, 20:29

General

  • Target

    https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=%2Ftrack&af_esp_url_params=uid%3D32c44352-a594-48c3-bce6-586e60e061a2%26txnid%3Df1763a38-2e1d-5443-9ceb-d12aa1744af2%26bsft_aaid%3D3a8cb797-2e0c-489f-b330-8334bcfa0b57%26eid%3D7efc95f6-bd2a-acf5-0423-478fa777323c%26mid%3D530eddc0-b872-4a79-ac14-24461f2f973d%26bsft_ek%3D2022-09-21T14%3A24%3A38Z%26bsft_mime_type%3Dhtml%26bsft_link_id%3D17%26bsft_tv%3D62%26bsft_lx%3D9%26a%3Dclick%26api%3Dtrue&af_esp_name=blueshift&af_dp=https%3A%2F%2Fwww.stitchfix.com%2Fapp%2Fhome&af_web_dp=//Garlandisd.mistertitas.com/ms/YnJpbmdvQGdhcmxhbmRpc2QubmV0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=%2Ftrack&af_esp_url_params=uid%3D32c44352-a594-48c3-bce6-586e60e061a2%26txnid%3Df1763a38-2e1d-5443-9ceb-d12aa1744af2%26bsft_aaid%3D3a8cb797-2e0c-489f-b330-8334bcfa0b57%26eid%3D7efc95f6-bd2a-acf5-0423-478fa777323c%26mid%3D530eddc0-b872-4a79-ac14-24461f2f973d%26bsft_ek%3D2022-09-21T14%3A24%3A38Z%26bsft_mime_type%3Dhtml%26bsft_link_id%3D17%26bsft_tv%3D62%26bsft_lx%3D9%26a%3Dclick%26api%3Dtrue&af_esp_name=blueshift&af_dp=https%3A%2F%2Fwww.stitchfix.com%2Fapp%2Fhome&af_web_dp=//Garlandisd.mistertitas.com/ms/YnJpbmdvQGdhcmxhbmRpc2QubmV0
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3828 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1988

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    27eeb470ea47791b773b0c543d47d7c0

    SHA1

    cf692b6241651b506a7639c0c02f4ab582b728bb

    SHA256

    887291e1eaf9e037071221908bc110ee40235c5d9c6dd4001699cdbfd55c9cd4

    SHA512

    23f1b1f25ca82aa1b9a235921ba87b86f61e58a1d19b031547144a6035144b14c0ca1f7a9391c00eca50c0be4f35a161d0b4402cdff37f1c9350a368ce3f1321

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    4cdff30f403f82fcb2a1d15d452e69fe

    SHA1

    9e7637858cc4e74d8376ef6ed2be57fd7f519962

    SHA256

    951c8e2fb7dda9f6afd3864afb139e1e50e1428a1e1028796fd6a39539b6c016

    SHA512

    aab34237be2ebdb98edd7f69dd3bc8f4e2655a3c69e6fd36e535b8c4dc394e245876f6698a355bf44b6961485ecad9033228927416c62277f882ac79bc441532

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee