Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
29/03/2023, 20:29
General
-
Target
https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=%2Ftrack&af_esp_url_params=uid%3D32c44352-a594-48c3-bce6-586e60e061a2%26txnid%3Df1763a38-2e1d-5443-9ceb-d12aa1744af2%26bsft_aaid%3D3a8cb797-2e0c-489f-b330-8334bcfa0b57%26eid%3D7efc95f6-bd2a-acf5-0423-478fa777323c%26mid%3D530eddc0-b872-4a79-ac14-24461f2f973d%26bsft_ek%3D2022-09-21T14%3A24%3A38Z%26bsft_mime_type%3Dhtml%26bsft_link_id%3D17%26bsft_tv%3D62%26bsft_lx%3D9%26a%3Dclick%26api%3Dtrue&af_esp_name=blueshift&af_dp=https%3A%2F%2Fwww.stitchfix.com%2Fapp%2Fhome&af_web_dp=//Garlandisd.mistertitas.com/ms/YnJpbmdvQGdhcmxhbmRpc2QubmV0
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=%2Ftrack&af_esp_url_params=uid%3D32c44352-a594-48c3-bce6-586e60e061a2%26txnid%3Df1763a38-2e1d-5443-9ceb-d12aa1744af2%26bsft_aaid%3D3a8cb797-2e0c-489f-b330-8334bcfa0b57%26eid%3D7efc95f6-bd2a-acf5-0423-478fa777323c%26mid%3D530eddc0-b872-4a79-ac14-24461f2f973d%26bsft_ek%3D2022-09-21T14%3A24%3A38Z%26bsft_mime_type%3Dhtml%26bsft_link_id%3D17%26bsft_tv%3D62%26bsft_lx%3D9%26a%3Dclick%26api%3Dtrue&af_esp_name=blueshift&af_dp=https%3A%2F%2Fwww.stitchfix.com%2Fapp%2Fhome&af_web_dp=//Garlandisd.mistertitas.com/ms/YnJpbmdvQGdhcmxhbmRpc2QubmV01⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3828 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD527eeb470ea47791b773b0c543d47d7c0
SHA1cf692b6241651b506a7639c0c02f4ab582b728bb
SHA256887291e1eaf9e037071221908bc110ee40235c5d9c6dd4001699cdbfd55c9cd4
SHA51223f1b1f25ca82aa1b9a235921ba87b86f61e58a1d19b031547144a6035144b14c0ca1f7a9391c00eca50c0be4f35a161d0b4402cdff37f1c9350a368ce3f1321
-
Filesize
434B
MD54cdff30f403f82fcb2a1d15d452e69fe
SHA19e7637858cc4e74d8376ef6ed2be57fd7f519962
SHA256951c8e2fb7dda9f6afd3864afb139e1e50e1428a1e1028796fd6a39539b6c016
SHA512aab34237be2ebdb98edd7f69dd3bc8f4e2655a3c69e6fd36e535b8c4dc394e245876f6698a355bf44b6961485ecad9033228927416c62277f882ac79bc441532
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee