Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

02/04/2023, 07:26

230402-h9svnsfb86 8

02/04/2023, 07:25

230402-h8859sfb84 8

02/04/2023, 07:20

230402-h6jgtsfb69 8

Analysis

  • max time kernel
    68s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/04/2023, 07:26

General

  • Target

    https://download2391.mediafire.com/dwrifu0d8gngU1esXtH9eVSh1KCRcInDOWqTuzPxia5JviSSG4y4G0r5nZRgM5q6ZIvWFgwR9uIt89n4tNwmhEHZr6M8/edxrydvanz0j7ac/Win_Icon_Pack.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://download2391.mediafire.com/dwrifu0d8gngU1esXtH9eVSh1KCRcInDOWqTuzPxia5JviSSG4y4G0r5nZRgM5q6ZIvWFgwR9uIt89n4tNwmhEHZr6M8/edxrydvanz0j7ac/Win_Icon_Pack.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4268 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    c5f20d91cc08608a86cdf45c1e06e8b5

    SHA1

    c0fce1c4a306dc0bf372ed0907cf8b7f4a2d4d37

    SHA256

    48506ee2253275198c9205a541e4fc2a20a31c359ad3206550a678d1cc267a95

    SHA512

    3f2a0dff529fab989e0afaf3c4c43f9d1f847f8569006f5afa3ea50245e364b363fd2d8b6c9dfa8837d8cf59c1a56ec41f03f0ff6acb82e5df9980c0be3e3da6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    d4428a8f5b313a7fa5ecdd279ecaafc5

    SHA1

    02ec1973216bef72d9aafae9e8ad129579d31244

    SHA256

    677f4682e4bf075c89c212b1905a4fe40483bf672786a17e66a51439aa0b5136

    SHA512

    f9b5e94325ad80100517509d974b09b7f0497ab0d85ab541636e65b28292e9f284d0e538b5650738301b9c9e1e6244a706c8d1f1c4e020ddd3b0da91ab91a48c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UPDVC7VC.cookie

    Filesize

    612B

    MD5

    667877b230ff4750673f91fabd500577

    SHA1

    043e1048da16beafa08170bdf96abb310d6d3790

    SHA256

    a2e2d73e2eddf929adc85e836d1bc7d95578c9209fbdc85cf6869dfc33ea824a

    SHA512

    f90d2769083b390ae01535d27e5cb0799f522363bc4929861af291288f240f226257b919ae959f7a2d8e95ff41dfa253101466281477da51197fe21e583ec313