Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    96s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2023, 20:08

General

  • Target

    https://www.officentry.com/can/fbc86027-555c-42a0-9714-3afc5ce07a4f/b4144cbb-85fd-45f6-b816-2023fdbcf44c/9d6c9b5b-4acd-4160-9068-8c4e2f114f1d/login?id=L3AyM3NKWXVDNitTQTgwblgzb3JEYXl4bzZudmxSU00xUmJFNlZmUy9zV3E2ZUpKNm5IUkl0S2JaaVU0MEJFTzhVUU5FRjI5cCtVTFFzdzM5UnRJbngrL21mWmZNSG1OaUErRFhrLzl4ZFZ5MHdFOXJIQUZpTjVobEZpYUp1YUkyQmxnUHd0VVZiUHYzV2s1dHJ5aEFiSUxKT3drMHVocjZoVUtwTmo1ZklraWlhQUFjR3JIeGFnd3Awci91U3pPZllHdHIxMU1uTC9ROHhWazlpclNzRitlWURxS0dzclV4TWZWYmsyRkZYZ3J5TDlnQkRVVkZXU0hHVHJ3T3ZlcXYvU1N1eCt3WTRkTWR1ZHMxKzB0VDZPOUJBTG10ZlNQbXJrSjVLQStsQStwMUVSSi9UdU5Yd0tnbEdiYUxXME9iYmZZeUZiMGl6bUNLV1FkdWk2bTBDZXZKeUtPK1h4SjFaVGxFblRmYmVqRFo2VmsvdEVQZnVwcUV0ZGFtRWhP

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.officentry.com/can/fbc86027-555c-42a0-9714-3afc5ce07a4f/b4144cbb-85fd-45f6-b816-2023fdbcf44c/9d6c9b5b-4acd-4160-9068-8c4e2f114f1d/login?id=L3AyM3NKWXVDNitTQTgwblgzb3JEYXl4bzZudmxSU00xUmJFNlZmUy9zV3E2ZUpKNm5IUkl0S2JaaVU0MEJFTzhVUU5FRjI5cCtVTFFzdzM5UnRJbngrL21mWmZNSG1OaUErRFhrLzl4ZFZ5MHdFOXJIQUZpTjVobEZpYUp1YUkyQmxnUHd0VVZiUHYzV2s1dHJ5aEFiSUxKT3drMHVocjZoVUtwTmo1ZklraWlhQUFjR3JIeGFnd3Awci91U3pPZllHdHIxMU1uTC9ROHhWazlpclNzRitlWURxS0dzclV4TWZWYmsyRkZYZ3J5TDlnQkRVVkZXU0hHVHJ3T3ZlcXYvU1N1eCt3WTRkTWR1ZHMxKzB0VDZPOUJBTG10ZlNQbXJrSjVLQStsQStwMUVSSi9UdU5Yd0tnbEdiYUxXME9iYmZZeUZiMGl6bUNLV1FkdWk2bTBDZXZKeUtPK1h4SjFaVGxFblRmYmVqRFo2VmsvdEVQZnVwcUV0ZGFtRWhP
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5076 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    cd20a697debac967d6e006796d88de7e

    SHA1

    39950e433af6db44e65a9411e0869f93daeb03fb

    SHA256

    74a5f99d6a592ffe83f7871dd842c538d7f2ce307a892b134c1957de356ca323

    SHA512

    51b1bd6f784587c540a7d5e17d74d38afc962e233633a12f9db8b59cb9592ceb14e2e67bb57bb7e68b5b312df0afe3fe17376c1b652a41f26dd6913baa10810a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    78a031cdc37f7ae0ba4b229f0ae32ba5

    SHA1

    503ee9266dc664fc6c9d8a14fd01a4c151b43208

    SHA256

    803435c2f1b8965dffbf5b666a4545a0a8aec4beed9cbebde14d960abaf607b1

    SHA512

    ebe2ebff9b50a64eb3627e59f63688e96c49ba9e98aaaa6d40fb853dd87e2ff36cf48e739b3f198a34e734798267a8545724748ff06f7557799db997f7c2cded

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\jquery-3.5.1.min[1].js

    Filesize

    87KB

    MD5

    b61aa6e2d68d21b3546b5b418bf0e9c3

    SHA1

    9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7

    SHA256

    f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

    SHA512

    5882735d9a0239c5c63c5c87b81618e3c8dc09d7d743c3444c535b9547b9b65defa509d7804552c581cb84b61dd1225e2add5dca6b120868ec201fa979504f4b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\style[1].css

    Filesize

    7KB

    MD5

    bad3e4d73ab8638ef18d6b46780111a9

    SHA1

    4c253cf88be490dd7e435bc3abfbbd18d2011227

    SHA256

    f116760bd4b44c1a29b36dd4d59729bad9091a9b0e89c2b470bff0086982a822

    SHA512

    a2b414c322ceafcfe446c1ed116f2e9d2c8517a71c02b67d0856da02b3ed3e3c10abec101d8d0c60ddf66782febd74fae31bc9af28a75fdeaeb46b743f8a2bec