Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://u.rfriendcor...

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2023, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://u.rfriendcorp.com/stamp/new_stamp/2X5M6/5X1G4AW_.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://u.rfriendcorp.com/stamp/new_stamp/2X5M6/5X1G4AW_.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3148 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3284
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2768

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      d6b67afeb31f0d9bfe232166e8b300c5

      SHA1

      6ba1a534d40fea9302591aaee8fb6969bfa28e4b

      SHA256

      ab4f8d3ad2a02ad67059703fcb9c7ecd397d9abfce4b4cacdf7ecc11b4e37520

      SHA512

      62c9fc6797c263bf33c8f52d5d41ce276b3df2aaed6433d582987a607ae508f5389f86d5d8a63cc5715964623f5be08d5741ddd70a0fe18f0140eb314815c272

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      d508d9d5203fbae63c7ea1c6dade4e7b

      SHA1

      baf4c376cc13c7876e903cec90f8ae3bb655a880

      SHA256

      910e182c6d7cb894064cd3a6bd7bef863261d5e8f6ce7be281b92532304355e9

      SHA512

      c21cba442a49637fbd65ac9f9b721fd82d781a2a58dcc5d87d88b130cac26573e1643ae07d515938e8a59e3d53a9d4d5ffd9fffcc698c25ef689f8b15aabdffe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\poppins-regular[1].eot
      Filesize

      202KB

      MD5

      c5aad01e25110b7292fe17374ea1bacc

      SHA1

      7e7db5fedaa549877ac012d49057aadccc3696da

      SHA256

      0c5e06e2b66719faa1d6b78fe2b4ed0570119f119c081405614a07a58ab9e00d

      SHA512

      aff280d039c5665f6a52f00fd9de7f8231dd8c19814bcf9bc616d4ef337d099c2ea2d94a892af266df157932e80926593fcd9ee52730235265eee35dd8f58eeb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\poppins-semibold[1].eot
      Filesize

      200KB

      MD5

      a9399690b97db8f72e202393fe1c1598

      SHA1

      c9bc934e6123052d6e208fd3057c458e21b20ee6

      SHA256

      f35efdd5dc55bf00b1125bffba5c48152a8447b0139edf807e4d43f583d94a85

      SHA512

      901f9411b56feb4c9fa0d2434655316392b15bf47e5172a13856c48e504d73c8c47e8442103de912a471deabd58cfc2479b0d63adb209c91c493cbd0f232bd3e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\site[1].css
      Filesize

      148KB

      MD5

      6baf18245061313a4e70a3c96b0f56cf

      SHA1

      d4f12833d1d78eee57e61c9d5b32942907238ed6

      SHA256

      0a7688428bb98d4f7ea79bf318267b7913bf68e5bd08c47511e21ff40107784c

      SHA512

      07e2952d02ac2a46630494e0ed67025737fe46a7affbc15d8975704d3a30a580fcde41a81aae220f5894b96564159fa5621ba05ddfc90d4a8ea744c039ac820a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\fonts[1].css
      Filesize

      1KB

      MD5

      3c66b77416dc79832c21520751fa4677

      SHA1

      da63c4593f86289456a5d18993d098af48099d5b

      SHA256

      75a3176ca4a915e211dfe82ff5f3535bc179e8a5f012d07cd981c9700e7dd72f

      SHA512

      529269f0e0a42855b82b31d93497e2cfd8385f2c983f989d1ef58d6b8f5a095652575ac03e3935024bb4806bb78ed75a25631cdf079962bbadb2acebf11f446c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\poppins-regular[1].woff
      Filesize

      71KB

      MD5

      27f2c38b7d9146c366a67ea9ab325741

      SHA1

      c39ab958cab79e3c635b9c6546fda335bf7e6217

      SHA256

      43a5938b730c9bb89fd3da9935d1de2149221400dcb2b76226ffcd4523850615

      SHA512

      d92c4b860af086a08af631983212651746905c6f92a37065c42c232f91ddf050d4a83fd971f5ade73b520756526c2a746db7d8a1bb263351164d135db68d3c16

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\poppins-semibold[1].woff
      Filesize

      71KB

      MD5

      719dd032def5785d211be60cb2757556

      SHA1

      aa50c73bb832a97fbc2ceb236b36c0d4d0ff4a3b

      SHA256

      177a33febff7cda775265b8a7742a5c306a8c9937b798337790935d7148a3df3

      SHA512

      ca471c9b78a25153be71d1ffb3ef1b24b0966b8f5ae3200dea6ba5a5d78026829923fa10e2e90db0ae8a153cb60541c61d4ae66b9152cb8f672b40543dcbf76e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFF6B42CC7F8041D5A.TMP
      Filesize

      16KB

      MD5

      b1c0dea5090e4df97167581af1e1dc43

      SHA1

      4ee90a0dc80d6ba8a7cdbb7ab203fb443966267f

      SHA256

      d89846c4b7118cf943b2086b84895a666876d6407cd5dbb077db281d2b68908d

      SHA512

      d587dc5525142bdd85f6ffdb4f0f0c1699e7a896e4776d9e5570e9ce74655e9b5e5cbd4375c440b9758f87b0a9565e62ed997fcbc9564db61ac38f6f1dc58c30

      Download Submit