Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

PRODUCT I...23.eml

windows7-x64

5

PRODUCT I...23.eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    113s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2023, 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-2.html

  • Size

    2KB

  • MD5

    44746e436c3228ec865f3d17058aa8bf

  • SHA1

    9ea838816a1bbeb4d7752bc94715c78d12cdf3c5

  • SHA256

    8d0647ac17c39f65974ff0489babcf76ebab49c846f1df32e96c93107af6f6a4

  • SHA512

    53309ebcbd27d8aa47c5b8731c76364748c6348cd19f39f93d0234c747211d2dedc8caeb79950c4e2d97596094a1e376e2d0728cfc9722bdb77e66199492b701

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:760
      • C:\Windows\SysWOW64\msdt.exe
        -modal 917842 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF7D99.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:1348
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:1664

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      62KB

      MD5

      3ac860860707baaf32469fa7cc7c0192

      SHA1

      c33c2acdaba0e6fa41fd2f00f186804722477639

      SHA256

      d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

      SHA512

      d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      76a777f6353902f241b2a8835a698b2e

      SHA1

      3154cccdaf2b697e2082e5fab76bd04cfc14bcb1

      SHA256

      740e45742824a11213171a6c2c8c0996ff8331bcf07780202412219376706670

      SHA512

      fbcccb40dbf02d80b8032c11a3ceac1b2d7158d8c893a5e6a5998966a79225201a69c049574c587f0336ef6ccb0e0d03307e06228fbfe828334bb7e96b58cd44

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bff8b8166d229b4fb9f66da81146eb2d

      SHA1

      23a35f288160f350841920769f3ff55c33a32e8e

      SHA256

      deae6e2750b6548995d1003c13d79facb2a6eea35318b296bf2192f7b164180b

      SHA512

      40c450b5b3b46575f79553f7ce836d7dfe369f2dbade33a048e8948a646373b0e12e508f35bbc9f9d557f5bee3d42a847b6148a1a42a6565e7b42c50b0b18f55

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      75b7ed7004c42722fd0b69d142261e16

      SHA1

      85fe19536580a7e8227071cbebd4cd758097bcea

      SHA256

      28eb0fcdd75aa5ed4337dcd456b8603f639ea6a4eccf71626ebca4c2a1771ff5

      SHA512

      00ffa215f6d6aea4228c05c2045602490c61654c2fe7688653882ccd2e109784152e646a274becf1711d80b25765790b63986cf4410cbe6092af6a2e07706353

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      761dbbff26a10c14e4feb054d258a528

      SHA1

      b14318d10b86bac4250ed8eef4c459597ad5217f

      SHA256

      85011b267bfacd27870390a315470e03cb16f673811d5f49fcee29f009ee59d0

      SHA512

      095be4e066c6178ed777390b382551089bc172c8081fe2fc95dba5adf19a2f516c4ddecfb918698c2807933fc89eb37f8b9c628c7e522329631cc9846207b701

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      10d7e660daa850d45778e81fb5893f43

      SHA1

      f10b3ffbe28623c10a6251e762c8070409bdd7e1

      SHA256

      54f7b50ff87e91ce9d4729c60cc7d8feac8d254d3defaa534d9af1aa3375659c

      SHA512

      735ca51e870920bfe5ee21a99709d2dfcb1ebd68c9fd332be35dfb2adc694cf4f54864a67379caa87ec7a9e8cba310ab6c4f1da9298228f06e414d5a5a7b7e14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1822ddd86c5ab9fd8731b60ad8c29ce4

      SHA1

      fdf620f1dbf4fe536669a83abb34dc4e570ed220

      SHA256

      e589d927977b37b05ceb44339ed87573e137d99d1064cbf4fdbc4537f9d90f93

      SHA512

      400f27ca695c808f2c427ed4a7a1c53c538d0d47c0c5768e0b241022332633e8ea68786b48bdeb9172f98ba039d5ebd2f9a843347b6ea8312e6229d653ea4d0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a2f5153c111e122507b0f4cae0ae9599

      SHA1

      fbcc70ac3ca82426456215b082b9661be87861b3

      SHA256

      1b33e404915960dde23404ec2649c405148f1590b9930ae91b948d3eda06dbb7

      SHA512

      f729e580f4089049d521da69877c1dff56e7a608a332cf464bd0f67dbee926a6040571767651b9f233e8c6bd3d9263acdff8855eac8374e25ea56903e54f3d05

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e6dd4afcac74cb46f4a9d287127ffd1f

      SHA1

      291a1cd334c2eb85b754ead0ba4f355e611dc106

      SHA256

      89ca64923ad3e02f73ff19704abe7a2c3341a8a31594e0f3c9dc92556343159f

      SHA512

      c508b65f07bb0fd1b962af11385e59c6be2cc46bae36feef8b0c5db26a4249b4544710555b6b99f961b97bbd946e27289d22d61749ab5527f0b3e6fa96594bfd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      05464e761a2679e133fa474a79d7f0b9

      SHA1

      b454ddedb480b5e3a3534b2be9158f6ff2dcc4f8

      SHA256

      a95bb68f7689ba8e0468d595283648c00de8ba11bc2f0e2f027bee185943d795

      SHA512

      3fe503f0ca924b537fd6bc455163ff52d983b00f123c9f7a7ad4befd45560987ee7ada0f9731f6252adaf42c957ae2ade98aa1cc86bfd39c1917d8c9d9f1424c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c9ef94056b040a642398f8c3ae62b868

      SHA1

      075a74fe1a31a97aed8a3cf29f37a8059d186e73

      SHA256

      1ba33b2c476fc9e2245b69a399a2ebfd713324cf6eff748898df9aa5cc973b12

      SHA512

      f203574433d117092a7817229f66ae0c55930659baec23bcf435631df8f23d9f846172552b8f9cb4870491962f6a77464f644d6041055d8a4108d459071ec3e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f608ffe96d43b1fc2ea99f0ddcd67bbd

      SHA1

      f836961f966d1c7f22d60197a6f24df9051b142e

      SHA256

      0a86a5c59034d238744d7e902235137bd5877e0f77891164e2ed46a446a4d9b9

      SHA512

      ee2acad43eae9e451b52810e85ac77f32a7e4a1921c758bf0a0b7bd4bd53a1d0f5145a3b0e790df50c9d95b8b2e2945b0778c428a9df1a97627ba2cc3885016b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa83b8a9b6f4fc9ee3ebdf753f7912d4

      SHA1

      92ba302ac8458ab8d359b8369d5950a01b3ce943

      SHA256

      5e0a4202641005626dcd60ccdedd8b9c8b073a07ebd2ecd419ad1716417230f1

      SHA512

      e9fdc41da4bec1a4a5754b455fd3b6495376de8b543797b1152732ed9b4c49dbd2dfda0d9f7716110ccd00692318cfd3d3d83aba0fdf22c407971c29520dd177

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab4887.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\NDF7D99.tmp
      Filesize

      5KB

      MD5

      7b072e12f115e852e164612be64691e3

      SHA1

      fb5dbaafc40201186969fa831285aed4434740c5

      SHA256

      48d8733a2f1d556309528a36aab2950eb53a8a6a15fcaa58861392eeee756f68

      SHA512

      804446f4160dc6665fe906e2837610d8f00f56dc4f189822906340c8f06f5cd3a7e831d7c152479de005de6617d963a8f103b634b49bea753072b4ae82ba954c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar4A73.tmp
      Filesize

      164KB

      MD5

      4ff65ad929cd9a367680e0e5b1c08166

      SHA1

      c0af0d4396bd1f15c45f39d3b849ba444233b3a2

      SHA256

      c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

      SHA512

      f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5UNAQC6K.txt
      Filesize

      606B

      MD5

      8ce2b1f739f6701c89cab290b32501e5

      SHA1

      cc2b0771a163ccaae94fc0d78bd38dd7fb1282e3

      SHA256

      1d566edb9e4398afe13d6756e584657fff0043de57400789aff4cd21af3795e6

      SHA512

      fb28b05c252bc952c78c348e5b05e75f6121cac86cc9150971c95f478e30ce378c3d2c9ef3df337b41a6c0627b438b532eb84f358d2866105f83fea5989601f7

      Download Submit

    • C:\Windows\TEMP\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\NetworkDiagnosticsTroubleshoot.ps1
      Filesize

      23KB

      MD5

      1d192ce36953dbb7dc7ee0d04c57ad8d

      SHA1

      7008e759cb47bf74a4ea4cd911de158ef00ace84

      SHA256

      935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

      SHA512

      e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

      Download Submit

    • C:\Windows\TEMP\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\UtilityFunctions.ps1
      Filesize

      52KB

      MD5

      2f7c3db0c268cf1cf506fe6e8aecb8a0

      SHA1

      fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

      SHA256

      886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

      SHA512

      322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

      Download Submit

    • C:\Windows\TEMP\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\UtilitySetConstants.ps1
      Filesize

      2KB

      MD5

      0c75ae5e75c3e181d13768909c8240ba

      SHA1

      288403fc4bedaacebccf4f74d3073f082ef70eb9

      SHA256

      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

      SHA512

      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

      Download Submit

    • C:\Windows\TEMP\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\en-US\LocalizationData.psd1
      Filesize

      5KB

      MD5

      dc9be0fdf9a4e01693cfb7d8a0d49054

      SHA1

      74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

      SHA256

      944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

      SHA512

      92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

      Download Submit

    • C:\Windows\Temp\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\DiagPackage.dll
      Filesize

      478KB

      MD5

      4dae3266ab0bdb38766836008bf2c408

      SHA1

      1748737e777752491b2a147b7e5360eda4276364

      SHA256

      d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

      SHA512

      91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

      Download Submit

    • C:\Windows\Temp\SDIAG_ec7d1648-b2b0-46c0-987b-9c07a817fdc5\en-US\DiagPackage.dll.mui
      Filesize

      13KB

      MD5

      1ccc67c44ae56a3b45cc256374e75ee1

      SHA1

      bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

      SHA256

      030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

      SHA512

      b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

      Download Submit

    • memory/1348-918-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1348-924-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-919-0x0000000002670000-0x00000000026B0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1664-925-0x0000000002670000-0x00000000026B0000-memory.dmp

      Filesize

      256KB

      Download