Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

login.html

windows10-2004-x64

1

Resubmissions

05/05/2023, 19:21

230505-x24drsgh87 1

05/05/2023, 19:18

230505-xz55ksgg62 1

05/05/2023, 18:18

230505-wxt4vsce62 1

05/05/2023, 16:22

230505-tt9n2abe23 1

05/05/2023, 16:15

230505-tp9s8sbd87 6

Analysis

  • max time kernel
    150s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 18:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    login.html

  • Size

    26KB

  • MD5

    7e5cf6762a08294f83a0f55de39172b3

  • SHA1

    a20cb9e9865ee546d0bdb399a8245e79a82ef0b4

  • SHA256

    553795cfe1917dd97713c269a08ad13779266480716485593d57e0d75ec062d6

  • SHA512

    3e5e78014ae703661388403df90ca9f333d1d692eedff6e69a682b09064f81e0faa7fa0b654cafb471e9addb30d44cbc5bc3a5d58fd8c39b56099a2c6f50a753

  • SSDEEP

    384:1V77sGGzK+TpQn7M9cyqy/f2f/Yb6WiZsffGfMfgW3syZj5XCqzGX3f:w+scm2f/Yb6H+3UWgUsyZ98

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\login.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:396 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4792
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffab0c446f8,0x7ffab0c44708,0x7ffab0c44718
      2⤵
        PID:872
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:1304
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1768
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:2252
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
            2⤵
              PID:1020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
              2⤵
                PID:3656
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                2⤵
                  PID:4180
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15279865035597765970,6218349808242517785,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
                  2⤵
                    PID:3876
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1500

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    9dac19b457b46c42e73c7a7d5eddefe2

                    SHA1

                    6632358d764a391b9f4302890bfb5a64f05f8d26

                    SHA256

                    bede87d0f722e1a753df850b720614f5ae44521ab27036d3d272d63eaaa8fe6f

                    SHA512

                    9519c55819ef67ced1926fa52597737aca36ae8d491a4eb97c4a7a326daf1f7e470c6b359a196a15bef773baaf7a6bffca3300e9e1e5bff10030fd4ce457785a

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    434B

                    MD5

                    154811bc7bd9c0fe88ba0936c3264f10

                    SHA1

                    f2ec43302d821cd23c61ff33317ed35f14b03be0

                    SHA256

                    45a596c21706c980e869bff8f41ea8669ef414a1f6896f2ee4a59ec9f98add20

                    SHA512

                    ddfa826d1d7fcef46292185c792a9cd2fc988eb4edcbf0d55ea09ea1bbc6ba2790370bacde65fff15d66cb1a43df6d1b9f1f2bd5b3e5e418535ef409ab22db39

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    0820611471c1bb55fa7be7430c7c6329

                    SHA1

                    5ce7a9712722684223aced2522764c1e3a43fbb9

                    SHA256

                    f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

                    SHA512

                    77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                    Filesize

                    70KB

                    MD5

                    e5e3377341056643b0494b6842c0b544

                    SHA1

                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                    SHA256

                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                    SHA512

                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
                    Filesize

                    41B

                    MD5

                    5af87dfd673ba2115e2fcf5cfdb727ab

                    SHA1

                    d5b5bbf396dc291274584ef71f444f420b6056f1

                    SHA256

                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                    SHA512

                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                    Filesize

                    2KB

                    MD5

                    f09c06f4c7bcdeb4d57ca343854b279f

                    SHA1

                    7b7e7082dd000c62bffbaac45572127b70e50b28

                    SHA256

                    0c151b7fa6ff8b8fff799583ae657551501db22a1c5dde7631b28a44ee2c3a3c

                    SHA512

                    b6dbed228713840b17dbb25c61d766b97f0a99b1409360f072fc3d314854bffe1589b2b6ce75cc1d8a149262f54c1ce234c3436cda59cafad82296dcfa815e30

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    111B

                    MD5

                    807419ca9a4734feaf8d8563a003b048

                    SHA1

                    a723c7d60a65886ffa068711f1e900ccc85922a6

                    SHA256

                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                    SHA512

                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    4KB

                    MD5

                    4a72ca3012756df5bd17faad364c086e

                    SHA1

                    a13c9acfd2a073fdd572989014e5998d82680830

                    SHA256

                    0be35114a41af7773784ca943912d64ec9935a9c9c36d13bb90b48aec1c2cb36

                    SHA512

                    19306cc8c512218d1a1d431cc097f4ca2a144e41228e498ab5120eb28e6f52e373fcee3b719bb33c05f1df66e1cb8c7516faae6d46129d4b1632d304b366f7b1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    0a689b3772da2342e246d37fa126429c

                    SHA1

                    ea8c5575f23a1d009e81f5bba13b30693b88345e

                    SHA256

                    7142227da7330cb6a47aec61955e95db32ecfd322c5e816beef7bcfb31513eb9

                    SHA512

                    0938420a7d78ff537ad27d24c83ea74f0f9a7d505a2743ac2e16b1b8e0bf2c6761007f81dcaf2759dc13b9d33367df73b09efd247a31c158e0743ebee2afda16

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    55e2ab0aa81e6f6f057be889985bbcf5

                    SHA1

                    2ddc32fa674e33284d3839e24d113c6edb9fac4d

                    SHA256

                    e52d0b379f0d7989bea2be2eabbd69df088031ec2d1a319ce60f416ecde4c795

                    SHA512

                    2a92be77ec898eef2a41a117e09c9a4bcae341450529143b6730cac74732fe4fd8ae0c2ec3f1f48990b0b066002153feed18e0a3796670ccfbadd13a8bdb1c44

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    d53ac35ab3976e67caeed75c4d44ffc1

                    SHA1

                    c139ab66d75dc06f98ada34b5baf4d5693266176

                    SHA256

                    647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

                    SHA512

                    391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    bc5f988722f72244e9a4aa8e1d6a0ee2

                    SHA1

                    4a132601b1d75fe013d364df95b711223eb9f742

                    SHA256

                    8ae99505d61450350ed2799d1bcca3cf9bcd4dd2e6a99cfcfcb2e929704592d9

                    SHA512

                    be7c42520bfe8aa8a966881190240bfef15471e84c4dad78ee3c3c0adc14d02e24f6eb950a68914d5870d51c4e91e42cb91eaedc69c360cb9cdc70c40d0cea2c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                    Filesize

                    16B

                    MD5

                    46295cac801e5d4857d09837238a6394

                    SHA1

                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                    SHA256

                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                    SHA512

                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    3KB

                    MD5

                    b9e02fb82df25d6fdb9177dae6ceb169

                    SHA1

                    37644b16c3fc77c563ec60406a3a4525e509ffbd

                    SHA256

                    3378f16697c31277c4de5985e9d6501bf33809b46dead619acd18c4f1ae2c43b

                    SHA512

                    713083d6cd3b7c45470fd6b8c3ba0339112a7edce5f1da5fec6dbfd06aac1fc0df976e6522db9004c0eb8a4a170e452fc601a4325ef914a3e64ad7d27ba1e4b8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    9KB

                    MD5

                    1ea062b3f943fb6d75bb2847fba7d8e4

                    SHA1

                    fa877a5de0a79facb3f9afa2bc06d301555e8841

                    SHA256

                    6ec10fc4ddb40640b3d5238efa8700de68f6f1608e71124c1488970b14766a7d

                    SHA512

                    bb7ec177c4c3df8d897b8d8203b687b6dcc1ce8e0bd9913590c59243ef8494b8b8af0a105eb9c8480a4c4dbaa68c268cbc9b6ad69245f9632d50f6b2a0611fbe

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US
                    Filesize

                    17KB

                    MD5

                    5a34cb996293fde2cb7a4ac89587393a

                    SHA1

                    3c96c993500690d1a77873cd62bc639b3a10653f

                    SHA256

                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                    SHA512

                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                    Download Submit