Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://astivysauran...

windows10-2004-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2023, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://astivysauran.com/event

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://astivysauran.com/event
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2340
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
      PID:1952
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\event.json
        2⤵
        • Opens file in notepad (likely ransom note)
        PID:2044

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\event.json.3ohy151.partial
      Filesize

      58B

      MD5

      289be6db62b320bc4b1e1fd86e0f0b7e

      SHA1

      32f85540b56d5971b3696d38e60e4947b862505b

      SHA256

      e4030a66efd0bf72b0baf66848a3c5f6cff5d24e24ebc58464f1a41968583d66

      SHA512

      735f2c85243ffed7db58fb74f7e5549f4d90136f73e4962f2e643e919bb96b4bcc76f5cebcfbd425a00bd491f256e61a2f8bbe6775a2e9629f35ebdcb10196e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\event[1].json
      Filesize

      58B

      MD5

      289be6db62b320bc4b1e1fd86e0f0b7e

      SHA1

      32f85540b56d5971b3696d38e60e4947b862505b

      SHA256

      e4030a66efd0bf72b0baf66848a3c5f6cff5d24e24ebc58464f1a41968583d66

      SHA512

      735f2c85243ffed7db58fb74f7e5549f4d90136f73e4962f2e643e919bb96b4bcc76f5cebcfbd425a00bd491f256e61a2f8bbe6775a2e9629f35ebdcb10196e8

      Download Submit