Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
283s -
max time network
322s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2023, 13:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3000&FlightIds=FX%3A117B9872%2CFX%3A119E26AD%2CFX%3A11D898D7%2CFX%3A11DB147C%2CFX%3A11DE505A%2CFX%3A11E11E97%2CFX%3A11E3E2BA%2CFX%3A11E50151%2CFX%3A11E9EE98%2CFX%3A11F1992A%2CFX%3A11F4161E%2CFX%3A11F41B68%2CFX%3A11FB0F2F%2CFX%3A1201B330%2CFX%3A1202B7FC%2CFX%3A120BB68E%2CFX%3A121A20E1%2CFX%3A121BF15F%2CFX%3A121E5EC8%2CFX%3A122D8E86%2CFX%3A123031A3%2CFX%3A1231B88B%2CFX%3A123371B1%2CFX%3A1233C945%2CFX%3A123D7C31%2CFX%3A1240013C%2CFX%3A1246E4A3%2CFX%3A1248306D%2CFX%3A124B38D0%2CFX%3A1250080B%2CFX%3A125A7FDA%2CFX%3A1264FA75%2CFX%3A126DBC22%2CFX%3A127159BE%2CFX%3A12769734%2CFX%3A127C935B%2CFX%3A127DC03A%2CFX%3A127FC878%2CFX%3A1283FFE8%2CFX%3A12840617%2CFX%3A128979F9%2CFX%3A129135BB&BranchReadinessLevel=CB&OEMManufacturerName=DADY&IsCloudDomainJoined=0&ProcessorIdentifier=Intel64%20Family%206%20Model%2061%20Stepping%202&sku=48&ActivationChannel=Volume%3AGVLK&AttrDataVer=204&IsMDMEnrolled=0&ProcessorCores=2&ProcessorModel=Intel%20Core%20Processor%20%28Broadwell%29&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=Standard%20PC%20%28Q35%20%2B%20ICH9%2C%202009%29&SystemVolumeTotalCapacity=261842&sampleId=21765212&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19041.1288.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3AB5D67584-1FEF-4C28-8532-FCD3CF2C23D0&ring=Retail
Resource
win10v2004-20230221-en
General
-
Target
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3000&FlightIds=FX%3A117B9872%2CFX%3A119E26AD%2CFX%3A11D898D7%2CFX%3A11DB147C%2CFX%3A11DE505A%2CFX%3A11E11E97%2CFX%3A11E3E2BA%2CFX%3A11E50151%2CFX%3A11E9EE98%2CFX%3A11F1992A%2CFX%3A11F4161E%2CFX%3A11F41B68%2CFX%3A11FB0F2F%2CFX%3A1201B330%2CFX%3A1202B7FC%2CFX%3A120BB68E%2CFX%3A121A20E1%2CFX%3A121BF15F%2CFX%3A121E5EC8%2CFX%3A122D8E86%2CFX%3A123031A3%2CFX%3A1231B88B%2CFX%3A123371B1%2CFX%3A1233C945%2CFX%3A123D7C31%2CFX%3A1240013C%2CFX%3A1246E4A3%2CFX%3A1248306D%2CFX%3A124B38D0%2CFX%3A1250080B%2CFX%3A125A7FDA%2CFX%3A1264FA75%2CFX%3A126DBC22%2CFX%3A127159BE%2CFX%3A12769734%2CFX%3A127C935B%2CFX%3A127DC03A%2CFX%3A127FC878%2CFX%3A1283FFE8%2CFX%3A12840617%2CFX%3A128979F9%2CFX%3A129135BB&BranchReadinessLevel=CB&OEMManufacturerName=DADY&IsCloudDomainJoined=0&ProcessorIdentifier=Intel64%20Family%206%20Model%2061%20Stepping%202&sku=48&ActivationChannel=Volume%3AGVLK&AttrDataVer=204&IsMDMEnrolled=0&ProcessorCores=2&ProcessorModel=Intel%20Core%20Processor%20%28Broadwell%29&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=Standard%20PC%20%28Q35%20%2B%20ICH9%2C%202009%29&SystemVolumeTotalCapacity=261842&sampleId=21765212&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19041.1288.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3AB5D67584-1FEF-4C28-8532-FCD3CF2C23D0&ring=Retail
Malware Config
Signatures
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d93b5b04e245d901 iexplore.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038968" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1948323865" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9EC99521-09EB-11EE-8227-720160798C78} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038968" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393426783" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1940038798" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038968" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1939884073" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 832 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 832 iexplore.exe 832 iexplore.exe 1272 IEXPLORE.EXE 1272 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 832 wrote to memory of 1272 832 iexplore.exe 83 PID 832 wrote to memory of 1272 832 iexplore.exe 83 PID 832 wrote to memory of 1272 832 iexplore.exe 83
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3000&FlightIds=FX%3A117B9872%2CFX%3A119E26AD%2CFX%3A11D898D7%2CFX%3A11DB147C%2CFX%3A11DE505A%2CFX%3A11E11E97%2CFX%3A11E3E2BA%2CFX%3A11E50151%2CFX%3A11E9EE98%2CFX%3A11F1992A%2CFX%3A11F4161E%2CFX%3A11F41B68%2CFX%3A11FB0F2F%2CFX%3A1201B330%2CFX%3A1202B7FC%2CFX%3A120BB68E%2CFX%3A121A20E1%2CFX%3A121BF15F%2CFX%3A121E5EC8%2CFX%3A122D8E86%2CFX%3A123031A3%2CFX%3A1231B88B%2CFX%3A123371B1%2CFX%3A1233C945%2CFX%3A123D7C31%2CFX%3A1240013C%2CFX%3A1246E4A3%2CFX%3A1248306D%2CFX%3A124B38D0%2CFX%3A1250080B%2CFX%3A125A7FDA%2CFX%3A1264FA75%2CFX%3A126DBC22%2CFX%3A127159BE%2CFX%3A12769734%2CFX%3A127C935B%2CFX%3A127DC03A%2CFX%3A127FC878%2CFX%3A1283FFE8%2CFX%3A12840617%2CFX%3A128979F9%2CFX%3A129135BB&BranchReadinessLevel=CB&OEMManufacturerName=DADY&IsCloudDomainJoined=0&ProcessorIdentifier=Intel64%20Family%206%20Model%2061%20Stepping%202&sku=48&ActivationChannel=Volume%3AGVLK&AttrDataVer=204&IsMDMEnrolled=0&ProcessorCores=2&ProcessorModel=Intel%20Core%20Processor%20%28Broadwell%29&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=Standard%20PC%20%28Q35%20%2B%20ICH9%2C%202009%29&SystemVolumeTotalCapacity=261842&sampleId=21765212&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19041.1288.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3AB5D67584-1FEF-4C28-8532-FCD3CF2C23D0&ring=Retail1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1272
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5eaf2b4a8cb83c01a0cc1467f9c0ce105
SHA162c90c740292afe990f91e3f4dd2c643141a8f17
SHA256721cd25c9f544b3f19a5a1c32f2d5d776eac9f3639673a944365d84717becbb0
SHA5127024515f30290c52f65005f32513206b634d4b0730c0faed60828d97e12c74660e264603511a61f34e7d569446bfca1b25482fdc947aeb02d328c68f01b39ebf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5e00b5ba62812abf4e82fc437c1355038
SHA174228af41a0821bef5fd37b0497a10a4ed9040c5
SHA256df223af8615d4a9ed7c57ec72bd066f48fe0f6b3aefad31d8dfa781f71817a46
SHA51267c9d1f8df25bd8aa15530059a6f6a974ed8530e93c3622a27e837ac85b8886db35c180470376ff854382b7c2fc94b56f4d890e4fab1ef66f1b1b09accaf257f
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee