Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    283s
  • max time network
    322s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2023, 13:10

General

  • Target

    https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3000&FlightIds=FX%3A117B9872%2CFX%3A119E26AD%2CFX%3A11D898D7%2CFX%3A11DB147C%2CFX%3A11DE505A%2CFX%3A11E11E97%2CFX%3A11E3E2BA%2CFX%3A11E50151%2CFX%3A11E9EE98%2CFX%3A11F1992A%2CFX%3A11F4161E%2CFX%3A11F41B68%2CFX%3A11FB0F2F%2CFX%3A1201B330%2CFX%3A1202B7FC%2CFX%3A120BB68E%2CFX%3A121A20E1%2CFX%3A121BF15F%2CFX%3A121E5EC8%2CFX%3A122D8E86%2CFX%3A123031A3%2CFX%3A1231B88B%2CFX%3A123371B1%2CFX%3A1233C945%2CFX%3A123D7C31%2CFX%3A1240013C%2CFX%3A1246E4A3%2CFX%3A1248306D%2CFX%3A124B38D0%2CFX%3A1250080B%2CFX%3A125A7FDA%2CFX%3A1264FA75%2CFX%3A126DBC22%2CFX%3A127159BE%2CFX%3A12769734%2CFX%3A127C935B%2CFX%3A127DC03A%2CFX%3A127FC878%2CFX%3A1283FFE8%2CFX%3A12840617%2CFX%3A128979F9%2CFX%3A129135BB&BranchReadinessLevel=CB&OEMManufacturerName=DADY&IsCloudDomainJoined=0&ProcessorIdentifier=Intel64%20Family%206%20Model%2061%20Stepping%202&sku=48&ActivationChannel=Volume%3AGVLK&AttrDataVer=204&IsMDMEnrolled=0&ProcessorCores=2&ProcessorModel=Intel%20Core%20Processor%20%28Broadwell%29&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=Standard%20PC%20%28Q35%20%2B%20ICH9%2C%202009%29&SystemVolumeTotalCapacity=261842&sampleId=21765212&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19041.1288.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3AB5D67584-1FEF-4C28-8532-FCD3CF2C23D0&ring=Retail

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3000&FlightIds=FX%3A117B9872%2CFX%3A119E26AD%2CFX%3A11D898D7%2CFX%3A11DB147C%2CFX%3A11DE505A%2CFX%3A11E11E97%2CFX%3A11E3E2BA%2CFX%3A11E50151%2CFX%3A11E9EE98%2CFX%3A11F1992A%2CFX%3A11F4161E%2CFX%3A11F41B68%2CFX%3A11FB0F2F%2CFX%3A1201B330%2CFX%3A1202B7FC%2CFX%3A120BB68E%2CFX%3A121A20E1%2CFX%3A121BF15F%2CFX%3A121E5EC8%2CFX%3A122D8E86%2CFX%3A123031A3%2CFX%3A1231B88B%2CFX%3A123371B1%2CFX%3A1233C945%2CFX%3A123D7C31%2CFX%3A1240013C%2CFX%3A1246E4A3%2CFX%3A1248306D%2CFX%3A124B38D0%2CFX%3A1250080B%2CFX%3A125A7FDA%2CFX%3A1264FA75%2CFX%3A126DBC22%2CFX%3A127159BE%2CFX%3A12769734%2CFX%3A127C935B%2CFX%3A127DC03A%2CFX%3A127FC878%2CFX%3A1283FFE8%2CFX%3A12840617%2CFX%3A128979F9%2CFX%3A129135BB&BranchReadinessLevel=CB&OEMManufacturerName=DADY&IsCloudDomainJoined=0&ProcessorIdentifier=Intel64%20Family%206%20Model%2061%20Stepping%202&sku=48&ActivationChannel=Volume%3AGVLK&AttrDataVer=204&IsMDMEnrolled=0&ProcessorCores=2&ProcessorModel=Intel%20Core%20Processor%20%28Broadwell%29&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=Standard%20PC%20%28Q35%20%2B%20ICH9%2C%202009%29&SystemVolumeTotalCapacity=261842&sampleId=21765212&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19041.1288.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3AB5D67584-1FEF-4C28-8532-FCD3CF2C23D0&ring=Retail
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    eaf2b4a8cb83c01a0cc1467f9c0ce105

    SHA1

    62c90c740292afe990f91e3f4dd2c643141a8f17

    SHA256

    721cd25c9f544b3f19a5a1c32f2d5d776eac9f3639673a944365d84717becbb0

    SHA512

    7024515f30290c52f65005f32513206b634d4b0730c0faed60828d97e12c74660e264603511a61f34e7d569446bfca1b25482fdc947aeb02d328c68f01b39ebf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    e00b5ba62812abf4e82fc437c1355038

    SHA1

    74228af41a0821bef5fd37b0497a10a4ed9040c5

    SHA256

    df223af8615d4a9ed7c57ec72bd066f48fe0f6b3aefad31d8dfa781f71817a46

    SHA512

    67c9d1f8df25bd8aa15530059a6f6a974ed8530e93c3622a27e837ac85b8886db35c180470376ff854382b7c2fc94b56f4d890e4fab1ef66f1b1b09accaf257f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee