Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

URLScan

urlscan

https://outlook.offi...

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2023, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=astathis%40almabank.com&senderemailaddress=Kim.Y%40bank34.com&senderorganization=AwGAAAAAAnwAAAADAQAAAJbvGZBF%2bU5IiagRavo4zW5PVT1iYW5rMzRhZmMub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjEwQTAwNSxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NWv1LBhTD80Wf%2bOdaFDnh0UNOPUNvbmZpZ3VyYXRpb24sQ049YmFuazM0YWZjLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxMEEwMDUsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cCH2PR13MB3383E3514FB284B1563D8441C526A%40CH2PR13MB3383.namprd13.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7bD0E409A0-AF9B-4720-92FE-AAC869B0D201%7d%40bank34afc.onmicrosoft.com&consumerEncryption=false&senderorgid=e4f6fbff-51b4-40a2-b370-d7fff9ca682f&urldecoded=1&e4e_sdata=sKN%2f%2fBGvAo0fgJ3FGyQjrv4gbr8ofrFq3RGJKYTO1utwY3jK3Ao%2bueK9Jv6eO6IOIidOKmVbp44DN4voVFY%2fIrEVZILccCNJ2oc7nQNZRT6HsTKbTZZUd%2fcV7OystfMX6AuaMnMjsK5hKir1%2fDwP2mMwAEoJ%2fJZzfN2XszOe5NFePutWk1%2bdMj6WCFD4VPzWNY6grII2ug1lg98Ftozq%2fSa73uX8B1NOaouQamF3npWVKnyYsCGPRGN9IHf1QZ7bLLlvj%2fiXgRWoz1GlEHIEtAKnH93XWOl9z65kh97S2vEvhftQawq%2bQyg83AdzogC1%2bvVrTecSeepLUTc4i43%2bAQ%3d%3d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=astathis%40almabank.com&senderemailaddress=Kim.Y%40bank34.com&senderorganization=AwGAAAAAAnwAAAADAQAAAJbvGZBF%2bU5IiagRavo4zW5PVT1iYW5rMzRhZmMub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjEwQTAwNSxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NWv1LBhTD80Wf%2bOdaFDnh0UNOPUNvbmZpZ3VyYXRpb24sQ049YmFuazM0YWZjLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxMEEwMDUsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cCH2PR13MB3383E3514FB284B1563D8441C526A%40CH2PR13MB3383.namprd13.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7bD0E409A0-AF9B-4720-92FE-AAC869B0D201%7d%40bank34afc.onmicrosoft.com&consumerEncryption=false&senderorgid=e4f6fbff-51b4-40a2-b370-d7fff9ca682f&urldecoded=1&e4e_sdata=sKN%2f%2fBGvAo0fgJ3FGyQjrv4gbr8ofrFq3RGJKYTO1utwY3jK3Ao%2bueK9Jv6eO6IOIidOKmVbp44DN4voVFY%2fIrEVZILccCNJ2oc7nQNZRT6HsTKbTZZUd%2fcV7OystfMX6AuaMnMjsK5hKir1%2fDwP2mMwAEoJ%2fJZzfN2XszOe5NFePutWk1%2bdMj6WCFD4VPzWNY6grII2ug1lg98Ftozq%2fSa73uX8B1NOaouQamF3npWVKnyYsCGPRGN9IHf1QZ7bLLlvj%2fiXgRWoz1GlEHIEtAKnH93XWOl9z65kh97S2vEvhftQawq%2bQyg83AdzogC1%2bvVrTecSeepLUTc4i43%2bAQ%3d%3d
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4452 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4692

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\boznf1h\imagestore.dat
    Filesize

    5KB

    MD5

    97edf8cc2ccb77cf081fe94c0d1a68bd

    SHA1

    c9c071fa50e130c0cd3987ff395dbe385f965e97

    SHA256

    9dba3df90bb3631b040b146befb9dc17a52494d0c64c54d51a0702c20b6b38e1

    SHA512

    bec667b688e80dbb3e9b3441c51b5879db9c8f62d3808a8528a5b2e1aa20542653e7e71e42c75a583029a69f0e5b0c869777901baa0e1af26eb9d80d869f91ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8RG8LESW\favicon[1].ico
    Filesize

    5KB

    MD5

    f82312f1281e8d6c87f7ffca0a7d147c

    SHA1

    103d0c7b915b40584e0543856e87b360568fe8c8

    SHA256

    dec51a1a5c6f5daddebe7c7d1048319969446f03de89a953c3c3514f8db08e8a

    SHA512

    c9ea288cc6d9d4b9872fcc49fd2ad461c9600b807311cd82c07c68465224d3a6004fa89f60088a34bbcf4ca96404f5a1b01e6009ca4fd964d63a53cf856f7c0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\97XIF11T\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit