Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07/07/2023, 16:14
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20230703-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
sample.html
-
Size
119KB
-
MD5
eb5c4de17c91b6aa7543247d945d8b9f
-
SHA1
d37e65ee06fb4488c87a1b4fb4ad04d421fbc9f9
-
SHA256
1ba3aa0247b5aa10876d276bf3269e7811a89880b7f990bda9bff0a5e9420e5a
-
SHA512
e925a7ba8b737d6e9908e53826f0a2bcb7ab11f5d3ac1e4258abd2a6c4fc9f971372540777bfb5dd6e1f0aa2da7dd539d3bda64b346e0259a5e10b17f11d8e06
-
SSDEEP
3072:UdN9X6e/RpVFGLbfvPbN21H2/lyCGqTJtXqeej2+kHyS5:UdN9H/TGLbfvF
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395511458" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000a0fa7e6881647d6f4a51aa50f62fb6f8d0d288595e29299a8d93e5caedaf7a45000000000e8000000002000020000000d01bcb18a606bec2d398dd63cde621467db40494b5b961b864c57a702bdc563820000000241c1d86981d5cfdeb06fb09397a03ebe45569958d4ff982b3999ef34f1fb124400000001b646ead73d71ad0c75f4bb315bc412516841ac3ac0a5f4e62236ed8800ad82a7c1835c700760a44a9712a5cc64daf35f5a036ef3c4db7feb0303b2683ab4c59 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31043822" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "908461937" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "920026103" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000ccdc43cf7f86453c922c67add59f24382855125c580c47870a5167cc3166c3dc000000000e8000000002000020000000a30166613073ef2a44278b5cf15c0a6bd908030eb359bf4bd7f1e494badf89452000000036f0530eaa0871000df5d6f42201eea9d3af76894c22ec2eecd0f10474100fb240000000ff0075299333b2a5c8af8d846be604c11536c130b7511df06deddd4c8e239a69e1631598438a35af578e8ecfefc943cfbb63c891749810768a0b6cd22e5c9370 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{61ABC811-1CE1-11EE-A61E-E2F5CE34D8FF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043822" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "908461937" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50864852eeb0d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043822" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10263e52eeb0d901 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{840BAE67-3852-4BBB-858F-55AF1CA10762} IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 632 iexplore.exe -
Suspicious use of AdjustPrivilegeToken 38 IoCs
description pid Process Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE Token: SeShutdownPrivilege 3624 IEXPLORE.EXE Token: SeCreatePagefilePrivilege 3624 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 632 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 632 iexplore.exe 632 iexplore.exe 3624 IEXPLORE.EXE 3624 IEXPLORE.EXE 3624 IEXPLORE.EXE 3624 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 632 wrote to memory of 3624 632 iexplore.exe 84 PID 632 wrote to memory of 3624 632 iexplore.exe 84 PID 632 wrote to memory of 3624 632 iexplore.exe 84
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3624
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee