Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17/07/2023, 03:13

General

  • Target

    sticker_basketball.xml

  • Size

    1KB

  • MD5

    1767916b4383d1c76e2ae70afb76b9b7

  • SHA1

    abd7d89842725bba9892c567e002a01dd96e9d9b

  • SHA256

    d74dc98cafc6bd883d37335b7940f6d4d37c1704a15a119653b3cb98db79c94e

  • SHA512

    a46faf5827fcecb1c63a184c8aa45f8a6d9b80a89b6342d228afa8610063a02be079df630299192ed06ad40dec2ca0a6241769cf9ae2626f8f1dbf9821dedf36

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sticker_basketball.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    96ee64d6ba785ddf988caf1a878408dc

    SHA1

    4ed6c83afeeebdb8e6562a567e7dd5bd1d55f9f3

    SHA256

    2b3502b9711124edbea32d03b4ff185914438e0957fc5c979b2b8ec493730094

    SHA512

    c815511895e295a99860b60a3e47177378050b639eb71910e227568627a91ad6c0f827956766e357eca9429de47850ff479d3449ede902dbf59dfbdabe4f2c0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88d6cee8c9874ee9934ea60867340695

    SHA1

    8a31791d3063201be99f352482dbfe390d01cf20

    SHA256

    7185699e508ae8603dc1e8baecc3b357accc369bf0ce2313a510d90b724a361a

    SHA512

    129fa01c18bcbf9a0684471d240f2b69f5564357ad67e9cc3dc4c29539f2a8fd381d28e7e1f5c9e0f84016165b1cdee9105e4e05c7b125339b5e02a35f6d5072

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc25057b7273c2ded0bce961a99313df

    SHA1

    36dd8982a62f66da437b2a3d6005a3a0ed223698

    SHA256

    27227677d69774a3d08c541a2b3b17810bf75cd5769f30c7f177923e1fa6f05a

    SHA512

    f4051e1be6a278bad5b3193d0a42f06849cf5abc82476e18c8351d37caef217382404110f41b7b4fc81a75da071e83f302ed52f652cd5576cbb99ea5e4d18b01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2157f7e7af43b1de4bd726a039b6efb2

    SHA1

    a5e3db2810a80f69b8a1577f1b70daf9f2456342

    SHA256

    47425ac90d7aae544cc0dd17233466565d51d1291f9317d0b5d59b0a2e93d6b4

    SHA512

    b9d31035d8368a79c07f7aa8d89c1071d6917fc0e129370a3ae07a269f66a05219b06090bddcbb2ae8c2fbfb82c99db96b3f99777cbe9620f5bd6a980abbb82f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc86cf7235b93b16459e605116c99027

    SHA1

    3b1376d28f331b7c25cd9c74ef23bac78e283a50

    SHA256

    d304ac2f08b921cd5e06d900a44ab5b32350d0009540d61b5d71fe4fbc1bbbbb

    SHA512

    b9e54151570cc71b29d6e1d8fa988fd4a71847d67580513cb11f331e7870f72df1643d0b12b1d3b8a07a3112df5f13bbd096ad970cfcef70c2b8cb9e14f57fef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2353e83b917c7fa77c368b7965f6ccb7

    SHA1

    dcf50ad1419c68689a591e914c4981cac4638b4a

    SHA256

    239b59075d3667957d43567ef0f8760cc780cbf30e795484c561bb0f08086751

    SHA512

    00eba57491c5b08401a3890f7ac09c0e53b76dc9f4b2240395d0305899177a49675b874b22f7eb1488f7fca47fa81b4832035351e5876a37e8d164c38c785bce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ea398a172ad8303731c8e6fc074d2e64

    SHA1

    969fe43bd33fb65d219e675a9a6c1b3237d6a096

    SHA256

    392cd6929a7c94ecf49d4da02e19c860017be198d089edd97d89da704c054530

    SHA512

    f36b2277ca9bc5bc138158f7c8f67144b1eb490dbc522122a8a164e1246dc8afa1b652f7e11cfcac20fb4d70a90998cafe8f49cbf684d3769d1298971a79e2e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    df02ce955b2578d4942978e18abc77e4

    SHA1

    57ce54bed307e86b7a6eac86aa0ec57c3d561658

    SHA256

    f336e2aad7a05e0ab8dc45de26d77f081617c8a7d20cbed336b51c836262a767

    SHA512

    84efd91372c8e61ffcb1d058a960e3aa5773ef1809599cbb79444dc79d6c2d678f30e884dc6e12c8745173242ae2b3a116955385f355e6a4ecdcd45d34f910e4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabB954.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarB9B5.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NOZEW93X.txt

    Filesize

    593B

    MD5

    1d988d5749ebdf3cc7234b7db3825261

    SHA1

    2428d28df0649bbe4fec70b17356ba0d593f388a

    SHA256

    0ebdca8430ad085363370cb1836a4406593d2a85e4cadad400780db455366509

    SHA512

    1a18ec933b13918f1dd2e37a1fc87a53833f71079e2fc386079a4dbc80d394a6afca6bdfdc7eeee78386edeb7f317b67573a158209987a3ad95e0462779ba043