Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 14:21

General

  • Target

    rev_3286/SkyDrive.xml

  • Size

    2KB

  • MD5

    a94642be85e83bd11fe2edc8ee57a052

  • SHA1

    cce07bcc7dbe8bfef8f9397c8b6e76b96ddc9aa9

  • SHA256

    da3489644a56924340c30ba06dca8d02ac68a772c1971ebeedfb07767ea6f1ee

  • SHA512

    cfe4f318b08c3924c51eb679541b3a8d8d36cb47ffb5ebd9d979d254c1cba8782dfd8757f748944967392608dcc1775fdf82b9324b03481314b1f661a085b733

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\SkyDrive.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1256
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1256 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    442de57133adb9564f1310bf306a0a92

    SHA1

    45e4a1d3c726ed5d34d98724c99eb8daf0b5e732

    SHA256

    47a5c2a7e0ba1dad049c0e28a4ee8ec230f149427f1aa2ec5fd46278cfa5c167

    SHA512

    1d342dbc53bf813ceb28b8e490d64c08f33a3770d61597b4fb98ec9ee4adefdddfda4d3a2a3d173c7407313fc40724728f0a3d1838dd951433461be274e57742

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    92777c6dfe7264151e051d9271ccdfe6

    SHA1

    94091dd594ea77169c75d4b03f2b8283ce9e18ae

    SHA256

    24ff14ed1e270fcd1ee1a126cb2864fbad1b62bef70eea214c9e7c4bde484a4b

    SHA512

    560cd48bf743fd5ad21711722cf75e857297347ac8f2a5cc6e3b7b2e3e411e43de9a26741cbe3295f3741ce0f66f3f4d5b8c8e3848123717c3794a45952ec246

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e45efa2cf74be7fda28ecc4c91ec8e2

    SHA1

    71d8f18a4fcad4b33fb420eb2c21276f247b5ce5

    SHA256

    25f9a1a19e5b347ae8d0a4a0291e6c28a1c74da2e545ef5346fd71fe388a0081

    SHA512

    14b0136377c945389dd5003c18a821b2db0cfb5ceb7e46152b5b3d9bd3f947ff8f2e75269bf657e33c1a52aefc0bd10b28bfa9127f514c7f274adf704b22489a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f1ba9325e0463a03be0a4d7c3bb1e41

    SHA1

    11247b53c7db9f03cbda7a070289f5bd5c63eb92

    SHA256

    18577bd9d96f96d509ff1710c7e7ea4c7b009a75237e9976c05f806dcedecfbc

    SHA512

    d7b660817fc0168504ce5d9fd7405ff3abc950d98e6198213827cdb9338c859bbf3a54e406c9c729470dafe3214c9f1d8d9aa880194b86d0eb4b0355b356424f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc0444f4067c18ec6539190ef2f56c01

    SHA1

    f12f6f91b34210e6d496d2c9ab836348571b35cd

    SHA256

    13d0a75114c097d37a1e7181aaf4722c648668dc169c55ceecf6ed22949f4d8e

    SHA512

    199e9b8ad8359e69cbaefe5de5acbe080f213007a349e7c2504226400b209c7a20d901d171717bb609d7075c5bc5b54fcc4af6d37383c383cfe207e8544150d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    951c92e7d5ace7d02e65a73df347992e

    SHA1

    b6b45b747d5becdd8f30e782abf748f983ab7b9d

    SHA256

    45212b55e60af2bf0289e74e45d0d00472207fea8fc674d22589a8d90e7b984f

    SHA512

    f7dac5c39f871efb60b5d1cd64528fe9c2bbd289cbb414e2950dd828d7edd460910d0b37c6b7a0777517930e127fa740305349988c5828554f4550f101a308a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    17019196ee7f89456ffbf9fc8ba7b57b

    SHA1

    691e8c07ae2a96622f5b68bfd90b68c7e6077c0a

    SHA256

    4197b2439283045579d829764c7ceaf67d6b7d996f52fdc16ec49a9a728259e4

    SHA512

    4177b8e468068c8cd86145aed41fdc898e7af10277890c81b88826b5c31410356645a98e49f77719bf4c44a7a146f1dacbfa53fe40a050c92190821d29fc8c16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a005d6efe27d498e16226d263b0247d7

    SHA1

    83d5cd13e9dc87f6bb964ab0124e408dc96e30bf

    SHA256

    c5f42727352258d81e942cff1d8ff6c9e68f49214daa0cf0f2291166b6cf6203

    SHA512

    f7ac8ea1682c143fbaaeae12a1569f9dc7ce8e76ee08ddb5b19e836f008615ee88c457dbed117c1ad9403b1184cd8c9f551bba59a49734aecca5e863c06b3a5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fce228126aade32a933c859e0a2e26cf

    SHA1

    d4e932f25b30297fd317681e13ce3293b17b0a03

    SHA256

    8da9fa44d6ce49cf5f13c4b2e11dcef4cd8184fb2dafd6370edab65ac5d3a5e2

    SHA512

    d0fcd94928fb3d627954155b51dfdc38c6bfc431c27d4cfae9ca24c65068c73242eeed43c5e527099497e8a01af32b741f3344734dd3ef29c3fb1460daf221bd

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12APMO2Y\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab2E25.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar3088.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DG2ASWPG.txt

    Filesize

    601B

    MD5

    3883db8e5516005a65b271cb7ebf6aff

    SHA1

    0f4a54c541b3f9e155cf46018b8c7b97902eb3c7

    SHA256

    337f200fa8e98e4de31f9436d6b5ba82f2f886d088cd3603313912e567b56cb3

    SHA512

    6d58db3bf1efe2111f04db59365845648f629a198dc5dd3b8a93b23d0864e0c88b0147404765af956f56869123578bc1c9720ef45f9c160e6723d1370aa9f71d