Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 14:21

General

  • Target

    rev_3286/syscond-en-US/AppXRuntime.xml

  • Size

    4KB

  • MD5

    bf19db2e91edefe517515ba23b30103e

  • SHA1

    324d98b315d7f8e096d8d61505610706d0c73856

  • SHA256

    42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec

  • SHA512

    9c193cd9597f90913643cdd2079e36930e60b6ab539d96ba0d5da7ea2b5dde0b78d7451d0a4ac37cbbb8a90c548285fbf640099eda949665e186586d893adb14

  • SSDEEP

    96:jJpm5IJUVaBfgHt6kNEmB+kClbNpbj03V:Xc3AIHF20F

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\syscond-en-US\AppXRuntime.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1528
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1448
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1448 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6d367d5a4b3d389a819bc4e67306bbc1

    SHA1

    0b1e91224ed5502a4087000197f684aea1d11e24

    SHA256

    aa5d0898ac2f5ecee408025a4e4408addf26ac75810ba43a80a3464b0c10ccf1

    SHA512

    6bdda0b3a837987cd7755f7c9d5e33dd78d176b11d5e24de674d5b3f20a33610d4357c115532d35c77d2fd83cc036b8f88ae4f303aff523d243a19f82069a1f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a148b62103d527aa4ec4436b93f76d69

    SHA1

    36b2aae6919dd04739c85b3cc77783041ee37351

    SHA256

    9bbf96a73c6f70fe1c032d71fd2e38effa274a994967dcc3d00dae7187f2c4c1

    SHA512

    16d18d26ee03e1a1939bca9d5399f4e459842df53bec4abda544b53c9ce24d75b5d92e1912ea81302afd7085c1cf67db93cd8c1e601b608c4d240419786f0a09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b3f056bc3a769deb20d5240b9be6a723

    SHA1

    e1f6119a8c8fa31fa82f1a220c68e228f7531795

    SHA256

    3f347f276d5769ab39522f5cc352f4b3734402613de0df4a4f2b43d2acf436ba

    SHA512

    ca7c724cda24ef995d321b359fe0128a6d3905f5f7f7ebf581d0b2d582da8e2156a1177b01d67598a891996e0b88fb5105806ae2ef89efa42d06ea9f34c8b468

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4c5828aa20de1b0135c9379d3ed8af5b

    SHA1

    f96edae50401fab3603ab0b1a68e7c212a675624

    SHA256

    f169446ee8fa625af779339c248766aecd408c06b15ba210f1ef758174a207d8

    SHA512

    079c0b6591074fa21d54a7961674188c0836dac52476baa189106709f135f66b4aa52a15ddc6a09817d5eace001186a9e43d34a7ed4c3e0e44bea02f3e5033d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ed1019ce75fd25308bbaf2d8d040370

    SHA1

    f6b50b4b3db7e319400af8be7a14e301af2dac74

    SHA256

    c1273c38bc7726d61b92589e946a2cd270990701aacc307e25c9937f6f1291ad

    SHA512

    a7ba1b89dd9a6584bc1fa25eaf443ed1334b46428f8384b1ac38b6c360cd4f2e773d6e578cbaab94c8182d32f64459c20f6530b4cebbc14fe86c13a00885e41a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e817a62ba36644c022c00d27f422d683

    SHA1

    16627638c098c284c8298aa38b4bb6dfafb8798c

    SHA256

    423149c79a0125d4f92ac4d0371724fae640d807763421599f069bd994d332af

    SHA512

    4d5bd378f3f732042ff1b2d294efe719fd6130c9f6dddbb9d3f830f8c0c325dd4445c70910361368fdc084b1262991cfa978c7ecf441c20bded6cb60d75b1906

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7b10da65f09d708a7e88b218409fc945

    SHA1

    b956b87f71e06d344f30ebfa34ae99b9680c51e5

    SHA256

    3a69bcb2ec1272a6c76a65a9f46d76fda8576568636ebbe192d5221094f60f4c

    SHA512

    033c6b0e44f1c68a0dc121e4fc850d66772549254f94d3c5fdc02b6d73ba37bb4a3b72a7974e7b5d748c6c28b9d71bc7881e0054465c484108f0a38b46ab91dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eb4784cca06a5b6570e39df068ffc248

    SHA1

    9a45331eea24e32a5b92a174fdc3b88f8b6e27b6

    SHA256

    5e02947724fad9f988de097c1244c34d789b0ce8155ba1ab81403f5287cc4fe6

    SHA512

    f647d089023cc67b042663c7186bd5a9e27afe459eaee26e011f409969f5a2674819815dbef63917258b75ae8676799c4226e0d5943aedf65daa38818ca9e3d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8a8dfcd8679c3d3b486a3331f078a678

    SHA1

    7c9cec24d446954baf01edd5db936ccb59d0fedc

    SHA256

    bc0b3be8f6bbe3ed9c6c404a9f175e58a9b23c38d1cc8b617e6b4033e139e7cc

    SHA512

    53b07ab850d8a4746385f1a872ab8d714c094ffda57e8ef943376bb5d51d8ad6cd170ee93b26cd02ca44a35412db2f7bc33f23740237dac289da450aeb22560c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12APMO2Y\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab4473.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar4551.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SGHGFFFJ.txt

    Filesize

    596B

    MD5

    d0e858282fe2523113cce1383cdb050f

    SHA1

    bcd527a0f63bb12def9a5d519d6154fa10124aa1

    SHA256

    ca0e4a75172d40c1a836dd1d2928b3c264bd2a35ae7ecf89c72dada684adca2d

    SHA512

    67b2ac8d19a85cbd26bba9aa22d31e375837c094051ca70a1a45a2d66bb42fb532a4dd78c27c419aca38252960d6e4746d4b2af6d5a8773783caa78b61cf15b1