Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2023, 20:51

General

  • Target

    GD/Resources/FireSheet_01-hd.xml

  • Size

    202KB

  • MD5

    390a1e32ffff76050744b88fa57c8247

  • SHA1

    1649cdbca8b6f36c872889b791fd6b478038cf0d

  • SHA256

    aa7e5d61c298018d54bf70a828e3c92245c3394fcea90f247907031435ad0301

  • SHA512

    ad1f10790814f8304081aec308274c8e5704e6b59af8679ebb837c0c33ca6feb78db23014890837843b59129f71b2043148f01a5440f5eb12c99f9060553750e

  • SSDEEP

    768:IE1LvaxO9XpbkROnFWJmdJOAtqQFZXVLDFsi:91LvaPAtqQFZXVXFR

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\GD\Resources\FireSheet_01-hd.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c687688fae545f39b1573d4df1de7e5a

    SHA1

    68f5c394a34c89f151b5b3da2941d85702c0caea

    SHA256

    9539051ed2c1d7ed2daa2c91a9bd6967de6be9ad97121842bbf272ce4a281e33

    SHA512

    984da59a4a85ff76ec585f96e7f3939aabb9884a3ee9232dac0c8d02175c691187e824c1bc5cb8b2163a864ee09b52917f3ca0d1ba71cd1ad8f8f817a8aedcd3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4981e4d34375087002bbf02c4edd9af

    SHA1

    1e41a3e17287f8119aa0fed22d49be03a5d9c510

    SHA256

    41409a961d20fcc6f8e91251ec0d2437daef00a8660e0f0da75dcd0b689f2bc7

    SHA512

    0f9090edf98fc6d8097ee9190d8fb72a56608805366d689e2c804caf77e8f71d1d81a8560c62949ed8940ee803b7002c953b87b4daac85206422ca59697700e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e8130e5d9e017ba2026dfccaef0d8af9

    SHA1

    9659413e0af4fa07c1d7292e2726899c3e9229b6

    SHA256

    651cbed75d3250e18ad8e105156eda1f2943ae367645625c8429eec008317b6e

    SHA512

    e753227084f8b13809beb56112a11352ef52a6dc08c9e54ec5e5fc986829fdedd0a8c8c52c2512d7dc4b4b23a3c70dc4062ff7b705ca3a559b39a092e498454c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c420e865ccfeefe19ce860a35911117

    SHA1

    cfa116c9d0c5315578a73291f9ec5632e308d65f

    SHA256

    a7fe8bd6f902f704575ca8160786575a77e0fad850e772d86afa172aea938638

    SHA512

    52390f144b1f497444e175197534efabc501de6c050adad417c5a58a87dd95db9eb8eb652368886b0131a65b09c4767f5c20ee571f060e33b73264e5f7bb5b23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0f7f8900386b88e0ce1e8c2353863fd8

    SHA1

    f5934c6bd4a78a20df3951b5433baa7e3cf77cb5

    SHA256

    d7528875a849f01618aa0c2d94e4dab6995f1ab0027ab121424e9e576aac5b65

    SHA512

    572afad52df9eb4f134a3bb02731170a38858337819308d5dd7a538823378240e961b81863dd9611d8b5f8e64495d8e3bf0c08e1d9cafbd33deeb8c6b33491ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7666393f4ee1ef92303e1bddb87e8612

    SHA1

    74762bc9fa83b3aa755c005eb1e6bd72e7d94d66

    SHA256

    2ee07b9fd60cfbc000039d0f4d40c89b11aaf65657bed3cad346c8fdb88b407c

    SHA512

    73be8ea5f45c5c91c7f522f91febcaaecc8722b315e32517071feb23774cc897c8eac05bcb94aaea1c83b2533b492690853c282bdac74087e3e44b65d631ca1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1abe75abbd1816063d2d58040355658c

    SHA1

    d5a66e3279ea82b763562eddb94d6a6164bd86c0

    SHA256

    9c193ba9fe5d9b611c400bc9843de0c6abb88f2c9ca0850bd311af0a317e51c6

    SHA512

    3fab650f439a27931859040265e715250a8337eee5f5ae99aa84011eccb24a890e051e8e78507f022f6cf244c535731bb8ec4bda1dee4eb697a025dbb32f9ebf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79c18001549226fb6359eb2f611bf8d1

    SHA1

    a86d88a46ba6a17df267c85a2b7cfca48c9dcd8b

    SHA256

    3d35cf74daffad3ae51e29aad9fe9f4b4aa1ea2d9298ec4fb1eb771ea6c1d8c4

    SHA512

    6c80d035e6c18780e627bab978e8cb3129522b71bc833d6ab13a804654682412da60a4f80fb0af8a86c3ce41d23b68480bddab241682c27e0f3e69c6287745f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d41ed58b24297193b4af06f6b72e858e

    SHA1

    9f98ba5ffc729c5947d07d79d85fa0f4d1353dcd

    SHA256

    7cc5b7deec369d6662828a82e373c52e80956a13852942464d3262e7fad746d9

    SHA512

    276a8aec34fb9dbd17ed83a718e5cc1f08c63cdf3e8b4aec1e5f5fbc2ab336e3b7e8c812b1ee390f590980a8819b57dcb9e08ecf89a78b2e02d8276c3552fdbb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3994436924139f6f3a20140022e0cd33

    SHA1

    1095847cf010dccf8d011fbb8d0b37596bd1473b

    SHA256

    da9c1437d566b4e89168a6aec3e1d1672fc3c39a82a6955dd381cf681f3723e0

    SHA512

    91d645191752a7d09c45a571efdc1d3b63df459dfd0cf9040d65f34fbe7a49cbc1cbee211d6fbda1c81eab4cd3d85f49ea8eea1e5b998f30e4d95ea9e2afb7a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    beacd8e8c1e4fb804b3caaaceb0df2d7

    SHA1

    27bb7f3f9bbe69f595b5c7f0f4f1c8b0be0d0fbc

    SHA256

    f38d51268fb2b1b0f32e476682e011ac76b90a6f90bb3d521217eca9cd08909f

    SHA512

    cfca7812bf7de13a2c3f55e446acbcb68e91fbfbba371e54748056f6d3650ab2b313513b7dcc95001e0269e4f87bf6930f9eed759aaeed63a7b4d0dddff8b20a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EM1SEHQ\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabFE7E.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarFEFE.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DI5NHMSB.txt

    Filesize

    600B

    MD5

    cb961877153b148489790cb6da4ee822

    SHA1

    88343fa4b102f7143d7ae4a8df5b3ec0708dc4aa

    SHA256

    c42ce753864c3d04956d4a7658be9497b20c5131d2a0393c959213075dcfa5b0

    SHA512

    e66e2e18403e6005f80c69f6b8cc267c5e8bfc67636757440046467ec82c5e0f020dde7f672d9ea315a64ab1ead67af29997b8bf8cec7ba688e1b4f2fb1ddc8d