Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3DriverSuit...in.exe
windows7-x64
10DriverSuit...in.exe
windows10-2004-x64
10SIack_Desk_v3-271.exe
windows7-x64
7SIack_Desk_v3-271.exe
windows10-2004-x64
7rev_3286/A...me.xml
windows7-x64
1rev_3286/A...me.xml
windows10-2004-x64
3rev_3286/A...gs.xml
windows7-x64
1rev_3286/A...gs.xml
windows10-2004-x64
3rev_3286/E...ng.xml
windows7-x64
1rev_3286/E...ng.xml
windows10-2004-x64
3rev_3286/E...ot.xml
windows7-x64
1rev_3286/E...ot.xml
windows10-2004-x64
3rev_3286/FileSys.xml
windows7-x64
1rev_3286/FileSys.xml
windows10-2004-x64
3rev_3286/SkyDrive.xml
windows7-x64
1rev_3286/SkyDrive.xml
windows10-2004-x64
3rev_3286/WinCal.xml
windows7-x64
1rev_3286/WinCal.xml
windows10-2004-x64
3rev_3286/W...in.xml
windows7-x64
1rev_3286/W...in.xml
windows10-2004-x64
3rev_3286/inetres.xml
windows7-x64
1rev_3286/inetres.xml
windows10-2004-x64
3rev_3286/msched.xml
windows7-x64
1rev_3286/msched.xml
windows10-2004-x64
3rev_3286/s...ce.xml
windows7-x64
1rev_3286/s...ce.xml
windows10-2004-x64
3rev_3286/s...ms.xml
windows7-x64
1rev_3286/s...ms.xml
windows10-2004-x64
3rev_3286/s...at.xml
windows7-x64
1rev_3286/s...at.xml
windows10-2004-x64
3rev_3286/s...me.xml
windows7-x64
1rev_3286/s...me.xml
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23/07/2023, 01:18 UTC
Static task
static1
Behavioral task
behavioral1
Sample
DriverSuite_for_win.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
DriverSuite_for_win.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
SIack_Desk_v3-271.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral4
Sample
SIack_Desk_v3-271.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
rev_3286/AppXRuntime.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral6
Sample
rev_3286/AppXRuntime.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
rev_3286/AuditSettings.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral8
Sample
rev_3286/AuditSettings.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
rev_3286/EventForwarding.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral10
Sample
rev_3286/EventForwarding.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
rev_3286/ExternalBoot.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral12
Sample
rev_3286/ExternalBoot.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
rev_3286/FileSys.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral14
Sample
rev_3286/FileSys.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
rev_3286/SkyDrive.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral16
Sample
rev_3286/SkyDrive.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
rev_3286/WinCal.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral18
Sample
rev_3286/WinCal.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
rev_3286/WorkplaceJoin.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral20
Sample
rev_3286/WorkplaceJoin.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
rev_3286/inetres.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral22
Sample
rev_3286/inetres.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
rev_3286/msched.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral24
Sample
rev_3286/msched.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
rev_3286/syscond-en-US/ActiveXInstallService.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral26
Sample
rev_3286/syscond-en-US/ActiveXInstallService.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
rev_3286/syscond-en-US/AddRemovePrograms.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral28
Sample
rev_3286/syscond-en-US/AddRemovePrograms.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
rev_3286/syscond-en-US/AppCompat.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral30
Sample
rev_3286/syscond-en-US/AppCompat.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
rev_3286/syscond-en-US/AppXRuntime.xml
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral32
Sample
rev_3286/syscond-en-US/AppXRuntime.xml
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
rev_3286/syscond-en-US/AppXRuntime.xml
-
Size
4KB
-
MD5
bf19db2e91edefe517515ba23b30103e
-
SHA1
324d98b315d7f8e096d8d61505610706d0c73856
-
SHA256
42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec
-
SHA512
9c193cd9597f90913643cdd2079e36930e60b6ab539d96ba0d5da7ea2b5dde0b78d7451d0a4ac37cbbb8a90c548285fbf640099eda949665e186586d893adb14
-
SSDEEP
96:jJpm5IJUVaBfgHt6kNEmB+kClbNpbj03V:Xc3AIHF20F
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396840212" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2029f2f503bdd901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae00000000020000000000106600000001000020000000382fd227195c9f006793b28c94a2016da253ea208ff76b58aceaf7d6795c0b30000000000e8000000002000020000000b3f416f669148b72a0eeb86d8bb8406d64d56e1cc82a5005a326f7ec612b65c920000000e344fe159e534cfac2f28741330ec5e12c441bb03596bc923a23de391da9b00d4000000030998595bb478f6a5b7681e8ea31b678e2517cbab82604c43b98726f400d760e4b9042d5c290ebb4821657112dcf3d2396398942f2a55f254ccec83de5f3fde3 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae00000000020000000000106600000001000020000000f1b28cffd406d542af25e5f4f50b9695cd9eafa350767953594a5ae8f999281d000000000e800000000200002000000086ece010283fae3a917e5c12515c589b726788522bd6262175e2599655782bce90000000975a8c38c2fddf9cef3437b26f0d3ca4309c13f532e8e43670516d59eb4b90850440fd62fccc2aa4a7e4a759cd60a9637dc9715dfd5319f0cddff49c089d7d653e4250f4f2d57f75d50a630dffff13f73007669281d87944a38caf8e88d9765e6709bbf629ddd63fa53125a207c57351ddfe3c00910c0d98a0cbcdd581f05fc4b24587907cdfb58856cfbdc8730a7f1640000000a7dd4ac4cb43bff0ce6b859ba26399a8be839fa9199be93881b133eb8183da05c1259d7c740c47c24e842b6cbc8d64a448719b99a71d514a21e885b4e127b61d IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{212C2B41-28F7-11EE-91F8-F2F391FB7C16} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2972 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1928 wrote to memory of 1580 1928 MSOXMLED.EXE 30 PID 1928 wrote to memory of 1580 1928 MSOXMLED.EXE 30 PID 1928 wrote to memory of 1580 1928 MSOXMLED.EXE 30 PID 1928 wrote to memory of 1580 1928 MSOXMLED.EXE 30 PID 1580 wrote to memory of 2972 1580 iexplore.exe 31 PID 1580 wrote to memory of 2972 1580 iexplore.exe 31 PID 1580 wrote to memory of 2972 1580 iexplore.exe 31 PID 1580 wrote to memory of 2972 1580 iexplore.exe 31 PID 2972 wrote to memory of 2744 2972 IEXPLORE.EXE 32 PID 2972 wrote to memory of 2744 2972 IEXPLORE.EXE 32 PID 2972 wrote to memory of 2744 2972 IEXPLORE.EXE 32 PID 2972 wrote to memory of 2744 2972 IEXPLORE.EXE 32
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\syscond-en-US\AppXRuntime.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2744
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UORESFNG\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27
-
Filesize
603B
MD5dd27fde4dbaec263c074297866f2202b
SHA1466408787b31494131517403d0b94f5c63b94e8c
SHA2563b909797c6346632993950755f562712dd9e141b4cccc6d7b905e552ac7c954f
SHA512e789fc85b7f6010a55c4212748c9f4b09df1fa2e5f42abc448645d1a3fd6f4cfe4ac14ca1911469800969641aa97bba7e880a96b2cf00109af695f1c6d38d67a