Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
28/08/2023, 10:09
Behavioral task
behavioral1
Sample
GERECHTELIJK ONDERZOEK.pdf
Resource
win7-20230712-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
GERECHTELIJK ONDERZOEK.pdf
Resource
win10v2004-20230703-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
GERECHTELIJK ONDERZOEK.pdf
-
Size
107KB
-
MD5
30902ef19e307326a154a905c730a38f
-
SHA1
8ec72269938dac3104a19aef233fff01c62d7959
-
SHA256
543392cde907334d710ce7c844d6b4bbbf6ac8a5e0d7752f803e61424382ca96
-
SHA512
1b790122cb49f814495f7b1f466449939674a9b75fad90727ad4cef05aa60344781c7f38125cf459c4c8c1ab30e65ca5ba81cb6028cff16630c443c98f53e5e1
-
SSDEEP
1536:9yZN6SH7RbBcq/hBOitOOdG538OZU+KaSxtLRU+9S/BqK365UBmX4t:4ZnbBd/zLdy38AU+1SBU+wT3KUBmu
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b021000000000200000000001066000000010000200000003bc964961a40e7d51f84aba75702be0a0df752bb3a74dd3015945d960a43e700000000000e8000000002000020000000282a00c4bc0867ce01ad2ccfec7ff2ca0af999f3836c443d4d9520fd23a2a01220000000b7ae4e0b53954938c4a6cc82f89c999ca52fe231f4fb80bc6e4dac9d57c104a1400000009e4be62dbd7592a4058889f27b343efcee255cf527e64c9fe81fc993199ead5d915d36dbf2c290b7a24e173a2621d8de12441ab18e953c003b62149c08aa9221 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399379314" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2089b1fd97d9d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A785B11-458B-11EE-9242-76E02A742FF7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b0210000000002000000000010660000000100002000000050480dfd49191df11ffdace44eb8c4f28c9b2cc0632b03253474481b5033cfb9000000000e8000000002000020000000bd36faef0ef67b9a932da1b44789ab473724761c4a8d8c1815522f3dc23b99e190000000f9464f731207ea433c7fd4761cbba434645cd4cd7fbe752ad3ef9bce586fdecf23de28cc67a8953aab4ddefc5b66c6ab180ae128f00754b79ea17d362c80906a2d8f9f540a558ab6654dbbd4060665d3d7b55543e42c1f2b9ca34cea13195007a5d891e932d7acebeab7a082af4e9d471b2312e1f0b1f3319cf5443adaa93f3b1b62ceb0f3fb84399702e0493a00292640000000a992ccefdc7d29c1143123282229f3d5806af7ee2055e452a6562d00bbad63fdc53658cfc223457ca35d422f89bfa553fc025e2af61e7398eeef76992d592d6b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2376 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2204 iexplore.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
pid Process 2376 AcroRd32.exe 2376 AcroRd32.exe 2376 AcroRd32.exe 2376 AcroRd32.exe 2376 AcroRd32.exe 2204 iexplore.exe 2204 iexplore.exe 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2376 wrote to memory of 2204 2376 AcroRd32.exe 32 PID 2376 wrote to memory of 2204 2376 AcroRd32.exe 32 PID 2376 wrote to memory of 2204 2376 AcroRd32.exe 32 PID 2376 wrote to memory of 2204 2376 AcroRd32.exe 32 PID 2204 wrote to memory of 1460 2204 iexplore.exe 33 PID 2204 wrote to memory of 1460 2204 iexplore.exe 33 PID 2204 wrote to memory of 1460 2204 iexplore.exe 33 PID 2204 wrote to memory of 1460 2204 iexplore.exe 33
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\GERECHTELIJK ONDERZOEK.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://2fa.telefon-de.com/XTmtwNE1YUkVOMmxYWlhWdVdUVXJhSGxwTkVkUmNtVTBURmxPV1V4ck5WVlNZbWRzV1ZkaFl5dFVUSGR6TUhkSFVuUXZiMVJ4ZUVFelRuaDBUV2MzTTFCbldIRnpaazVLTVhsRmFEQXdUVVJuY25wR09ESlJWV0Y1UVVvNGVGQTJOSFJMYUhBeFoxSnpVVzlDU1dwRWRuaGlRbVJ3UzFoMllqYzVRMnRHU0U5SlRpdExjbEp1YUZkS1UyRTRXbmxyVFRWUGFWRnRURnBTVWpsVFFrMTBka0pNTlhCWFEzVkROR0UwVERGeFUyMVlkMVFyTDFkc2NFSlhOblpsVkhGVFIwRXdVbmhGTWtaMFdsVlJOa3BUVkcxaWVFOHZVVDA5TFMxRk5FaFlUWFZ1YldadFdrMUdlSGhxVjJkVFpXcEJQVDA9LS00Yjk5ZWQwMjJjNDhlYTIwNmEzNTMwNTlkOWQ4OWRhYmU4NjA2OGRh?cid=1732799182⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1460
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a72089a9f78c8831288874889a661988
SHA141258852cd50f5de260910fb9c5e4845650b5596
SHA256abef078e9683f995f8917977f4acd55cc3f105eb6babe83250ca81df479776e1
SHA512afbc76e63dd6ca579b6d3dc653d1d41372a1ab2ea1f2b28985bfc7fe2d78c7946a045cef66a611591d9108abd060a399605450863b4b0c5f93c87911fbf351a4