Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    154s
  • max time network
    189s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2023, 00:49 UTC

General

  • Target

    AchievementsDescMD.xml

  • Size

    11KB

  • MD5

    af4ede98dc235d01a6fc91903f253c6c

  • SHA1

    09ea0f45d0d467bbc8891ded1731a9ffd50c122a

  • SHA256

    8b11ade6e627486745a5e9c598907e80b14d297e4e25977ec54b20c8893fd0b0

  • SHA512

    1e07bc12797f5890228e657584ad7325da7d454514e3e4bb0a1c4e510bbf4b15e7d4b6fa5c99197ad10f653580fb0a79330cc81ee96f5ab1693c16cc51aaae14

  • SSDEEP

    48:cfy9j1ZkgulyBYGmeCTuP+ty2IqnWKGOfeEOfvBH1mUe0pWYasZHZolitptR+8qN:Cy9rljBYl1wxXKGYqtnz53pvQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\AchievementsDescMD.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2508
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1704

Network

    No results found
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    753 B
    7.9kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    753 B
    7.9kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    785 B
    7.9kB
    9
    13
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a02d524859bae699a4d15e928b0bd928

    SHA1

    65547e805321e99c077ef0a1ca5bc8d1722a2217

    SHA256

    596a3b5fdb2027281b8095f8d0682ed2f0eb79fd015e0e82a5a709d33b17faf7

    SHA512

    5912dfa675c7477bc95cbe03d6f957a95b45a1640e31a1aa6aec78f93f71525681e632d8443644c2bd7007d0708206fc6574c4ac73686eeb65ef04f8943e4885

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a61c258a1c3fab4b6218dff0dbad913

    SHA1

    ef9d9f1ebf6f3b002215af744af469d244b08824

    SHA256

    b2bd23960fc0c85a0d8f6ff617ff2e40cd5dc4d41b621f3374508862f4c8df0d

    SHA512

    e217bb54811b8aeb781291e53fe64723cfb6b6b3e1ddd7516a6146a5460f6deedf89fa03bb2763d01a30de0b7e72abe14bef3e4e951aaa4db29e2e5fc73fcaf2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04e158824e51973b2ca0250871806a9d

    SHA1

    caf6c3e4369a334e1387b9b456eb8aa85c1cac26

    SHA256

    c1984f4e8b32a407ef15b443b9c1544f3e8114c1a39ee2beff168773faacbda9

    SHA512

    67f6001bfda23c3314c4a7a5088f0c5c1fd6de1bdfde21fc3704f5336906c6577ecfa20b6d2a73d514f54cc909337a0df128e0bdd320fd3e7b1663620e44efc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4acdb2ddcae526e5a130de41dc54e76a

    SHA1

    913e43ebbecd59ff6e7f4cd215d2556e088d13eb

    SHA256

    11ca7d6a1c58dfc80d93acb18c6fec498d1ca6b1f4e2b1ea2088225111970f86

    SHA512

    621e01bb79cfa30a0c9615c640fc881c2a20a9cdaeb6b1a565a306418f057a5b8c6b5967fd44c8d27c4e25d7d91614b8e1c4909f51fb863be7f2321465f8190a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7857d041474c43efd1757f545ae0ef5f

    SHA1

    3d1e5fb59c7ac598b26305225d6ff786b149fcd7

    SHA256

    5d110d2fa7768a1b4d00cbf472aa293bfc2d22d1c63b0c945d99096024afa56a

    SHA512

    0d48415389d4d20842981c15e7a4baf241aff7e064b2b337aad4b8107cb345f4702c34b5b3d1ee3a5c3c694cf58b243a8e049cc31957e710b3796f0c57e786f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9f9b6233654033a4ac3052e759872ffd

    SHA1

    b1b3f48e29a78a770fc2a1b6dc9db59c601e5a31

    SHA256

    fc80f707ebd47aea9553515081db7321b13a275027ae4b250ede57aa87b84466

    SHA512

    3745453873444f2b866acd1406aa919bc316ab906b5a1e774f64860d5985051e29fc0116a78d5fde4de5a10658951b0899057640269f4bc5962f890d1322e271

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3a8f885358ce4a89812b9febb7d3a231

    SHA1

    4342d0dd385b8fa2120431ae7f8a95ce3ed7882f

    SHA256

    4aefaaff83b120ad5a06e7f6ff59833362645d06c532bf387a16b93fc7fc81c8

    SHA512

    d05c4503030feebdaa6d5ed796ec30c83c7dc90bfbf4badcd30674a315fbad2f91a25d3bfbbcc8bb1bebd5dcc6edc7046d8e74525468d57c1cc60adaa782a68f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    340300b9689c4d2b06f2401d49b781c4

    SHA1

    648e5c46b6ed363ff5babf1cd2659228cfbc62f6

    SHA256

    104fdf7b21e73412fe2df551a3fd3ccddaae99f3ee49c5c81f8925e14e70dc29

    SHA512

    834df072b165bc787562a0605ef4cebf44d53c4faa778afd45a8417b981bcd917f802802d5840828f6bfbf4b29da923ce867e4fc46ecbacc6380b6ecef9d6a41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fff1df85d157612581ceff3c190d7172

    SHA1

    5acbfee59cbf486f5cabd2329912d6d09b94a39f

    SHA256

    54cb6cdcb630d6adb2ff1287545a26a66c040694d33278115b2af975394a86b1

    SHA512

    d71b11c60fad6a629bf78476ef293f493edb1b029872a51e9a98efd6e42b8da77d739bcf7b3c6b86f404b884e97c68e6fb8dbc89189473d527bc138a5c55f426

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ec2de41c2d99f195eeb558f09bfa060d

    SHA1

    c102427edc92697af3cf5d08cba96c49a424e673

    SHA256

    5d38045a54e0094c0fafad1f169ecec919cede2e7161f877bf319bb76479e9e1

    SHA512

    e29767ceb7df3be8c1da1bdef8e13f175745bd0a5d28c0dde04f3acb5f8936038894e49f9d9f438bf79d5076bf7edf63d782069e7137ff262dc54ea5c7bd8ff5

  • C:\Users\Admin\AppData\Local\Temp\Cab13B.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar2D4.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.