Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Saturn.zip
windows10-2004-x64
1wwwroot/_c...pp.css
windows10-2004-x64
7wwwroot/_c...in.css
windows10-2004-x64
7wwwroot/_c...ss.map
windows10-2004-x64
3wwwroot/_c...ICENSE
windows10-2004-x64
1wwwroot/_c...ICENSE
windows10-2004-x64
1wwwroot/_c...DME.md
windows10-2004-x64
3wwwroot/_c...in.css
windows10-2004-x64
7wwwroot/_c...ic.eot
windows10-2004-x64
3wwwroot/_c...ic.otf
windows10-2004-x64
7wwwroot/_c...ic.xml
windows10-2004-x64
1wwwroot/_c...ic.ttf
windows10-2004-x64
7wwwroot/_c...c.woff
windows10-2004-x64
3wwwroot/_c...pp.css
windows10-2004-x64
7wwwroot/_c...se.css
windows10-2004-x64
7wwwroot/_c...er.css
windows10-2004-x64
7wwwroot/_c...be.css
windows10-2004-x64
7wwwroot/_c...ns.css
windows10-2004-x64
7wwwroot/_c...et.css
windows10-2004-x64
7wwwroot/_c...on.ico
windows10-2004-x64
3wwwroot/_c...ar.ttf
windows10-2004-x64
7wwwroot/_c...n0.png
windows10-2004-x64
3wwwroot/_c...n1.png
windows10-2004-x64
3wwwroot/_c...n2.png
windows10-2004-x64
3wwwroot/_c...n3.png
windows10-2004-x64
3wwwroot/_c...ims.js
windows10-2004-x64
1wwwroot/index.html
windows10-2004-x64
1wwwroot/js/anims.js
windows10-2004-x64
1wwwroot/js...ger.js
windows10-2004-x64
1wwwroot/js...ger.js
windows10-2004-x64
1wwwroot/js/utils.js
windows10-2004-x64
1wwwroot/li...min.js
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
13/11/2023, 03:20
Static task
static1
Behavioral task
behavioral1
Sample
Saturn.zip
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
wwwroot/_content/Saturn.Backend/css/app.css
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
wwwroot/_content/Saturn.Backend/css/bootstrap/bootstrap.min.css
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
wwwroot/_content/Saturn.Backend/css/bootstrap/bootstrap.min.css.map
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/FONT-LICENSE
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/ICON-LICENSE
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/README.md
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/css/open-iconic-bootstrap.min.css
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.eot
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.otf
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.xml
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.ttf
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.woff
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
wwwroot/_content/Saturn.Backend/css/swapper/app.css
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
wwwroot/_content/Saturn.Backend/css/swapper/base.css
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
wwwroot/_content/Saturn.Backend/css/swapper/installer.css
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
wwwroot/_content/Saturn.Backend/css/swapper/oobe.css
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
wwwroot/_content/Saturn.Backend/css/swapper/plugins.css
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
wwwroot/_content/Saturn.Backend/css/swapper/reset.css
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
wwwroot/_content/Saturn.Backend/favicon.ico
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
wwwroot/_content/Saturn.Backend/fonts/Nunito-Regular.ttf
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn0.png
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn1.png
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn2.png
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
wwwroot/_content/Saturn.Backend/img/Anims/Saturn3.png
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
wwwroot/_content/Saturn.Backend/js/anims.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
wwwroot/index.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
wwwroot/js/anims.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
wwwroot/js/modalManager.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
wwwroot/js/tabManager.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
wwwroot/js/utils.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
wwwroot/lib/anime.min.js
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
wwwroot/index.html
-
Size
1KB
-
MD5
a7384be70a95c63fab9cc5a291b83536
-
SHA1
0e7c3ed2f611d27a7301191c29cfb5c8fe49f9fa
-
SHA256
aaa042450472c6945839e5b68842912db53e8d5541a95f723e34c5730d88deca
-
SHA512
4687d9cc3ffb5da611c0e2a91baa236a2487d087f401fa07830bb53528ff6fb398efb282c55b2742e5d4e50e7409a7425c2a8d0f62fbe20cb0408524b3eea78a
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069666" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c91745e215da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb910000000002000000000010660000000100002000000028f85b6d6ef41950a5b5faa31e0cc03d5862e4ffb5e07447074ae56e9246567a000000000e8000000002000020000000a4545e0bbef3cd3840a00d0c81cc531851f80b523d646e74f82817a7e62fd2c4200000007a5a397faaa0ddfe2a1360ef6fd74a8a17e6a1ebebf3bb74543566a1c55f513740000000cc4967db266f13d8e3c316b58e0075a217f70043edaae8ae37e4dbfd29917d7df449a94533145ca78239041d8f8f8c956ecb0d3d3c843a4b1dddd677e03518b5 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b02345e215da01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1115441285" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1142630758" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6B49DEEF-81D5-11EE-88E4-D2A3C0AFBE96} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1115441285" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069666" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406611394" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069666" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000522a271420cc9b97f981cf5afc000d1052044f90e7d6b421d8462be9165d9b3d000000000e8000000002000020000000d553ff12a75424e749b70698910658e2ae88f7122a0a0dd6e472e211b9952f962000000074c410931e19f0fffaf9c2e1b5b0cea83403124854e032a75d1c5cacee7300b140000000f1265afe47bd86f22513737967a541b3d5731f75fcf0660eef64d6ab7438af1b62b1708edb3ef1cf5ea6b6b14d4f754b8536a1abf6ad773d2479f4faf333ab36 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1792 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1792 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1792 iexplore.exe 1792 iexplore.exe 3272 IEXPLORE.EXE 3272 IEXPLORE.EXE 3272 IEXPLORE.EXE 3272 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1792 wrote to memory of 3272 1792 iexplore.exe 89 PID 1792 wrote to memory of 3272 1792 iexplore.exe 89 PID 1792 wrote to memory of 3272 1792 iexplore.exe 89
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\wwwroot\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3272
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5425fa6fe1b48a325fe7b915d204d486f
SHA1633ccb8808a5c2cb8abf7f03f9a92f733709de1e
SHA256bf72ba54028d66c4e9e9f52948a6ed5fc70832e665b56e46eb99e0ad4afc851a
SHA5124a1825f19dc9e84fe6ffd54990891c60dfecdf718fe2b90e7b237870701de694e3fe1dbcf0afb4fd460dc6a23beb2b3bcee85c481b9549599b5ba06fd8d007eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD57b4f2aef8bc4f9ca17510900882990d7
SHA1b3ba8ec303b8fb1cd2526e06e9704977d23721d6
SHA256e547f022b2358842d02d7bd0ef5135d1ff298cab7ddd6833edd30994cbb144ca
SHA512e511a0fad88b415ad33f23fec72a08956e157d5758891fe441c92ded4c8c377b0fbd278dd06146d9fe47ef9a50e87b1517a4331c61d3f0c16a9161872e028ed0
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee