Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 03:51
Static task
static1
Behavioral task
behavioral1
Sample
5e684dcdf43e6c4e718b7a3364a4571a.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5e684dcdf43e6c4e718b7a3364a4571a.html
Resource
win10v2004-20231215-en
General
-
Target
5e684dcdf43e6c4e718b7a3364a4571a.html
-
Size
1KB
-
MD5
5e684dcdf43e6c4e718b7a3364a4571a
-
SHA1
7a9f40d575c86425407438593521dc6965fc9704
-
SHA256
d7315e81a76a41080e1ff49e2a1460b378b46a6705fc720e789cbb109aa88b54
-
SHA512
dc86b5bce1395905331ff2160ff28141ff96ed96e578d983db78e4d0d12eba1ca7648c335cfe9d794b378ea947ee46531dce09f4e39078e2b87da686203e7131
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A936F201-A164-11EE-9A90-DECE4B73D784} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2512 iexplore.exe 2512 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2256 2512 iexplore.exe 16 PID 2512 wrote to memory of 2256 2512 iexplore.exe 16 PID 2512 wrote to memory of 2256 2512 iexplore.exe 16 PID 2512 wrote to memory of 2256 2512 iexplore.exe 16
Processes
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:21⤵PID:2256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e684dcdf43e6c4e718b7a3364a4571a.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534443b51d8c172deca1b975ca2cdcf8a
SHA1eecb5e69f7932f1a15d6b98559b0092738e84f80
SHA256e2dd6ea66cb8c6b530bde044dee31209f79f8667ee9067699c7203bf938cdfef
SHA512a800690beea1ae5f07d869377a87830e5fda668c6210aa61ecc077ed375dcb13322db636c167609b04ade5a913db944854f6985595a6a41f0fab27bd4d97427d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5485c98486b2d42864bab633a947106fa
SHA165b57401781beba499184a0c70c919914bf4d9fc
SHA25662f1fcc3f3665393b9fba929192cbdc8e8847dc576528c5e996974a3aea0e693
SHA512a313791534415fd776483ab5bf0d44b2d7443ba63aab4ea0cd880881e127eabaeab83e053630363e87b24eb3ef97106e6c78de3ad6b28dfb7f96d48aadb23d60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD589078c449de74081e3d7636600ff707e
SHA1316b3cadbf12cb1f6341055a384c149f437bbcec
SHA2567c03a1fb4e4dd3156d13a8d7bfe7394d077ea4d08e7ed2172f2e7004211efe76
SHA5124309137afae138dea0fc5ea62a7cea3ddc04bfcd50326ea1253750dc2711a423f4a2e94b8bd006fc2809ec9f096ce2ed15c11f2afa53a6966d699dcaa646aa76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ca56457ef23518b5bd4b7ec7f4fd901
SHA1eecb2eaf36eae1d54d450b6315a2e3403bb785a0
SHA25686f7a38e56250d9129d89b5293d8783b9fb02a0d18d1d90f352b2b63995592bd
SHA512130ec07fac8292a56680fcfff19529053e644fbe6c84d7a16d83240ec55de7b1266ac00ce2ebf1ad738308fe64888122ada459c5907deefbcf52243a28fbed10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b1efb7ce4813dbc73bb88381da319adc
SHA1b88e51fec2f763a64f49e7818684f502c2bbccf8
SHA25624fd3abfd87009acffb403458c2ac709d1fc5947c2eafd6a11c3250c97534495
SHA512e9272e06f88c1656d084daf01039b9e2b3f3c56ccc6922d3a4cae1bdfcf64d49e8a081c7405efcd8e6dfb6f840d61051b750334cf066642cc7266750df00d7f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e44610acb57ee0a2d196a482d66b6bb7
SHA17aafa61147868b0a51c6ff12cb575700a84037cc
SHA2568215196d3483d64df925ddad0e9c542bb54b61e9bf912e04cf0f43cff29741c8
SHA5125c371bd51129b1133effdeff2c28f441c03e739802b18059749d02d89cde9dbd908b8019251018689fd2412da1e0e892267f81406de9f0b1fc9f9598fe4ac30f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec260bde520419660df2a7a512391762
SHA117deeb797b3e45d8e236a27f38f64141cc3ac2a8
SHA256b2f04226b163c1cdcda4850b6f00c59aadf72e58b5dbe694978dd297f2bf9402
SHA5122ab0bb322e8c631a8493ba7637fca62a6ee8a0eb4bbac5dca41e8ba16dd16d03d7b550a6c0e2664a0c6559ec1bc6f3ad39672507423cf23198db77da5434c75f
-
Filesize
36KB
MD5da9cdb441b1d12832eec007349fced2c
SHA1e2571275eb4bb7f1087b909617f3623ea363efe9
SHA256269e0fd1baaa9cc7148fc593e6e4e3cd17bd4f739cc5b03cc7cc67ec66a2cbf2
SHA512d20ec5314aa5e7a867773d305320ecce842e8b8bc350e0f8c694f5d0f6b46e2c374fbdc5ea7a6df4ea4bfc2698cba1c5b46dcb5130d57fdb61c9cf519cff6a8f
-
Filesize
10KB
MD5ad41bff9ce68729df936b9c92b495130
SHA1402d67e12b3163db9f68ff567a17f91d07bea743
SHA2567077658f84282b6d946462fbdc8d3e98a8057f6c72fd984bd5a07c12c4578460
SHA51225323f16c33f62700c117bebf4843a1b19a3b48c233eeeea74d2cf328e9045132ae9b260fa43aa426aa1cbae3d5e6bbfc8b6245b0b5122fd96dbfdd8fcbd72e5