Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 05:05
Static task
static1
Behavioral task
behavioral1
Sample
6eda4b8ce514e6d7d07639a46452038a.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6eda4b8ce514e6d7d07639a46452038a.html
Resource
win10v2004-20231215-en
General
-
Target
6eda4b8ce514e6d7d07639a46452038a.html
-
Size
34KB
-
MD5
6eda4b8ce514e6d7d07639a46452038a
-
SHA1
5146b81ea1fa3fca3cef14af5ec6a6e98d8da743
-
SHA256
c0fd622f9663c80504ee0f841a8f6aeab5a625752f7575aae669bc84ccc11166
-
SHA512
ece2ab98e4c34d80c07146d2bede56243ded0bfdd9086e3edca636279b435b78f55b1a14c63176f24eb269c5a70e71ad03bb6f8aea0048267d0ca4898f71dd67
-
SSDEEP
768:2IRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7S4Rti:2IRIOITIwIgIiKZgNDfIwIGI5IVJ7SqE
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{620D0E7F-A17D-11EE-BD28-76CF25FE979C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4076 iexplore.exe 4076 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4076 wrote to memory of 2136 4076 iexplore.exe 17 PID 4076 wrote to memory of 2136 4076 iexplore.exe 17 PID 4076 wrote to memory of 2136 4076 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6eda4b8ce514e6d7d07639a46452038a.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4076 CREDAT:17410 /prefetch:22⤵PID:2136
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5cbe52b6d1d6636bd2a633e1426811bc7
SHA19bccdfc84215c521962e4523c5e1dbcad9bc63a5
SHA256bef6031b5652e8e55953f426e3d40b75ca1e6cd1c63b6529587094cf7d011b93
SHA51208ff9c682ec797ac9ff4d2178c4ed871388fc091dda7617351d868134ae48801b86151542900628822b254465292e528e29d08d23515939124ba3038039ee79a