Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

fe9e2413c6...8.html

windows7-x64

1

fe9e2413c6...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 17:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe9e2413c635c42fdb4613b659be4998.html

  • Size

    601B

  • MD5

    fe9e2413c635c42fdb4613b659be4998

  • SHA1

    63c60f507553f57a28de657b270becb73f0a1eac

  • SHA256

    1c870f656b490a1a9f1f507b2386c3f1afb9776b66b35a95481fb9797e83ed93

  • SHA512

    dedf54eead0d1fcbc9f0f792d73cf761b684e46a4eee22d8348a9111db4f6bddec305b1f569ab272017d6565a1b90189cd68c401402ed874234c908f8a13baf0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe9e2413c635c42fdb4613b659be4998.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2164

Network

  • flag-us
    DNS
    frookshop-winsive.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    frookshop-winsive.com
    IN A
    Response
    frookshop-winsive.com
    IN A
    18.158.88.249
  • flag-de
    GET
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXdiZjA2bnZodDR0MmIwYmFpNG9rdW83MCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1631060247881&hash=z-_hohG9InCmdNuvHTmCdG229e6zID82pQPfmm971bE&rm=D
    IEXPLORE.EXE
    Remote address:
    18.158.88.249:443
    Request
    GET /redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXdiZjA2bnZodDR0MmIwYmFpNG9rdW83MCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1631060247881&hash=z-_hohG9InCmdNuvHTmCdG229e6zID82pQPfmm971bE&rm=D HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: frookshop-winsive.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 400
    Server: nginx
    Date: Fri, 22 Dec 2023 23:26:33 GMT
    Content-Type: text/html
    Content-Length: 231
    Connection: keep-alive
    Cache-Control: no-store, no-cache, pre-check=0, post-check=0
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Pragma: no-cache
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.17.179.205
    a1952.dscq.akamai.net
    IN A
    96.17.179.184
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.17.179.205:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Sat, 23 Dec 2023 00:26:26 GMT
    Date: Fri, 22 Dec 2023 23:26:26 GMT
    Connection: keep-alive
  • 18.158.88.249:443
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXdiZjA2bnZodDR0MmIwYmFpNG9rdW83MCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1631060247881&hash=z-_hohG9InCmdNuvHTmCdG229e6zID82pQPfmm971bE&rm=D
    tls, http
    IEXPLORE.EXE
    2.0kB
     5.8kB
     14
    11

    HTTP Request

    GET https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXdiZjA2bnZodDR0MmIwYmFpNG9rdW83MCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1631060247881&hash=z-_hohG9InCmdNuvHTmCdG229e6zID82pQPfmm971bE&rm=D

    HTTP Response

    400
  • 18.158.88.249:443
    frookshop-winsive.com
    tls
    IEXPLORE.EXE
    1.0kB
     5.2kB
     11
    11
  • 96.17.179.205:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
     1.6kB
     5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    793 B
     7.8kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.2kB
     7.8kB
     12
    12
  • 8.8.8.8:53
    frookshop-winsive.com
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    frookshop-winsive.com

    DNS Response

    18.158.88.249

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.17.179.205
    96.17.179.184

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e6fe48b6f96380e89d9074b94b6fb44

    SHA1

    ce7b8d36b6dca8b2c13e82eb923288900ced5015

    SHA256

    2f87dee1840e728e4a9c265f37b0d3ef76087ef6b6432cfabc17c13da8e66997

    SHA512

    bbf9e1cd7bd19574f2dd07505cac99f46958ad8bd3026c324e3e60974c1ca79ef8f0b4f690742dc0d09ba636a84bab6c60d1926c82bf784948cbaca3910d7ba0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9fef92e524526a05372f8545e11dcf5a

    SHA1

    e922cb878d3c07f3b3d6733f692059f4cc748ab4

    SHA256

    d839a86aaf3d8a5df065add30bf87281bd2d9de76cead34e54a3dfc997ac6b99

    SHA512

    7f7ced47e255e0771a7bdc19f58f265bc880e0d956abb1832b7c04fbc0388fd150d82b66cedea7fb634492a7afbade5191eec61434b6403f78373254dc79025a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4872022428bac4b717d21df761707311

    SHA1

    f3b6fdc15278f38c3e52e4e9b6b5281427106805

    SHA256

    bc56edfda56ccbd717b4b35c9277e6f473bc6b85ec549b4fc780550f661841bc

    SHA512

    3a67754d407584b5be9ea9c6e6e6c228d6f529039e50c16853fcca6b4fd6f41041ef8e07a8f1f71f7c736f88f941bafaa27a15d29fb1525ea550267b76eaa144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7007b31cd1ace2e504587b0e9812168

    SHA1

    73125b9db79bd9afc82ab4d241e75b417c5366f4

    SHA256

    325d0eff0a31943adfac07c7a8a6d629db1cdb19c1f3e4a0e91d6141a3e06724

    SHA512

    9309e082c24b259a8371f393ac917ed6af75f13b98bde65d15475a03e058747b8d6823f6f9b72bafbb776580c2e7e5a7d3c88ecf3e9f1b8808b341d9d8699a6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c850dea90c980744bda48388200ca8cc

    SHA1

    28e9181d09c75b6afbd9be74ceea58103903dc5e

    SHA256

    2c170103f040997bae0c8c36d97f813ba14d2d8b866cfc625a89d7a3756752d8

    SHA512

    434141f66d3ce32bec9f7271cb792a5fa22ce1925d932902483fece3b3b4c5e6e2e6a33b752a1b33861b8d4486a6070d9a2fb8c7b29475806122e773aa19e035

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e74eee20ed1712aa578ca1a852752251

    SHA1

    55bedf5945da7984b1d614f9e9c54d41a5486005

    SHA256

    e51b9afe30e99f93b78e6ceb4862d65b3810aa85a4a475740598ef4248eabdf3

    SHA512

    f414ec16d300aef706ce32496b9da29d4bae754dd91a9b803c6ecf647e715ad5fa2065e162b91a9cfffa98b17f033f5fe1d9b55a4dad90162a3cbb013ceb7b23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ad77d10dc71bdde8d9ccb7f8769d790

    SHA1

    a49b2981221d4134c27143c814aad94238a8e8b7

    SHA256

    fd5d3550a0ffa16aa155e7b539bd11161b8050f724410b35fe9ccbb219f23a50

    SHA512

    0bb45e6abf9b5d8837f034add9c349a96c9390226389d9cb1d68149abf6618878987311118a7e5a878a29518284f52a2da6a4bceba671ab420f0ca9b320f8c26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e70e319153e16e21dc25ae4233b7c58

    SHA1

    7d12f853ad4707532874abe9f3a8d1374476a301

    SHA256

    f4b1e33eac7c270184e58da57eeadbf6be4e995bbc7d485c5f5d7c7201b9e69c

    SHA512

    eef4152f410d0fffc489a3853750652ea0f0f1a42367c0d9123bbd1c52e0a624c7d4bf1a9eb3900e81f4ed3d4dc1318ac7015375ab775fa627d98b6b33f063ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b54d54fab6007452e934bc0d33280a27

    SHA1

    7335c33b66a54e97cbb9b3523cbe7997057ea02c

    SHA256

    fbf796815b41515223aac19d634aa22b0df4ba80448af3b9d52f9017f01baec1

    SHA512

    41b658839200f8cec568720b826335f86ec672a37e920d4373e38d21f5842b1730dd07fc81b91b77cb0c3b9f07b70c26d99d59a54c7aa79ab926c04e78a2dc84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b9a4211b801bdf05ccb493a5d8266e0

    SHA1

    0f90a6c8f68f1f488e10800ae7f0cbbbfb01d1ba

    SHA256

    d9102dd82c1a11ccfc027c3c558d748246a349bc11709191becd7649c0453ee7

    SHA512

    85b914572dd7f5316f84d7cfbd7baf7ba5866fbbadea6471d2edc3fc7e00ea59503755757c201c20774b26329932a16443953ea19e137e3cc52bbe59ed2321fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1EE8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1F97.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.