Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 22:05
Static task
static1
Behavioral task
behavioral1
Sample
148505c0880f03a7c62587e869e914c4.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
148505c0880f03a7c62587e869e914c4.html
Resource
win10v2004-20231215-en
General
-
Target
148505c0880f03a7c62587e869e914c4.html
-
Size
6KB
-
MD5
148505c0880f03a7c62587e869e914c4
-
SHA1
c90931df5d2a2f981c150f7415906b2b7d706436
-
SHA256
e487998d818beff5606201608eccd698e2a5c8ea96ea6ce80d54c6015547df79
-
SHA512
ee2439173614581daf72b6d002259b33dc04c8152e111aec71f66b2c2cca912c83c137359ad0377cfffdf61a6b398c556f4b650576d00f124effe06a8b096443
-
SSDEEP
96:uzVs+ux7R2LLY1k9o84d12ef7CSTUHj/6/NcEZ7ru7f:csz7R2AYS/+4Nb76f
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6870067A-A369-11EE-BD28-CE055DF4442A} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2060 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2060 iexplore.exe 2060 iexplore.exe 220 IEXPLORE.EXE 220 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2060 wrote to memory of 220 2060 iexplore.exe 16 PID 2060 wrote to memory of 220 2060 iexplore.exe 16 PID 2060 wrote to memory of 220 2060 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\148505c0880f03a7c62587e869e914c4.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:220
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5abf4089ef8a63de89c5206ead35bc933
SHA18538c582a2f80d21328c0ee693dac6048dd502e4
SHA256e1a4b3a4e1c945c4e5c5b0896d9aad3924be127d3f34420ddf7529ff2d044a80
SHA512582281224498c01d9e1cf80ef4f32a7875af1a53e6dcdca202afd735bf80e9ff964c9286bc9beeb93a911d6bc1fbcf926b26e85f420ac491a9b5bfc50212bd6b