Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 22:50
Static task
static1
Behavioral task
behavioral1
Sample
1712ec2b42d3c526ac1ee57eeddf32a1.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1712ec2b42d3c526ac1ee57eeddf32a1.html
Resource
win10v2004-20231222-en
General
-
Target
1712ec2b42d3c526ac1ee57eeddf32a1.html
-
Size
10KB
-
MD5
1712ec2b42d3c526ac1ee57eeddf32a1
-
SHA1
568e053fb6493aab07c839a34b413e4312786c01
-
SHA256
e8dc57b5fcd2f138a8f1618b9c61275bcf4f07429c3d27aacc88e9a808f462ce
-
SHA512
4b7a6ae299c4cbf39ac112546223a1eb0961326a53a381d2c985d1630d6c34e6746f659d76ccafc0a90d06ef3b827c6da44e5cebd79e04255251ed4a39a650f6
-
SSDEEP
96:uzVs+ux7cLLLY1k9o84d12ef7CSTU1GT/kRM1pbmhAPLlVHcEZ7ru7f:csz7cLAYS/cabmhAPLPHb76f
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B872401-A2E6-11EE-B908-CA8D9A91D956} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 3008 2416 iexplore.exe 15 PID 2416 wrote to memory of 3008 2416 iexplore.exe 15 PID 2416 wrote to memory of 3008 2416 iexplore.exe 15 PID 2416 wrote to memory of 3008 2416 iexplore.exe 15
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1712ec2b42d3c526ac1ee57eeddf32a1.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD59458dfb80e569586290ec85a8b0bda2d
SHA130205c9b884e01d6b5cf29d0023880fafd759d5f
SHA256ef2012b03df866cff3ab32289846d06feed86c8d8389bfa9f0fb4dea4452ec09
SHA512e77caa59c3b675d83ca999464bac34039b39d27e5217c718cdda118eb7fe68be211ccf0f8c9b3b061365643562406af2ab46e2a156509c26bb0e7f5ee8b6cb76
-
Filesize
20KB
MD5b9f60443751df997e812eac1cd797ebe
SHA185053a1c3c5709b8a2fae10aca05f453741fa584
SHA25651f1f1a9ff2ecf2d8598a90942812908fa39cdd91bd9a22e099715000d187cc9
SHA51272142465907a50684c2ac50e7444efc7facccf387b7973912c79aeeddc39cff88831dd919d7e8fe379bc7c0ebec1afcfae232bfd5cfdbc210e680555e02c813d