Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 15:58
Static task
static1
Behavioral task
behavioral1
Sample
049cb2cd13065e5f79cae904a6d8256f.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
049cb2cd13065e5f79cae904a6d8256f.html
Resource
win10v2004-20231215-en
General
-
Target
049cb2cd13065e5f79cae904a6d8256f.html
-
Size
136KB
-
MD5
049cb2cd13065e5f79cae904a6d8256f
-
SHA1
2c83534df2dd80921fc7ec62b1b515467178ce5d
-
SHA256
9eafef8a99ea2aca69058c9aa332e61233fa19f6dc3fe0b72295ab3c915f0403
-
SHA512
fad14348dd283fd0d7ba3e5fe02e7f32bb0715ca371cc2cbeba8a9240295990b12b7e501f3206c3f431a3c2564e33cf40d1378cad7e45985378391527b0a598e
-
SSDEEP
3072:l1yZ1WYbxovuNIqgiJBPzC99LG9lE/sMnmBAzHlZs:WqEPBQc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4BF969DD-A2AB-11EE-9ECD-FAD2FAC7202F} = "0" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4080 iexplore.exe 4080 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4080 wrote to memory of 860 4080 iexplore.exe 16 PID 4080 wrote to memory of 860 4080 iexplore.exe 16 PID 4080 wrote to memory of 860 4080 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\049cb2cd13065e5f79cae904a6d8256f.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4080 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4080 CREDAT:17410 /prefetch:22⤵PID:860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD55cbd3e1f2072193d63fbf37c9edabab5
SHA17b3ba0209e5b89fb60e62f6d303cd15482d7e839
SHA256675836932393cc7f552b64cf950d07f2204acde20ccf068c32e234cf5b0e0f7e
SHA512db65d4ba37dfeb90e0b4090f6c925cf60b0f5ba039e6cf74e131d6e6a5442508c5cbaad94ada57fcff75c83e3a7e08d296d9ef5af258ec7a8f1166c7e0c186cc
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
4KB
MD5f4aa21d3929e59a81fd52b16c1ab6051
SHA197f4a4ace5338ef4fa7555bbb4c119cbb16e6c38
SHA2569d961044b5876bae4f1512bf6964a58ed3779629b6c794872c16c517a678d279
SHA5123cb2b134b1c681cbfbaae0daf8e039a54d55d90dc0589b451df5503534fb57a366313523b72d039a3fcce867b060686730172aa574250ec9f77d87b5256d8535