Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 15:58

General

  • Target

    049cb2cd13065e5f79cae904a6d8256f.html

  • Size

    136KB

  • MD5

    049cb2cd13065e5f79cae904a6d8256f

  • SHA1

    2c83534df2dd80921fc7ec62b1b515467178ce5d

  • SHA256

    9eafef8a99ea2aca69058c9aa332e61233fa19f6dc3fe0b72295ab3c915f0403

  • SHA512

    fad14348dd283fd0d7ba3e5fe02e7f32bb0715ca371cc2cbeba8a9240295990b12b7e501f3206c3f431a3c2564e33cf40d1378cad7e45985378391527b0a598e

  • SSDEEP

    3072:l1yZ1WYbxovuNIqgiJBPzC99LG9lE/sMnmBAzHlZs:WqEPBQc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\049cb2cd13065e5f79cae904a6d8256f.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4080 CREDAT:17410 /prefetch:2
      2⤵
        PID:860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0SGFK56Z\cb=gapi[1].js

      Filesize

      16KB

      MD5

      5cbd3e1f2072193d63fbf37c9edabab5

      SHA1

      7b3ba0209e5b89fb60e62f6d303cd15482d7e839

      SHA256

      675836932393cc7f552b64cf950d07f2204acde20ccf068c32e234cf5b0e0f7e

      SHA512

      db65d4ba37dfeb90e0b4090f6c925cf60b0f5ba039e6cf74e131d6e6a5442508c5cbaad94ada57fcff75c83e3a7e08d296d9ef5af258ec7a8f1166c7e0c186cc

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ISEWAASI\suggestions[1].en-US

      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\plusone[1].js

      Filesize

      4KB

      MD5

      f4aa21d3929e59a81fd52b16c1ab6051

      SHA1

      97f4a4ace5338ef4fa7555bbb4c119cbb16e6c38

      SHA256

      9d961044b5876bae4f1512bf6964a58ed3779629b6c794872c16c517a678d279

      SHA512

      3cb2b134b1c681cbfbaae0daf8e039a54d55d90dc0589b451df5503534fb57a366313523b72d039a3fcce867b060686730172aa574250ec9f77d87b5256d8535