Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

08ebb61015...e.html

windows7-x64

1

08ebb61015...e.html

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08ebb610159dae6b48279e512943eade.html

  • Size

    12KB

  • MD5

    08ebb610159dae6b48279e512943eade

  • SHA1

    8cd0f591adc7c7ee5147360c4e72e53e7e120ead

  • SHA256

    b4e7992b4e74e19b5e455a94ebe121fabb900aa437a033b17db96701f864a16f

  • SHA512

    e281895a616f00c0d13cda27647766f2bcfee075c611691c28f17c4b4563f33a9d4cc0462b4ad1a373fb0c3590796dabf77ef374722b5524d52723acdadb6860

  • SSDEEP

    192:1NPnFfECAGr3wX3UY5tLEs85KSc7DArTW30zLRya+RxvhM:1NPnFP3wX3UUFEl51c7EnW3wLRyaaxJM

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08ebb610159dae6b48279e512943eade.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1972

Network

  • flag-us
    DNS
    qsfgyee.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    qsfgyee.com
    IN A
    Response
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.17.5.133
  • flag-us
    GET
    http://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    92.123.128.149:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
    Date: Sun, 24 Dec 2023 20:25:15 GMT
    Connection: keep-alive
    X-CDN-TraceID: 0.95777b5c.1703449515.4d9a04e2
  • flag-us
    DNS
    iexplore.exe
    Remote address:
    92.123.128.149:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Sun, 24 Dec 2023 20:25:50 GMT
    Content-Type: text/html
    Content-Length: 218
    Expires: Sun, 24 Dec 2023 20:25:50 GMT
  • 92.123.128.149:80
    http://www.bing.com/favicon.ico
    http
    iexplore.exe
    698 B
     5.1kB
     10
    8

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 92.123.128.149:80
    www.bing.com
    http
    iexplore.exe
    288 B
     598 B
     6
    4

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     7.9kB
     12
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    960 B
     7.8kB
     10
    11
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    qsfgyee.com
    dns
    IEXPLORE.EXE
    57 B
     130 B
     1
    1

    DNS Request

    qsfgyee.com

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.17.5.133

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    2c672adf3ab9fad8938be5325fc45539

    SHA1

    36551d8d763653576b8d8bcfae558e1a4762235f

    SHA256

    09cf8280c301dae84d64daa63c30bb770fb4650f92953ae9c7d45df539e7b0ba

    SHA512

    82cadd03872aa0cd982c8e606b435bcfd9d298902e30565b756ee6f3c8a1cda60bfcb9e56338043935cd2229c0c2aa164a8bb6ffdb918653f301ef42b3e3cf65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e0c186b1ade7dc4ba399e6b237cb50f

    SHA1

    6c5cdf68e8bcd9d09a988662938c28d4077e997a

    SHA256

    2de86750cce5ed104938a0fca8c45f837a8fe0e6efddca930fddb7d5b643ae61

    SHA512

    c862d7553cb69503cbdc07a58567e59674aa7dcd420bbed8be06e796778a968bbcdb83db9a6789f1c13f54a3ddaf5e127a040040265b8de4c65472cd96de4419

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    709efc97727986fbd6cbaba9d06d4f0c

    SHA1

    7b6133ab3ed6ac10b3fc26b92f03073f0e7776cf

    SHA256

    a89a915347b1ac1c7d8b684ceb11cc7f09ae2165ea698c6739db0069532eb8c5

    SHA512

    00665d139de083d9a7bdb2195d9b43d9b8d30136d76da2f2d8e491d26681dc6b08ce3fbdedc7f37a91a33b58e7bd39d64d0fe85321bd56230856634ef3960b08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96f870a36fdaebd2c512b5f51a2eb7ec

    SHA1

    abacc2bcf086e2cb488e4ada543c52ad39188058

    SHA256

    64fb1c1ac88adc3b4a31e3fa7c20e4894f626e943e68873acb30f6c0ec1be517

    SHA512

    4e854bc4631c730fa67a62ee9cd285d457a4f94a4dea112400b62503c4003426859e65794c6008bff190e7f239424f0c5981d08acbdbd89bb0b6d51841303293

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    32944ce135c1755496e1813812c377cb

    SHA1

    ad0cc2cc36108f26e0b250e2cdfaa40570655db1

    SHA256

    b33e25c1f90bcb8066289186d1a8101dba8d3682bb4dcf4ea2a10ca88bb3aba8

    SHA512

    5b58b1581308d0ea5831b832578dbc2513c3bdc5a6d067d5d09364648e284c92b7f2d701170d459c47138425101984893a4e86043866d39ad4f14c1bbb43c1b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31a8f8389c0f754520f57081b30fedbd

    SHA1

    00e24bcc3c1fdcc31e4c5e554db43057d7d6b5f3

    SHA256

    f31e0903ba7224b92d1d7612fff2df6486df89eae45921b5f3f285be277453a5

    SHA512

    f0e354b8128cf464629f75b185b4772e7ea63ae144aae83da8d09b24c4ffecb1daf2bef156a511ab5eb1f79634a1bc9b640cb9181ec22167a1f4235ac3f90e89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eba74fb9ed32fab739b82e303f212c9b

    SHA1

    5248f61873e8132cb5437eecd2df954d79b4eb2b

    SHA256

    89833edd16f479f3d46f2558abff82e117db0ecdc2733856c5fc719fc9703a68

    SHA512

    e05b148479bbfb958a756d5ee8bcba604f671b7ff1bcc8f8cc7719b0459de45e1a822a37bfdc9e21a277818285c0fca3f3e44a3658fe7a16340cd81c78cf88dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42703cec8d551a1431daff4ec0118173

    SHA1

    dbdcb8c06a299197b576e9bee6dabe95083292ab

    SHA256

    55a71bf36eb8fc3668a4b32e2a3173de176b575dd756919387e7be480792a837

    SHA512

    0348cce709a5eb060aba0e685a2092baefba9fed7b2c5e089258f5284610ce36b8041b1a308b61f86e74378d9d80f0789ee2c4418f4d45fb480fe52c101d0816

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    faf6955ae9fde51de6e01ac0cdaf95ea

    SHA1

    a480609384273feb0690d5b681fd09ed058449e5

    SHA256

    6aacb4372a210828f7c477c3df5a4e7442c0be82a817b4e433554b9150c94d27

    SHA512

    8d050c47da3912d01e39b2156d6f83e655edb4a067c0e46670cfddf4047967011edc4b847d69222446cbe88fb8631517dc49368b23c6b385316816f32088a935

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    7c04080ebb221c7fc56f33bd70604cc5

    SHA1

    4ba4b3033aa2223efbba1d6520b8f88bc53e0b9e

    SHA256

    2de9de4401c6fb48cc4d62eec95c8ccd15f2ae8bb493509633d9c5ad4a26fe82

    SHA512

    010386bdaea5b085fe4cea0a9ca5e4e32ea78a352dfda259b53a4ee06b1c6b6a3b5926e1e9015f47cc66be75e5f13827a0e4ac430aeba37dea8e7681743a6991

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3B52.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.