Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

0c8d65258f...e.html

windows7-x64

6

0c8d65258f...e.html

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 18:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c8d65258fb24493fef63814ea2767de.html

  • Size

    259KB

  • MD5

    0c8d65258fb24493fef63814ea2767de

  • SHA1

    4116db530b6aa641c08afd4b5197d5f3fab94653

  • SHA256

    7910efafacc095cbfcc7e3392d18a7b577c00652fcacf1516e08974b2441b311

  • SHA512

    3176c1a84aec2c847c7e396d678d7fc802282310a8cdc349696ca6d6b781a6e51df7878a57761caf4ce5362682a7c6ec5d7aa4809bb4d97a1a762772635c1ff7

  • SSDEEP

    3072:e/Aiv3t4Ni/9deff65DfnLSHa2DxR5u/Aiv3t4Ni/9deff65DfnLm:e/d3t4NoDAyDfnLn/d3t4NoDAyDfnLm

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0c8d65258fb24493fef63814ea2767de.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
      2⤵
      • Enumerates connected drives
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

  • flag-us
    DNS
    1.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    1.bp.blogspot.com
    IN A
    Response
    1.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.200.33
  • flag-us
    DNS
    www.m5zn.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.m5zn.com
    IN A
    Response
    www.m5zn.com
    IN A
    104.26.6.186
    www.m5zn.com
    IN A
    104.26.7.186
    www.m5zn.com
    IN A
    172.67.73.138
  • flag-us
    DNS
    www.wm-wm.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.wm-wm.com
    IN A
    Response
    www.wm-wm.com
    IN CNAME
    wm-wm.com
    wm-wm.com
    IN A
    208.76.251.43
  • flag-gb
    GET
    http://1.bp.blogspot.com/_YneclshQhoc/TG7lMPZk5zI/AAAAAAAAABU/4b4XzQrRmt4/s1600/61513.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.200.33:80
    Request
    GET /_YneclshQhoc/TG7lMPZk5zI/AAAAAAAAABU/4b4XzQrRmt4/s1600/61513.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 1.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Vary: Origin
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    ETag: "v15"
    Expires: Mon, 25 Dec 2023 22:31:50 GMT
    Cache-Control: public, max-age=86400, no-transform
    Content-Disposition: inline;filename="61513.jpg"
    X-Content-Type-Options: nosniff
    Date: Sun, 24 Dec 2023 22:31:50 GMT
    Server: fife
    Content-Length: 21682
    X-XSS-Protection: 0
  • flag-gb
    GET
    http://1.bp.blogspot.com/-gy2ku-WswiE/UFC-MqMSiII/AAAAAAAAB8k/S-j_tDvQraw/s1600/523210_401212953266762_235865613_n.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.200.33:80
    Request
    GET /-gy2ku-WswiE/UFC-MqMSiII/AAAAAAAAB8k/S-j_tDvQraw/s1600/523210_401212953266762_235865613_n.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 1.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Vary: Origin
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    ETag: "v7c9"
    Expires: Mon, 25 Dec 2023 22:31:50 GMT
    Cache-Control: public, max-age=86400, no-transform
    Content-Disposition: inline;filename="523210_401212953266762_235865613_n.jpg"
    X-Content-Type-Options: nosniff
    Date: Sun, 24 Dec 2023 22:31:50 GMT
    Server: fife
    Content-Length: 49077
    X-XSS-Protection: 0
  • flag-us
    GET
    http://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg
    IEXPLORE.EXE
    Remote address:
    104.26.6.186:80
    Request
    GET /uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.m5zn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 24 Dec 2023 22:31:50 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 24 Dec 2023 23:31:50 GMT
    Location: https://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26VZmCh6rnnuekSzZvM%2FqWY9FZMhkWt90XzOs7PM%2FMwrqV0LtOzaUVETIRZ7if3eJWr5baxuiOLubm9a3y5R3SAWnk3u8g2AIbcfb3ImInHGHdCNFsHEi73awI3Q8w%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 83ac4bf99f2748cd-LHR
  • flag-us
    GET
    http://www.wm-wm.com/vb/helm/t.png
    IEXPLORE.EXE
    Remote address:
    208.76.251.43:80
    Request
    GET /vb/helm/t.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.wm-wm.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 24 Dec 2023 22:31:49 GMT
    Server: Apache
    X-Powered-By: PHP/7.4.33
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Set-Cookie: PHPSESSID=22bf90925842647c339bb87c8fcdf8dd; path=/
    Cache-Control: s-maxage=10
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=utf-8
  • flag-us
    GET
    https://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg
    IEXPLORE.EXE
    Remote address:
    104.26.6.186:443
    Request
    GET /uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.m5zn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 24 Dec 2023 22:31:55 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    X-Powered-By: PHP/7.4.33
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: max-age=14400, must-revalidate
    Link: <https://www.m5zn.com/wp-json/>; rel="https://api.w.org/"
    Vary: X-Forwarded-Proto,Accept-Encoding
    CF-Cache-Status: MISS
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FMbsXo3mPNyuUE8wQ9WEqsLFornTeX%2FVR6cY%2FcMjGpu0ehU%2FecpbP9hEeVFdkE07ZgoxBwQDKABUHuTFUS4F306oAJ0Rfa%2F8%2Fkk1fTXM2oUYa2onImmEhk3R8XbBg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 83ac4c1c1e554883-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    mr-matrix.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mr-matrix.net
    IN A
    Response
  • flag-us
    DNS
    mr-matrix.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mr-matrix.net
    IN A
  • flag-us
    DNS
    mr-matrix.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mr-matrix.net
    IN A
  • 142.250.200.33:80
    http://1.bp.blogspot.com/_YneclshQhoc/TG7lMPZk5zI/AAAAAAAAABU/4b4XzQrRmt4/s1600/61513.jpg
    http
    IEXPLORE.EXE
    1.5kB
     23.0kB
     19
    22

    HTTP Request

    GET http://1.bp.blogspot.com/_YneclshQhoc/TG7lMPZk5zI/AAAAAAAAABU/4b4XzQrRmt4/s1600/61513.jpg

    HTTP Response

    200
  • 104.26.6.186:80
    www.m5zn.com
    IEXPLORE.EXE
    420 B
     52 B
     9
    1
  • 142.250.200.33:80
    http://1.bp.blogspot.com/-gy2ku-WswiE/UFC-MqMSiII/AAAAAAAAB8k/S-j_tDvQraw/s1600/523210_401212953266762_235865613_n.jpg
    http
    IEXPLORE.EXE
    2.2kB
     52.7kB
     31
    42

    HTTP Request

    GET http://1.bp.blogspot.com/-gy2ku-WswiE/UFC-MqMSiII/AAAAAAAAB8k/S-j_tDvQraw/s1600/523210_401212953266762_235865613_n.jpg

    HTTP Response

    200
  • 104.26.6.186:80
    http://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg
    http
    IEXPLORE.EXE
    1.0kB
     876 B
     9
    5

    HTTP Request

    GET http://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg

    HTTP Response

    301
  • 208.76.251.43:80
    www.wm-wm.com
    IEXPLORE.EXE
    524 B
     196 B
     11
    4
  • 208.76.251.43:80
    http://www.wm-wm.com/vb/helm/t.png
    http
    IEXPLORE.EXE
    1.1kB
     7.8kB
     13
    12

    HTTP Request

    GET http://www.wm-wm.com/vb/helm/t.png

    HTTP Response

    404
  • 104.26.6.186:443
    https://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg
    tls, http
    IEXPLORE.EXE
    1.8kB
     14.2kB
     19
    19

    HTTP Request

    GET https://www.m5zn.com/uploads/2010/3/4/photo/ltw0wcnmtid0r.jpg

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    805 B
     7.9kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.8kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    12
  • 8.8.8.8:53
    1.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
     124 B
     1
    1

    DNS Request

    1.bp.blogspot.com

    DNS Response

    142.250.200.33

  • 8.8.8.8:53
    www.m5zn.com
    dns
    IEXPLORE.EXE
    58 B
     106 B
     1
    1

    DNS Request

    www.m5zn.com

    DNS Response

    104.26.6.186
    104.26.7.186
    172.67.73.138

  • 8.8.8.8:53
    www.wm-wm.com
    dns
    IEXPLORE.EXE
    59 B
     89 B
     1
    1

    DNS Request

    www.wm-wm.com

    DNS Response

    208.76.251.43

  • 8.8.8.8:53
    mr-matrix.net
    dns
    IEXPLORE.EXE
    177 B
     132 B
     3
    1

    DNS Request

    mr-matrix.net

    DNS Request

    mr-matrix.net

    DNS Request

    mr-matrix.net

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11c1f7123e34e241d55a7450c676a32c

    SHA1

    8d259cd8ee9ff160363f3719994b2ecf7585871d

    SHA256

    e51a1d422df3b8158154d7fe4a363a4740017904ce50428aaca0f42663995a3a

    SHA512

    c7508c667a7305e34d4d0e334a97e09d520b3d3f4e03044dd538a8cbf35aaf9e759b94be4c054c6e102bf7f49410653fd1d3911c5223b7c86358deedb3c8ade7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a92c17b827fda78f897dd5f582eb8ef

    SHA1

    9a407042c4a5faa1baddef5067ffd27d080d355b

    SHA256

    515e6e8bded9969f6efaeb643f87f09bea9d26c9a695161bcba3489c16fc71f2

    SHA512

    cd4d880aba9d06e4ddd9432666cebffacd25b2f7340a19f75d63884da99521d925b54bf5bd79152d1dc6b45e8158dc118609a8e8c5ea217d63969842b115aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d518203ee3d2169bcd3e4839bcc6fca

    SHA1

    2bcf12bdff1b095f8f0a4ebe5aafc64019a4f57a

    SHA256

    d17d6715ad8a0da314747ec4a3928d3ef51029832b70c3aab49036e21bea6cf1

    SHA512

    7697bffd543e9dedba0318faa2b9b8163c594bdbb54b2f67a05dccdfccab8094f128377e03a3638118ce352205557a0b0daecbc10ad3707623cd42e02544d826

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73a540003840dfefc577b6aff512c425

    SHA1

    03d6ad1389e11956bea8a4ef3750173c93f1e637

    SHA256

    6d3f8218ea6d2f509934f2a6081ad344f973b7dfbbb9c8bc4305c164a2ca94db

    SHA512

    9744f8baf83149e902288a321568306554d3a569398d46f44e8d46563e705f7d55c6cea923ac2a8a6d33567f5418e36adeeff803e57476c89103c610b6efd413

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffd2aad6d0620ef1a64d55c642afc704

    SHA1

    916ca9969d4ab0327296a02f3bc0f4ebfe449700

    SHA256

    a9c5c9fdf6996dec7072667a1827e1454bc42eebbfaf26fe6d053a191c203a49

    SHA512

    6bab6bcb072f9dd2f68cc3219543c8ec0b93740ceb1eb29473d31ea3b0cb8d8bfe77f0f0c3f23282c6e75e2dd73e7a761452de23b800b6ca4d8e4dc4032cb302

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d31cfd3d645c467a6adcf3c214d915af

    SHA1

    f6ed5e10718d05aead12c5ac6da3b8bc95cfef2a

    SHA256

    27007cf888f7d913295686a6b0c4d96ae645a507caca35134a7e486d89189beb

    SHA512

    dbfb3f1e36de6dbbc0963cc8863b17cbdb78d335c513f64181305a619a368aee82664c5ea504f35c4e8ed869f14981349f08c2c79cda15ef4b163071eaaec027

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    217faa77909f0d57cfa7eb6f0e94de28

    SHA1

    fdc5a9b56e0b76d58f6b519ca8a5cef8c623ee5a

    SHA256

    0a5724a69ae7316a0e521c123a3c5a4036d14c7e38e3cfb140134bec829f982b

    SHA512

    e6bd0b8f45a351ba84ba21769b8e5b3eedb48cf0aa26a5f7cb74ee792421f8a2a36ab76dc9fa57a5e9f61fd8e71472f72603482bd772beda53e046cc57626ae7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59281d20522628d24c3b5f67e25d52ff

    SHA1

    b3786c8d23dc2e10aee806d981cd63f24131ed46

    SHA256

    660bd881038378e5a4cc13d2733871142e38dc98f0aa3bd5721197b7da13dfff

    SHA512

    1acc79070b8f7fd066a933234c7a750b2d24e809c10aa69d67f50180379cfa77d725d211a8e478d38c1e8b8fee920a386fe110440bb0d4f408033d8eb2d38cf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a9cb8fd23c7cbd9ad3fd1c15ca4cc27

    SHA1

    412859b0b81d20eda2cd11f729091fab94fdf959

    SHA256

    110b29129114b1de80d87022839a2228e22c0de185aa93959dac780fbb3e9569

    SHA512

    5a4f91e830f2cd4e74b0a0f2372122dee04fb03b964890a25ca311a36eeff327ff65ffce1a4da3bc2e9b15a0cee7f399a43c6bccea20b03fc2628e7e44b9a82b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8511f4976558b3b30cbc091553c09757

    SHA1

    39d9865153bc884e3bc18d60fbf5fdcd93efb3ec

    SHA256

    793ed0d45700f6560fcdb2c15574a3bce97c76cb1df0dc79e5b9641639813c91

    SHA512

    46d40691c9fe67d181b225442468ca4f9f1960b9da51d508542160e8f784737d4886e7a3e96e8c1ec49bb2415fdce2b9fab2b8747853aa0a7c0e75702719004c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab64FC.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar657C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.