Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
10039ce24ef54e3585851fa344f0229f.hta
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
10039ce24ef54e3585851fa344f0229f.hta
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
10039ce24ef54e3585851fa344f0229f.hta
-
Size
11KB
-
MD5
10039ce24ef54e3585851fa344f0229f
-
SHA1
e1fc604fbb031d5ad7eb997ba4755f3fae8656d0
-
SHA256
8589fb88bed86ca3b8e8dbfbfd2f693342101e9e5601004f51fb5fc369cc9638
-
SHA512
e476592b77cdd72c168e7f58bab518d06e72e16d7889b133458272004b965d7d967bf6c823348a6dc0b06e89700c7a9f199b4e2dfd2dea0b2a857d59cc4001ed
-
SSDEEP
192:Z444S4/4a1G04B4B4B4B4z4B4B4a4E424F/4P4dj24Q4N4Hv4u4z4h4h4h4g4h4L:ZD7EjIIIIyIIFNbA/moq1iCvdEIIIt8S
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main mshta.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28 PID 2856 wrote to memory of 2816 2856 mshta.exe 28
Processes
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\10039ce24ef54e3585851fa344f0229f.hta"1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\ProgramData\qAccounting3.dll,D2D1CreateFactory2⤵PID:2816
-