Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    20s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:19

General

  • Target

    0297128ace8f02d80fa3f471ecb28d0a.html

  • Size

    821KB

  • MD5

    0297128ace8f02d80fa3f471ecb28d0a

  • SHA1

    e95eedf7d45d4928dccd1564490b94d0a86ebf13

  • SHA256

    fdd07b7b973480d30f34f878111edc824ed5b194edbef311477335a6f9f03cf4

  • SHA512

    e183d2ce9763126036cbd4a8e79db1ae0734694cd9dd29e08ee9a74920d302905a0c3112168d2d979d6bdc82b6c00c73789ab34383944750440fac9df3dff7a2

  • SSDEEP

    6144:jHzF+y+gpatYt1YtRndVll7d1P4fh08koEdaU/Dai5RJVXos0HOh8NgCOh8NgpP0:9piv0O10

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0297128ace8f02d80fa3f471ecb28d0a.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6ced0ee0b139f75f8d1c0614ea06c275

    SHA1

    1553ed6f35faa8b52530f936a6e76de242aa7cf0

    SHA256

    939b9f1bd78034be2f15c166f4323a85c5af642c30bf5b08bbe909a5c4867759

    SHA512

    9ca1a741f83f6f65a6b025c8d9968a4a352b0561953038406e0fafd1845239ca377d6e84043b22adebb6d1c0ff032ed4bea91c5aff62ec0d9c57f256fae18ead

  • C:\Users\Admin\AppData\Local\Temp\CabF143.tmp

    Filesize

    57KB

    MD5

    fe9c4ce60f83b3f0be98cc3638a5cd0e

    SHA1

    be40a784dd748da8ef63fdc16971b200ad5496f6

    SHA256

    da3bb896508a1e761984d217a7ed65b63ddadb266ec2f284c42610852ba09ca3

    SHA512

    2464817aecd17721d3dbe2cf58f718c8b2c3129c2e7f67cb8282d583cadecf8cb264a68ac4aabcd94d6ac0697dca8fa55d9331648f90ca417335d57708df52b3

  • C:\Users\Admin\AppData\Local\Temp\TarF2AC.tmp

    Filesize

    55KB

    MD5

    04ea522c72bc19a01eb1b6d44933d540

    SHA1

    364ee006c19e73d57f2d2124c33c6d6b0b078881

    SHA256

    1c8f7a45a36bfb5515981e7c142043b4cde02155dd58a2f1b588027ee615fd70

    SHA512

    46b7018d34c5574b8150bd017c82aecdf1d0204ec4efd04acefd2e9bbfb4b65089cc3dd7de7a8b74a7d49b5ea6ed059ff2b74bbc5c2257264b07255e6a91af36