Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 07:59
Static task
static1
Behavioral task
behavioral1
Sample
108bfb4cfe0d20af78654965bc34b295.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
108bfb4cfe0d20af78654965bc34b295.html
Resource
win10v2004-20231215-en
General
-
Target
108bfb4cfe0d20af78654965bc34b295.html
-
Size
12KB
-
MD5
108bfb4cfe0d20af78654965bc34b295
-
SHA1
1fea7a3d0657f310ffe2705e54c7fea50c21f785
-
SHA256
e7d55c7b92350c6d569bb3d6215cfc98b910d1992eeb23d41466cb9aa0160ab0
-
SHA512
b652983322ac30ffd6d6f5d8a2f216da992f13de4645c011b06c246c9ce2162f0dde8ac2bed2de55c56e85b47a44b42af6761c035bb38ac9f003851a22869f38
-
SSDEEP
384:y2h/k1OarnUaHv4/fTNX90RkPHndsByKf/:7k1OarnUaIxX96kPzKn
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71978861-A366-11EE-A4F4-42DF7B237CB2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2012 iexplore.exe 2012 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2012 wrote to memory of 2124 2012 iexplore.exe 16 PID 2012 wrote to memory of 2124 2012 iexplore.exe 16 PID 2012 wrote to memory of 2124 2012 iexplore.exe 16 PID 2012 wrote to memory of 2124 2012 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\108bfb4cfe0d20af78654965bc34b295.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:22⤵PID:2124
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520084568c6f6e7aed9943092cc726f6d
SHA1ede6382b6c2cf4ad713c2d5ed3c88fdc64ab6de0
SHA25689d648fa4333a38fffdbb008dbb7b2ef343e2cd595879f90f364cb85c06c5f28
SHA512b718a23f800d0948f005fff73127bdbcd024acc35619abd187b62f20cf2f1fb468a06558fcb9d4413381a4dc1ca6366a634f3bad8a79866402cc7ae6d3ebd9b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b2e62a2c60fb11c14c4640220452245
SHA1179bcb17d97a9c7409cd45f1c7e4fd8e86cec336
SHA256e6b297af66a8e94c11b7d540efd3dcc8ba65898a4ee0d6defc6552369815332a
SHA512458ef12663e81b2a5aa5344481927dacac550864653ab81d64daae000b85801a043a78b564e8579536ee55bde5798ad8434768b9d427f354c0e946b9ba823c1e