Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 08:39
Static task
static1
Behavioral task
behavioral1
Sample
12868724c2168fe27e203b1a4a0f16b9.html
Resource
win7-20231215-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
12868724c2168fe27e203b1a4a0f16b9.html
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
12868724c2168fe27e203b1a4a0f16b9.html
-
Size
18KB
-
MD5
12868724c2168fe27e203b1a4a0f16b9
-
SHA1
58947e4a1e07a2cf3b403265b0e271a22109617c
-
SHA256
99c23215383214b975cc94826cabdb8261784aa96434eba866826d1bed29ebf7
-
SHA512
e03afbe32421bfcb6a5f883eb34b1447eb98b6b7d66b28a8b394f10d6a8f1899a0207999a58fe38e329c697e8e0023f5e7a4050c554b59d8ca80f010ae02fab1
-
SSDEEP
384:3xzOpkkPqahr1AgdGgs8jMaztTLPAuz68MMv07X:Bz5qqK1AgdGgs8jJO8ts7X
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0D2FBBD3-A371-11EE-8184-E6683C810C58} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4764 iexplore.exe 4764 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4764 wrote to memory of 4876 4764 iexplore.exe 16 PID 4764 wrote to memory of 4876 4764 iexplore.exe 16 PID 4764 wrote to memory of 4876 4764 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12868724c2168fe27e203b1a4a0f16b9.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4764 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4764 CREDAT:17410 /prefetch:22⤵PID:4876
-