Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 16:31
Static task
static1
Behavioral task
behavioral1
Sample
2d54ee8ac627a3f229dae705dcef8630.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2d54ee8ac627a3f229dae705dcef8630.html
Resource
win10v2004-20231215-en
General
-
Target
2d54ee8ac627a3f229dae705dcef8630.html
-
Size
1KB
-
MD5
2d54ee8ac627a3f229dae705dcef8630
-
SHA1
ee7a7991e82b57693e4935b6fde2266dbf82e388
-
SHA256
7bdc501996b6ebe86d4f084e06fd153bcb7cdc267e81058596dd2e532dfac6ce
-
SHA512
df93ee0732f0c27191ff34f6b8075fe547064e05d6efff5ea8404463dcc15e96e41e96a058275dbf933cb21b24cf320ddcfe9248a2291e3dc1fda569fe8d8276
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{318F56C1-A5D3-11EE-9BAD-F2B23B8A8DD7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1048 iexplore.exe 1048 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1048 wrote to memory of 2148 1048 iexplore.exe 15 PID 1048 wrote to memory of 2148 1048 iexplore.exe 15 PID 1048 wrote to memory of 2148 1048 iexplore.exe 15 PID 1048 wrote to memory of 2148 1048 iexplore.exe 15
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d54ee8ac627a3f229dae705dcef8630.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1048 CREDAT:275457 /prefetch:22⤵PID:2148
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c23b3b791ab37ae21124e40c13ce752e
SHA1913e35bf6ca516d2dc5d1674bd12d51af445b2c7
SHA256dacfab23a9d373405ef10568a498d7eb317637f4bc80b815aa330786719fd4a8
SHA51298b8a55f72404585822f8ca74281b16d625c4924e8086e8cbc0affc96836a57262f255547ed258653fac9da8bc0eecd1fbf450a227a5ada9621ed30cb86b9e64
-
Filesize
92KB
MD5bb84d39015d7734bc7ec5da88a516b23
SHA11a15cbe452f750dc4f5d780b2517fbf82db39fac
SHA2568f807ac7fa789d13f51c3451b2728ae70fb489ff20a8c20f073e68ad0927a882
SHA512299dfeacc8cfdd600ce91764a0b3f75a431a795635989c2a53dcd40cd1c42c17f92179e8b239a2596414ed59ba7deda1e3503aa5ac611703bf3cf7a0a8abbcf7