Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:44

General

  • Target

    2e2c4edeacd384569af2587fe75239cf.html

  • Size

    118KB

  • MD5

    2e2c4edeacd384569af2587fe75239cf

  • SHA1

    a8416d2b0445fda51f29e2a2771d75dc586549be

  • SHA256

    15cbb42f040423cdbe19d9304844e8316b1fef34223acb86787b3456e9a5b893

  • SHA512

    cd83709228c3a9d6e471e2d7c3b5601cf99cef9f6509365d52a4a75fa6a2772a8f002e7ea6b3505effa3cf8fdc0ba215f85d622371752fd7a9e9cc943545e77f

  • SSDEEP

    768:SeyDgAugpXJ1dUFCbXnD8rX7cRM84qsg1kCArd0qwPN+r9V+uv7B9RyfFT4aRCuw:SeyDgA7pBD+twPwV9JROeF

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e2c4edeacd384569af2587fe75239cf.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
      2⤵
        PID:2396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      de258542da8bcce3de4d53d33f658e04

      SHA1

      34add66d36ac798c5c07366efe54b1a8125e652d

      SHA256

      5b2618d5c5765b7be3b585927cead6965afc4f135303e8fb184a82d5cc1f63e3

      SHA512

      84cf894707db550199895a74f086a10442070ce8d0ae4682a2a23bd483e531e63e88b67a13edac2b6f18c66bf852466a3fc11f92f150f1350ef06c1fc51b0244

    • C:\Users\Admin\AppData\Local\Temp\Cab16AE.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar1818.tmp

      Filesize

      99KB

      MD5

      fa178920e56586a7d673ef62ab4575c0

      SHA1

      cfd02c6a6b26f3407a1f9a91411f6f4467b1ee54

      SHA256

      777c3d087168f5f42bbd550047ecf607a3a375eb621d7e30a38e9c8803a861b9

      SHA512

      12b20ccc55780883d3b4c36366e335a8d07d9581a2684de3e1c05055b6fff4dd3e0124cc210e93f5f4306c37a163a92584047d5eb0ff5d71f04ee30c593a836f