Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 00:11 UTC

General

  • Target

    4575f3c57d0505bf9f9c8a642a579b5d.html

  • Size

    6KB

  • MD5

    4575f3c57d0505bf9f9c8a642a579b5d

  • SHA1

    2d144b37e3a80dcc72aa9a681ec405024e45ef33

  • SHA256

    e39cb28fb86330c7e7d569cf8cfef336790b33c1292779e0df8b3feb73eb6666

  • SHA512

    d6efe6ea5028adffaa37b215dbdc3b2cb278392b8026e11469b32b3d9ba141e8db8820a2fb01e04862d4806ced1110bc3c4a21c09bce9a5c46f86567f076f3c0

  • SSDEEP

    96:uzVs+ux7s/LLY1k9o84d12ef7CSTUS6o6M6dcEZ7ru7f:csz7s/AYS/uor0b76f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4575f3c57d0505bf9f9c8a642a579b5d.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:2364

Network

  • flag-us
    DNS
    counters.gigya.com
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    fruitfly.files.wordpress.com
    Remote address:
    8.8.8.8:53
    Request
    fruitfly.files.wordpress.com
    IN A
    Response
    fruitfly.files.wordpress.com
    IN CNAME
    s3.files.wordpress.com
    s3.files.wordpress.com
    IN A
    192.0.72.21
    s3.files.wordpress.com
    IN A
    192.0.72.20
  • flag-us
    DNS
    analytics.hosting24.com
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    GET
    http://fruitfly.files.wordpress.com/2007/12/twix.jpg
    Remote address:
    192.0.72.21:80
    Request
    GET /2007/12/twix.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fruitfly.files.wordpress.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 27 Dec 2023 00:57:53 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Location: https://fruitfly.files.wordpress.com/2007/12/twix.jpg
  • flag-us
    DNS
    fc01.deviantart.net
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    35.165.97.75
    fc01.deviantart.net
    IN A
    54.68.77.234
    fc01.deviantart.net
    IN A
    52.89.78.42
  • flag-us
    DNS
    fc01.deviantart.net
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    Remote address:
    35.165.97.75:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 27 Dec 2023 00:57:55 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    35.165.192.179
    orig01.deviantart.net
    IN A
    100.20.162.172
    orig01.deviantart.net
    IN A
    54.71.147.78
  • flag-us
    DNS
    orig01.deviantart.net
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    Remote address:
    35.165.192.179:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 27 Dec 2023 00:57:56 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    GET
    http://www.bing.com/favicon.ico
    Remote address:
    92.123.128.174:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
    Date: Wed, 27 Dec 2023 00:58:23 GMT
    Connection: keep-alive
    X-CDN-TraceID: 0.ae777b5c.1703638703.49bff35d
  • flag-us
    DNS
    Remote address:
    92.123.128.174:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Wed, 27 Dec 2023 00:58:57 GMT
    Content-Type: text/html
    Content-Length: 218
    Expires: Wed, 27 Dec 2023 00:58:57 GMT
  • 192.0.72.21:80
    http://fruitfly.files.wordpress.com/2007/12/twix.jpg
    http
    568 B
    595 B
    6
    5

    HTTP Request

    GET http://fruitfly.files.wordpress.com/2007/12/twix.jpg

    HTTP Response

    301
  • 192.0.72.21:80
    fruitfly.files.wordpress.com
    190 B
    132 B
    4
    3
  • 192.0.72.21:443
    fruitfly.files.wordpress.com
    tls
    2.9kB
    78.9kB
    42
    67
  • 35.165.97.75:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    606 B
    650 B
    6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 35.165.97.75:80
    fc01.deviantart.net
    190 B
    132 B
    4
    3
  • 35.165.192.179:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    608 B
    387 B
    6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 35.165.192.179:80
    orig01.deviantart.net
    190 B
    132 B
    4
    3
  • 92.123.128.174:80
    http://www.bing.com/favicon.ico
    http
    640 B
    5.2kB
    9
    9

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 92.123.128.174:80
    www.bing.com
    http
    340 B
    650 B
    7
    5

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    640 B
    140 B
    5
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    753 B
    8.7kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    444 B
    128 B
    4
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    294 B
    132 B
    4
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    144 B
    92 B
    3
    2
  • 8.8.8.8:53
    counters.gigya.com
    dns
    64 B
    148 B
    1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    fruitfly.files.wordpress.com
    dns
    74 B
    123 B
    1
    1

    DNS Request

    fruitfly.files.wordpress.com

    DNS Response

    192.0.72.21
    192.0.72.20

  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    69 B
    124 B
    1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    130 B
    113 B
    2
    1

    DNS Request

    fc01.deviantart.net

    DNS Request

    fc01.deviantart.net

    DNS Response

    35.165.97.75
    54.68.77.234
    52.89.78.42

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    134 B
    115 B
    2
    1

    DNS Request

    orig01.deviantart.net

    DNS Request

    orig01.deviantart.net

    DNS Response

    35.165.192.179
    100.20.162.172
    54.71.147.78

  • 8.8.8.8:53
    www.microsoft.com
    dns
    126 B
    230 B
    2
    1

    DNS Request

    www.microsoft.com

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    d102ceb59d1e229ce8f80da851846366

    SHA1

    d9c4cbe8d34a0c8f72776d7aa3050c764243a188

    SHA256

    f1b1721334d5b7f2b9f95c213b0f5e7d3e9aacdc51a465353132cdbe09778b2c

    SHA512

    6816086db14ab0cd0f8195afcf5373bce128e4ac6db4b0005dbe309f0cae6ea3f1173005e7303efebd152c7cecbcd57c88deeace606ba48d2384a748ed028620

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ecf40c564f342357b2e6f77f2108ec2

    SHA1

    b0305e2b835529d0fe5f291f60757a0b3de5540c

    SHA256

    02bd3ff3b098fc4806ee71cb98782482bbdbc524a51a5a2c16b57504a1bd737a

    SHA512

    add3776c5aaf6a0ffd5488dc1f5e661475c6b772d6e698013bd713bc9fee72e37fcbaf5dd14abd9eee28ef55d01c94fe107e0ca2130ee2a10f70b3c76124dc11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b4ea625e8fb12fa1351f05bca1d69610

    SHA1

    896f6e6f4198ac2cce2d110166a9714eabc825b2

    SHA256

    9ff6668d347426d2031eb4c26263e5f8a01d998d95eebeefaac3aebb9078557e

    SHA512

    45100923dfb78e7d39c840709399a61307ba826e943a51ff451a1b7ad34c9289bb80a442c6f2b24122d450373e5dc38c47ac0c98a92786020e6815e1fb22a905

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d67f50b1f169f3078e6d55b878cba7cc

    SHA1

    e2c75d25c5e87b30f770f0669c1cb748c5891b8a

    SHA256

    a18858692f3eeb96e66d2683d3f6ba580c3fd39f3b58e675511bc2f923473ec2

    SHA512

    407d0086472f77eaf0f8636667722baf71a660ffbbde897c0117e6287324a60cf6a96b22d62cf379a069908c4206ab587aecc7c9a1b31cc7edf207e6688ca563

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7072913146376a614ce52347a457b309

    SHA1

    7787bc032e17aa132d40cea8822d6482c81c75e4

    SHA256

    cceb19556900bd747aa6d7aac6ebf86a7bf623cd6382fdc41f5adbc96041713d

    SHA512

    1865fc7e009b02ab797617461af69be2dcdbec28b2474c343662ec0b8f5448353fababcdf38178a01e7a7816af7d1e9bb9bf8785a1c22c39325d0b0c3323edd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8189165428fbce42370d1583ac0d86e6

    SHA1

    080ff4cd463cc36960a73225c8b9ed9830371cd2

    SHA256

    6c192d13660da9b79ef1c8893cb3cb74a939b9e12f35058dfc26cc77e1d5bdbd

    SHA512

    e1c37d6b4829a08d8781ca785a1a71cbad6224a0231b6694e3eb87620d49e8eb2081c60188b85328509db33f4037c2f14fa4fe896bcbdc00624ce5602267b486

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    005a05f27c8cfaf8f5b4ef378b904050

    SHA1

    aa3b7b76c037eccd0df56d18c1091e1dba6e18ac

    SHA256

    7e60449972294809b570fc4f3bc021ab0ccdda7ba456353b17c81f536a27184a

    SHA512

    2f393a1706a46b651dde1651041e329f9a3a7dbccf22d41b96c506d1e9ad3c7cb4bcb1a09a03582ba0d3149b32e2b2777834ffd0168a519346a60392cdf0ee04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    998db759e3d2a20e8b085c6636d0b1be

    SHA1

    f6395bd58d1374cee5457d10a77da283bdcc19ff

    SHA256

    3ab1e8f75ea00beda27e9e04f7f47037e26c23287e17789f3e9248e854815c63

    SHA512

    6c74b5a020a5ee8ff0f5052ec9eb788c2bdc28e071dfcced4b37ade05fda7816675861e326aa37063124fba4fbff8127d9c950c367e2ce16a8d61e5a74522c83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8312c5c21ee38a247b313e904835bbf4

    SHA1

    3c511bcabf25834542100f39e399f210d61c99f3

    SHA256

    f752af839ad64a48fd34ab2358ac57e37555a49f66d58a3830f1facb004e0e49

    SHA512

    04ec3ab9bb719364a5e095049b14f8069da669360b9fd94851e4d9aff0a42fe9792fd5c0ce23dd9215aa9b6364fa533a7226f06f26c6c27d8d0042a8fae27d00

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b00537dc38ffebbc3ab9aa37a8667f3d

    SHA1

    2068b51760e247bd93aa3d9239abcc79ace16c7f

    SHA256

    69d501372481a2d7f3b4e81a196fea6e4a4eaeda4e890d5e7df2fb46f5c9e1ea

    SHA512

    83c5a70ec93fa42659c984a6750cdcd1f956e9df1dfefa1bc6925b9df1c1ae9b5ee5ca13989893f047f9077557682dc417894ab63da2c3c70454e4f328bf2bb0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    29732ddfc1d3571769a9cd5b31c87b88

    SHA1

    e2fa7ce05b0e974b8e5022eafd4b63df8968940d

    SHA256

    134fd93f66bc55c29bb551f96ea69d014a2f859a4211946fc9e13eb1704d3676

    SHA512

    502c79ab4ae7bd5ab3e7cfcb90ecae56bd379a7b0e0a6db065b6d0e5536c67dda3eab6cb72102e19d5f800525db6917abd6b69e96c22478704b400b685d1c069

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.