Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 00:11 UTC
Static task
static1
Behavioral task
behavioral1
Sample
4575f3c57d0505bf9f9c8a642a579b5d.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4575f3c57d0505bf9f9c8a642a579b5d.html
Resource
win10v2004-20231222-en
General
-
Target
4575f3c57d0505bf9f9c8a642a579b5d.html
-
Size
6KB
-
MD5
4575f3c57d0505bf9f9c8a642a579b5d
-
SHA1
2d144b37e3a80dcc72aa9a681ec405024e45ef33
-
SHA256
e39cb28fb86330c7e7d569cf8cfef336790b33c1292779e0df8b3feb73eb6666
-
SHA512
d6efe6ea5028adffaa37b215dbdc3b2cb278392b8026e11469b32b3d9ba141e8db8820a2fb01e04862d4806ced1110bc3c4a21c09bce9a5c46f86567f076f3c0
-
SSDEEP
96:uzVs+ux7s/LLY1k9o84d12ef7CSTUS6o6M6dcEZ7ru7f:csz7s/AYS/uor0b76f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5C43C41-A452-11EE-BDEB-D6E40795ECBF} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1976 iexplore.exe 1976 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2364 1976 iexplore.exe 17 PID 1976 wrote to memory of 2364 1976 iexplore.exe 17 PID 1976 wrote to memory of 2364 1976 iexplore.exe 17 PID 1976 wrote to memory of 2364 1976 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4575f3c57d0505bf9f9c8a642a579b5d.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
PID:2364
-
Network
-
Remote address:8.8.8.8:53Requestcounters.gigya.comIN AResponse
-
Remote address:8.8.8.8:53Requestfruitfly.files.wordpress.comIN AResponsefruitfly.files.wordpress.comIN CNAMEs3.files.wordpress.coms3.files.wordpress.comIN A192.0.72.21s3.files.wordpress.comIN A192.0.72.20
-
Remote address:8.8.8.8:53Requestanalytics.hosting24.comIN AResponse
-
Remote address:192.0.72.21:80RequestGET /2007/12/twix.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fruitfly.files.wordpress.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Wed, 27 Dec 2023 00:57:53 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://fruitfly.files.wordpress.com/2007/12/twix.jpg
-
Remote address:8.8.8.8:53Requestfc01.deviantart.netIN AResponsefc01.deviantart.netIN A35.165.97.75fc01.deviantart.netIN A54.68.77.234fc01.deviantart.netIN A52.89.78.42
-
Remote address:8.8.8.8:53Requestfc01.deviantart.netIN A
-
Remote address:35.165.97.75:80RequestGET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fc01.deviantart.net
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Server: nginx
Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
-
Remote address:8.8.8.8:53Requestorig01.deviantart.netIN AResponseorig01.deviantart.netIN A35.165.192.179orig01.deviantart.netIN A100.20.162.172orig01.deviantart.netIN A54.71.147.78
-
Remote address:8.8.8.8:53Requestorig01.deviantart.netIN A
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN A
-
Remote address:35.165.192.179:80RequestGET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: orig01.deviantart.net
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Server: da-redirector/0.5.2
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:92.123.128.174:80RequestGET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: www.bing.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
Date: Wed, 27 Dec 2023 00:58:23 GMT
Connection: keep-alive
X-CDN-TraceID: 0.ae777b5c.1703638703.49bff35d
-
Remote address:92.123.128.174:80ResponseHTTP/1.0 408 Request Time-out
Mime-Version: 1.0
Date: Wed, 27 Dec 2023 00:58:57 GMT
Content-Type: text/html
Content-Length: 218
Expires: Wed, 27 Dec 2023 00:58:57 GMT
-
568 B 595 B 6 5
HTTP Request
GET http://fruitfly.files.wordpress.com/2007/12/twix.jpgHTTP Response
301 -
190 B 132 B 4 3
-
2.9kB 78.9kB 42 67
-
35.165.97.75:80http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpghttp606 B 650 B 6 5
HTTP Request
GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpgHTTP Response
301 -
190 B 132 B 4 3
-
35.165.192.179:80http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpghttp608 B 387 B 6 5
HTTP Request
GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpgHTTP Response
404 -
190 B 132 B 4 3
-
640 B 5.2kB 9 9
HTTP Request
GET http://www.bing.com/favicon.icoHTTP Response
200 -
340 B 650 B 7 5
HTTP Response
408 -
640 B 140 B 5 3
-
753 B 8.7kB 9 12
-
444 B 128 B 4 3
-
294 B 132 B 4 3
-
144 B 92 B 3 2
-
64 B 148 B 1 1
DNS Request
counters.gigya.com
-
74 B 123 B 1 1
DNS Request
fruitfly.files.wordpress.com
DNS Response
192.0.72.21192.0.72.20
-
69 B 124 B 1 1
DNS Request
analytics.hosting24.com
-
130 B 113 B 2 1
DNS Request
fc01.deviantart.net
DNS Request
fc01.deviantart.net
DNS Response
35.165.97.7554.68.77.23452.89.78.42
-
134 B 115 B 2 1
DNS Request
orig01.deviantart.net
DNS Request
orig01.deviantart.net
DNS Response
35.165.192.179100.20.162.17254.71.147.78
-
126 B 230 B 2 1
DNS Request
www.microsoft.com
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5d102ceb59d1e229ce8f80da851846366
SHA1d9c4cbe8d34a0c8f72776d7aa3050c764243a188
SHA256f1b1721334d5b7f2b9f95c213b0f5e7d3e9aacdc51a465353132cdbe09778b2c
SHA5126816086db14ab0cd0f8195afcf5373bce128e4ac6db4b0005dbe309f0cae6ea3f1173005e7303efebd152c7cecbcd57c88deeace606ba48d2384a748ed028620
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ecf40c564f342357b2e6f77f2108ec2
SHA1b0305e2b835529d0fe5f291f60757a0b3de5540c
SHA25602bd3ff3b098fc4806ee71cb98782482bbdbc524a51a5a2c16b57504a1bd737a
SHA512add3776c5aaf6a0ffd5488dc1f5e661475c6b772d6e698013bd713bc9fee72e37fcbaf5dd14abd9eee28ef55d01c94fe107e0ca2130ee2a10f70b3c76124dc11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b4ea625e8fb12fa1351f05bca1d69610
SHA1896f6e6f4198ac2cce2d110166a9714eabc825b2
SHA2569ff6668d347426d2031eb4c26263e5f8a01d998d95eebeefaac3aebb9078557e
SHA51245100923dfb78e7d39c840709399a61307ba826e943a51ff451a1b7ad34c9289bb80a442c6f2b24122d450373e5dc38c47ac0c98a92786020e6815e1fb22a905
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d67f50b1f169f3078e6d55b878cba7cc
SHA1e2c75d25c5e87b30f770f0669c1cb748c5891b8a
SHA256a18858692f3eeb96e66d2683d3f6ba580c3fd39f3b58e675511bc2f923473ec2
SHA512407d0086472f77eaf0f8636667722baf71a660ffbbde897c0117e6287324a60cf6a96b22d62cf379a069908c4206ab587aecc7c9a1b31cc7edf207e6688ca563
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57072913146376a614ce52347a457b309
SHA17787bc032e17aa132d40cea8822d6482c81c75e4
SHA256cceb19556900bd747aa6d7aac6ebf86a7bf623cd6382fdc41f5adbc96041713d
SHA5121865fc7e009b02ab797617461af69be2dcdbec28b2474c343662ec0b8f5448353fababcdf38178a01e7a7816af7d1e9bb9bf8785a1c22c39325d0b0c3323edd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58189165428fbce42370d1583ac0d86e6
SHA1080ff4cd463cc36960a73225c8b9ed9830371cd2
SHA2566c192d13660da9b79ef1c8893cb3cb74a939b9e12f35058dfc26cc77e1d5bdbd
SHA512e1c37d6b4829a08d8781ca785a1a71cbad6224a0231b6694e3eb87620d49e8eb2081c60188b85328509db33f4037c2f14fa4fe896bcbdc00624ce5602267b486
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5005a05f27c8cfaf8f5b4ef378b904050
SHA1aa3b7b76c037eccd0df56d18c1091e1dba6e18ac
SHA2567e60449972294809b570fc4f3bc021ab0ccdda7ba456353b17c81f536a27184a
SHA5122f393a1706a46b651dde1651041e329f9a3a7dbccf22d41b96c506d1e9ad3c7cb4bcb1a09a03582ba0d3149b32e2b2777834ffd0168a519346a60392cdf0ee04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5998db759e3d2a20e8b085c6636d0b1be
SHA1f6395bd58d1374cee5457d10a77da283bdcc19ff
SHA2563ab1e8f75ea00beda27e9e04f7f47037e26c23287e17789f3e9248e854815c63
SHA5126c74b5a020a5ee8ff0f5052ec9eb788c2bdc28e071dfcced4b37ade05fda7816675861e326aa37063124fba4fbff8127d9c950c367e2ce16a8d61e5a74522c83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58312c5c21ee38a247b313e904835bbf4
SHA13c511bcabf25834542100f39e399f210d61c99f3
SHA256f752af839ad64a48fd34ab2358ac57e37555a49f66d58a3830f1facb004e0e49
SHA51204ec3ab9bb719364a5e095049b14f8069da669360b9fd94851e4d9aff0a42fe9792fd5c0ce23dd9215aa9b6364fa533a7226f06f26c6c27d8d0042a8fae27d00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b00537dc38ffebbc3ab9aa37a8667f3d
SHA12068b51760e247bd93aa3d9239abcc79ace16c7f
SHA25669d501372481a2d7f3b4e81a196fea6e4a4eaeda4e890d5e7df2fb46f5c9e1ea
SHA51283c5a70ec93fa42659c984a6750cdcd1f956e9df1dfefa1bc6925b9df1c1ae9b5ee5ca13989893f047f9077557682dc417894ab63da2c3c70454e4f328bf2bb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD529732ddfc1d3571769a9cd5b31c87b88
SHA1e2fa7ce05b0e974b8e5022eafd4b63df8968940d
SHA256134fd93f66bc55c29bb551f96ea69d014a2f859a4211946fc9e13eb1704d3676
SHA512502c79ab4ae7bd5ab3e7cfcb90ecae56bd379a7b0e0a6db065b6d0e5536c67dda3eab6cb72102e19d5f800525db6917abd6b69e96c22478704b400b685d1c069
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e