Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    71KB

  • MD5

    50180070d40e12d99ef390ae33be0067

  • SHA1

    ff5ee7d1230d53d1c774a7e9b918e127629b8b27

  • SHA256

    71044c4593798b24727ede41ab212fb5e75751a3dc5b7c932c4d0f8476950d88

  • SHA512

    372277b749b7f6dd2e6ef5f2b86bfe9b49434dca19d46c69847aa618753095d6091d6b32e321172b02860e3907dbb5162974dc46d334da18b824b10bd0344db4

  • SSDEEP

    1536:WZJvj1rvX+YYdGHM+BhRE90WWK15UY1XmndmVwVK06V6Q8nXy7T1Gt:Wz5sGyeWUQOyX8nXy7T1Gt

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3540
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x478 0x150
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B
    Filesize

    1KB

    MD5

    ed3c5f127b78383417d90b0d9ee7a821

    SHA1

    2d2ec2d7c2d0c74be213b223240f8f4d055e2e18

    SHA256

    1ebdfb5265ac9782e8b5f964c691e7d2fc2313fd2b4e5bcbaec10e8d080ab9ea

    SHA512

    e167b840e0a2c39901b6211555ae0ce71c4b16a8ef12b8621a425fa1552ddf601e345b114f8421f05661383780e5e1beb0fa5dcaa8b890d1c5b5a158d819f2a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A7891822FCFF127E4EADADE9757112B
    Filesize

    246B

    MD5

    17873a6b13cf48e7f043c3037593d081

    SHA1

    b02fe98a38ef64b5d1afc1dc614f875f8926fc21

    SHA256

    c63d8d233f185a7dcd3be0fa5ccd9c3c56d946f06ed9ba8e124f2384aa41a765

    SHA512

    5bd4c183abdfe3d7aaaa09bb55f3ca45731a509c8a8c0a3aa2d515fae464d062d548ed97c90825c3f56964e60ed6323f5894c41d004adce5cff12f103829fa7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2B22.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\58G7K3A9\ottowakadumaaa[1].htm
    Filesize

    154B

    MD5

    cfbeaf604823f038b8b46f0ac862b98c

    SHA1

    7b9eb1dac48e74fa5f418bc456cb410f88b81d98

    SHA256

    20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

    SHA512

    c99bf4f1351efb28a74fa2504429875d9a63eb2d6a145a060ed487f83ff3a42b6c85d94165b960edca90aceec58d16a6ed37b25f44452bbacd7f5204c15c23cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GUTCV3OF\adsnativepc[1].js
    Filesize

    20KB

    MD5

    99b44c11698756e240c74c7f302345de

    SHA1

    3a9a6cbc3a10c3e9be9a900a977e341d0d786daf

    SHA256

    afba8e7564c8117817ad655c9bef0c2ef4a248783837a70bf42c51dfdb7eb910

    SHA512

    c8ebdbc1dc1eddd3dde9bc04503f6cc64a8036e5ecb4c9248f13d265f80b08b46705ed01fe3b37d19ba32de548eec8130b120bdb2d19e9b0a001ef5d5d5bfea3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MCZQJD7V\js[2].js
    Filesize

    186KB

    MD5

    829cf577b3c452c2698e257fe8073e5b

    SHA1

    52ccc6df24633580721ebbbb9816a427403bec5a

    SHA256

    0152aa36139b8fb7ce050767f57eeba7ff91d121712e388a7fe44859435ee26a

    SHA512

    c7187b2079af2fe797e23f0d19ff042effb6a1f9bdffad6bae36a08d55661437ff2521068d1c2804e71acc0706a973de2e5aa3a7377eb29e31f332ce8cd66eee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MCZQJD7V\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit