Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 09:00
Static task
static1
Behavioral task
behavioral1
Sample
61e8d083cdd4388e63bf00f2e7194955.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
61e8d083cdd4388e63bf00f2e7194955.html
Resource
win10v2004-20231215-en
General
-
Target
61e8d083cdd4388e63bf00f2e7194955.html
-
Size
89KB
-
MD5
61e8d083cdd4388e63bf00f2e7194955
-
SHA1
e32ecf15643fb98eb791622554d55c61ead4b7c8
-
SHA256
8dca3203446d06a425bbea0c43d9057f961ef1efd82c6ddef60b014051c6c8cf
-
SHA512
b00e0d5e3e3c40b8567e36bae1192055ad0d8045f18338e35aa2971a1ff22a2d0a0fa2b07876fe707ad12dca25bfd81921354690cad33e37fa6f24552a0a81a2
-
SSDEEP
1536:gxiIJHKB/j6Y6Vri36I8xh5Dt8yvz3UrtbTzd4Ar5ZjM31dLuUfcb5ER/yC1a85p:iHKB/j6Y6Vri36I8xh5WAwCGjscb5ER9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1388C88C-A4CA-11EE-8184-7672481B3261} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3000 iexplore.exe 3000 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3000 wrote to memory of 5064 3000 iexplore.exe 18 PID 3000 wrote to memory of 5064 3000 iexplore.exe 18 PID 3000 wrote to memory of 5064 3000 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\61e8d083cdd4388e63bf00f2e7194955.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:17410 /prefetch:22⤵PID:5064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5fda44910deb1a460be4ac5d56d61d837
SHA1f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA51257dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1