Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 21:49
Static task
static1
Behavioral task
behavioral1
Sample
1d95f7ce065690294c014f7047333151.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d95f7ce065690294c014f7047333151.html
Resource
win10v2004-20231222-en
General
-
Target
1d95f7ce065690294c014f7047333151.html
-
Size
14KB
-
MD5
1d95f7ce065690294c014f7047333151
-
SHA1
2fe8812a9f8bd82003b6728c94e473797f5ee08a
-
SHA256
dbf832622bd262ad79f036c1c9d9cb9c6f15e9775b98a978d562898dcb2683da
-
SHA512
9b37da0a6649eaf2f1218de65449d7383b048cb55d5cf33c02476d354b8261774e2781786164fa96134b2e0c0b335f425d0906274acdce8a87bb98b463dd3a14
-
SSDEEP
192:1D1f83pqnHWxN6Eb/E5cSar0n7mWGd9gmGRw5XnSQsW:Hf83pqnHWPXDEmWGjgmGCxSe
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9F9DE404-AB17-11EE-A0B6-6A4E6723AB77} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1392 iexplore.exe 1392 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1392 wrote to memory of 1280 1392 iexplore.exe 19 PID 1392 wrote to memory of 1280 1392 iexplore.exe 19 PID 1392 wrote to memory of 1280 1392 iexplore.exe 19
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1d95f7ce065690294c014f7047333151.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:17410 /prefetch:22⤵PID:1280
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD55bfa51f3a417b98e7443eca90fc94703
SHA18c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA5124cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
2KB
MD5c1394fadf7e40c3c9cb03ee64a25f3cb
SHA15f45a2ced256c7c7616b465bb89c72ca42740553
SHA256c1e34335eb07bd560b387d9d450094348fa9dc2fa8af69034803eee5beb1644f
SHA512de8e05defa3763e96b014993883b99050e797c79baffa2dd50824900dbeb90317a84980a25b1c7cd9eac19b25868f40b1016b347775474b5b4f1b6d2f27c6159