Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

116560a2c7...4.html

windows7-x64

1

116560a2c7...4.html

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 06:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    116560a2c754e4d2933e96729ec33614.html

  • Size

    601B

  • MD5

    116560a2c754e4d2933e96729ec33614

  • SHA1

    da87b6d028a42dcc00cac72cb355860a63f5ea11

  • SHA256

    96c1d7e12c793a9c8265ceb113813f4403408539ba38a88466b157ef71eedc2a

  • SHA512

    50572edde32148ffe76fd71dc6072477a37dd646ede9d0374117ae9f1ebccad04117b214e0c3d9cf5d7f21a13d6aeb770094ae12547422269254a7bb37e7d25e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\116560a2c754e4d2933e96729ec33614.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2080

Network

  • flag-us
    DNS
    frookshop-winsive.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    frookshop-winsive.com
    IN A
    Response
    frookshop-winsive.com
    IN A
    18.158.88.249
  • flag-de
    GET
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXc2aGp2ZTd2c205ZXVzOGEyNmJrNHJjOCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1630816912638&hash=atnGbpMtz6cWJZYPmoQjh9Oaym9OKd4-0WF01W5144A&rm=D
    IEXPLORE.EXE
    Remote address:
    18.158.88.249:443
    Request
    GET /redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXc2aGp2ZTd2c205ZXVzOGEyNmJrNHJjOCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1630816912638&hash=atnGbpMtz6cWJZYPmoQjh9Oaym9OKd4-0WF01W5144A&rm=D HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: frookshop-winsive.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 400
    Server: nginx
    Date: Mon, 01 Jan 2024 06:28:15 GMT
    Content-Type: text/html
    Content-Length: 231
    Connection: keep-alive
    Cache-Control: no-store, no-cache, pre-check=0, post-check=0
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Pragma: no-cache
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.17.179.205
    a1952.dscq.akamai.net
    IN A
    96.17.179.184
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.17.179.205:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jan 2024 07:28:13 GMT
    Date: Mon, 01 Jan 2024 06:28:13 GMT
    Connection: keep-alive
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.17.179.205:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jan 2024 07:28:19 GMT
    Date: Mon, 01 Jan 2024 06:28:19 GMT
    Connection: keep-alive
  • 18.158.88.249:443
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXc2aGp2ZTd2c205ZXVzOGEyNmJrNHJjOCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1630816912638&hash=atnGbpMtz6cWJZYPmoQjh9Oaym9OKd4-0WF01W5144A&rm=D
    tls, http
    IEXPLORE.EXE
    3.2kB
     6.5kB
     20
    16

    HTTP Request

    GET https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly93My5kbnN2aWJlcy5jby8_dXRtX21lZGl1bT00MWIxMzFiYWI4ZWZhZDVmMThiMDI5NWM5ZGI0OTBiNTVkMTU3ZGUyJnV0bV9jYW1wYWlnbj1pbWFnaW5lYWRzIHNtYXJsdGluayBhZ2dyZXNpdmUgbmV3IDIwMTkmY2lkPXc2aGp2ZTd2c205ZXVzOGEyNmJrNHJjOCYxPWI1OTg0MWIxLWNkOGMtNGIwMS04NGYzLTNmNDAwOTJhMmQ0NA&ts=1630816912638&hash=atnGbpMtz6cWJZYPmoQjh9Oaym9OKd4-0WF01W5144A&rm=D

    HTTP Response

    400
  • 18.158.88.249:443
    frookshop-winsive.com
    tls
    IEXPLORE.EXE
    2.3kB
     5.9kB
     16
    14
  • 96.17.179.205:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    548 B
     1.6kB
     6
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 96.17.179.205:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    600 B
     1.6kB
     7
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.2kB
     9.2kB
     12
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    879 B
     7.8kB
     11
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    781 B
     7.9kB
     9
    13
  • 8.8.8.8:53
    frookshop-winsive.com
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    frookshop-winsive.com

    DNS Response

    18.158.88.249

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.17.179.205
    96.17.179.184

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e90a0dbdc4b30b3b91f614798d5ec071

    SHA1

    fd172a371ac36c2c2526d5423e845b6da9fd7557

    SHA256

    097352164044ac64ced94c51cd9049a95dc5180d04fb294d72a00982204e9094

    SHA512

    8cccfbb3164e8f1e3ecc113fae8df13443d9f2136fceb7a7fdb0fcdda9d4f26f6e33af4be8b975fc2e52d52accc5f2b80f1f36a1f822c1b0f32583aba13aacc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c846ff40d41dd0ce294f5f05a24e57d

    SHA1

    978fe91da48d721d382a1df6d2b8688d92427a3f

    SHA256

    8f6c317c5c8f286d81fb58290c63f81e66ca41035a7ebd6bb03f94d0dd9e5934

    SHA512

    80d5134508ea0b6b132930c56bdedd1b598581e6856648e91cff93114a3c862f41b46fbe02dabf209aee8d4e8e6e9bc7a35140e52a28fa3be8869f2ad907d7b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a450e9b2c664204a07a55d7776cc3bf

    SHA1

    c75b87e4fbf402e0a427c1906e5653d3e1547cea

    SHA256

    71f4f4939d3d3b33229a95f38ae8c2cb5d4c8d65c4fbaefb3cae286e536f30d7

    SHA512

    601ee6e5561620aed8deb8337955ff8eb33a27d15789a02651dd3ab4e77d14079597da0287c2c2940fbe6bf38100b9361815909fdfc94bf7a17ecb21e94695d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c488ff711a3dff13605ad63f26b07570

    SHA1

    aab8e39ae8f8c656336a9f5804ed15cb1c5382f0

    SHA256

    e7c1e4a93ef11883b430fc746594a4a591c3a61b69b21991a54e0db689a4d3b5

    SHA512

    cd7cd0d29ad96143a0d15933f35d6a8180e8e10fec2e99c329513902b020b0b65f82288b229a8b566fa2059e6ca138362948d4886748d2dd4b7afeb3b6bc6da3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40fb459acbe063a21932f2df31718ddc

    SHA1

    d0ea47609fa7c76f82f8bf2cb57fd492cc246daa

    SHA256

    00d56c6fb8ebbe3925bbf0f983f9ce16668ef45e8970ae5aeb1d47b74005f0ec

    SHA512

    3d81282d05869944254d1a8de5c936f2c683d4e7dc78e548744233ec4c0ed9ee203bbbf790c995a8a27f9e0f4e9a6ca9224c57ea3612e224b152ca023daa0af4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7dfe130311f5fbac1431fd926c5f1324

    SHA1

    e64aa62830c71359751af1e47bcb375510dccb9b

    SHA256

    87175afa29068a96305b621fcd44a8a6beb8b3261f2546c1c2f212fc32cd2f0c

    SHA512

    841f7b8cf82326bd68b6be94618758aaeb540dc2c2eaac4765a3881a13ea6d63fee597eb3a5587be5bfcca33f98f58f350e8500536d266ee6e84194f63ff3997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8610f2e8e17c5f69d1dd546b283eb136

    SHA1

    16859276e3661ab62f7be5b8ef8863e228b09cdc

    SHA256

    54d0b9ab75b67d249c2a61113e7bcbcec3d4a0bd28ce4ef113009c5c91eb853c

    SHA512

    6a54a913c45c234f399ef10433249ca5adda1c15483d23097bf91fbeba3768d21580ca2e3b905101fbcdcc3d2ee56b242e376ccb72468b923a104d8ece7de531

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba551a72dfe8633773e29967e4789848

    SHA1

    10dd45c03fbcbea48fa471113bd8bcfc09c3708b

    SHA256

    7165f719a8ef6ca21ae4f19cdb781e62742e7e2ce5e06bbd14546513f3801fee

    SHA512

    6dd696f59f49221d9377ef6dd246aaac73400b91a423684a10b3477a3d557a1265e188b685fed7f5b589d1814a377186d2a7252631d8e6a8d2760d342cc60326

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecdf8b5bcf3fdecf68e7c35c59701e96

    SHA1

    38cae4631d7fbae5c6b91893fcc0f06f872d6b26

    SHA256

    6620280b08b5f870cb9713ec370cc4d2483864377c79c3e13e60389f92aece57

    SHA512

    f2508743163b9822fc11148e36c910827e5bccd82d1bad266477c89a80de84fcb27217ed7d0f8e5748a84a367649b88f9ac7470167a58715bd3c70cfa1eaf358

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b81dad5062ae4164e5c6a5047c1ed9a

    SHA1

    b384e1403672a457f21e1e14d7b87a3e11545a88

    SHA256

    bcad186eccb1fc5523ef65567a719227fdb2a2ddb3a1fcfa165849bc5d534368

    SHA512

    ce677098d48443fc7133ae04601939a794559e9b5acd1e8e7be66686f20dcefda510ba1dcef5c3a90f20e391e09501a704c9733ff39a070902cddf701e2a1fa5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e5356e2677ce6eb2cb2b3c0be00956b

    SHA1

    baea17e51dcbdf361abe7fbd103f4c62ced0fd2b

    SHA256

    082666b151b48d6ecdd46627d64c33f8dbcba5b8a240f3323ed239b9e3b38d2f

    SHA512

    d4a4e305ac0563f30e501aef8e507fc5b758eb0e9285edaf417b3ec50d381768cfba8b38f95f50187edd076f0ee5306df59b23536ef168c68d74586a0e537602

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5939.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar597B.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.