Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 09:00
Static task
static1
Behavioral task
behavioral1
Sample
13f85271dfa6c97030e5d728ab14d30e.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
13f85271dfa6c97030e5d728ab14d30e.html
Resource
win10v2004-20231222-en
General
-
Target
13f85271dfa6c97030e5d728ab14d30e.html
-
Size
432B
-
MD5
13f85271dfa6c97030e5d728ab14d30e
-
SHA1
c5c5327ceff2428744b8cacb2e0eb8e0d1b08b1a
-
SHA256
14db55c1e8d91e2b13cbf427a199a0ed36d4976e7742460b2e40d9820b74585e
-
SHA512
6f9ac3e028ff28b2614e2c8bfa9f195759e5b552a7b3b335e17d923e4db5f865aa91512683e1bdb9f87da9d51400c6c97685cf37eceefb913eb7e732c56015f6
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{880C0D8B-A7BE-11EE-A0B6-E650309876D8} = "0" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4052 iexplore.exe 4052 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4052 wrote to memory of 2992 4052 iexplore.exe 15 PID 4052 wrote to memory of 2992 4052 iexplore.exe 15 PID 4052 wrote to memory of 2992 4052 iexplore.exe 15
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13f85271dfa6c97030e5d728ab14d30e.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:22⤵PID:2992
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58a8e53f1d10a7120460f9e08de41e430
SHA19da9e4122cafe78679b6d3e8b08d52ef2b5b91a1
SHA2566040d6af08ec9498888cef539611af62a751f1e64face72203d3b949830c6de8
SHA512b3af38c5de093e7a11c3403aff64dd4db6ea7ea13f49815c64aa82dedcddfd467663762dd5ff307469992dc7a00a8a0116e4874dcbac7e56c351799044c9e4e8
-
Filesize
5KB
MD52969aa2b6bfc1acd57ca824aac5a4a26
SHA1bb1659997735ff33318936d876b6afa0e1124f75
SHA256296fab65d45c7bbe0d84dc4ceb9fef86018ddec80c6e28eb0cbfccc66fb8b337
SHA5123abb4122a0f8ca4e381070a91ed6fb38b3b0b523951359a98b30916c19360aa9a358db5f98bf8e1583e575d0255abc7ca63bd9c46d88a883adedc51f3699a554
-
Filesize
3KB
MD5a75c230f34b9296e6fdd8b0b855df5d8
SHA1e0b9e32053d44532fb4e8bb55b54c3211965517b
SHA2568adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920
SHA512950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c
-
Filesize
1KB
MD591abe01116ab422c598e9c8af72cf4da
SHA10f2815fe8e067d48537ad168225ab4674271fa27
SHA256b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
SHA512a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c