Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1taoaisi/Conn.vbs
windows7-x64
1taoaisi/Conn.vbs
windows10-2004-x64
1taoaisi/ad...ut.htm
windows7-x64
1taoaisi/ad...ut.htm
windows10-2004-x64
1taoaisi/ad...ot.htm
windows7-x64
1taoaisi/ad...ot.htm
windows10-2004-x64
1taoaisi/ad...ce.htm
windows7-x64
1taoaisi/ad...ce.htm
windows10-2004-x64
1taoaisi/ad...ce.htm
windows7-x64
1taoaisi/ad...ce.htm
windows10-2004-x64
1taoaisi/ad...wf.htm
windows7-x64
1taoaisi/ad...wf.htm
windows10-2004-x64
1taoaisi/ad...dit.js
windows7-x64
1taoaisi/ad...dit.js
windows10-2004-x64
1taoaisi/ad...up.vbs
windows7-x64
1taoaisi/ad...up.vbs
windows10-2004-x64
1taoaisi/ad...ss.vbs
windows7-x64
1taoaisi/ad...ss.vbs
windows10-2004-x64
1taoaisi/ad...nn.vbs
windows7-x64
1taoaisi/ad...nn.vbs
windows10-2004-x64
1taoaisi/ad...es.vbs
windows7-x64
1taoaisi/ad...es.vbs
windows10-2004-x64
1taoaisi/ad...ex.asp
windows7-x64
3taoaisi/ad...ex.asp
windows10-2004-x64
3taoaisi/ad...tch.js
windows7-x64
1taoaisi/ad...tch.js
windows10-2004-x64
1taoaisi/ad...n.html
windows7-x64
1taoaisi/ad...n.html
windows10-2004-x64
1taoaisi/ad...ut.vbs
windows7-x64
1taoaisi/ad...ut.vbs
windows10-2004-x64
1taoaisi/ad...02.vbs
windows7-x64
1taoaisi/ad...02.vbs
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 12:25
Static task
static1
Behavioral task
behavioral1
Sample
taoaisi/Conn.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
taoaisi/Conn.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
taoaisi/admin/SDEdit/HtmPop/about.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
taoaisi/admin/SDEdit/HtmPop/about.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
taoaisi/admin/SDEdit/HtmPop/emot.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
taoaisi/admin/SDEdit/HtmPop/emot.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
taoaisi/admin/SDEdit/HtmPop/face.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
taoaisi/admin/SDEdit/HtmPop/face.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
taoaisi/admin/SDEdit/HtmPop/replace.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
taoaisi/admin/SDEdit/HtmPop/replace.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
taoaisi/admin/SDEdit/HtmPop/swf.htm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
taoaisi/admin/SDEdit/HtmPop/swf.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
taoaisi/admin/SDEdit/SDEdit.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
taoaisi/admin/SDEdit/SDEdit.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
taoaisi/admin/SDEdit/sdup.vbs
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
taoaisi/admin/SDEdit/sdup.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
taoaisi/admin/add_download_pass.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
taoaisi/admin/add_download_pass.vbs
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
taoaisi/admin/conn.vbs
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
taoaisi/admin/conn.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
taoaisi/admin/cookies.vbs
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
taoaisi/admin/cookies.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
taoaisi/admin/index.asp
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
taoaisi/admin/index.asp
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
taoaisi/admin/js/menuswitch.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
taoaisi/admin/js/menuswitch.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
taoaisi/admin/sd_Down.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
taoaisi/admin/sd_Down.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
taoaisi/admin/sd_about.vbs
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
taoaisi/admin/sd_about.vbs
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
taoaisi/admin/sd_about_02.vbs
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
taoaisi/admin/sd_about_02.vbs
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
taoaisi/admin/SDEdit/HtmPop/about.htm
-
Size
1KB
-
MD5
06d1087093e48184133e245e596a67d6
-
SHA1
e1a63c80b78856e51ef91211a66014f446089d48
-
SHA256
88403c9799f2a2bd2c776dae5b83ddf778d85870cdf668857ab19fe697f58b27
-
SHA512
2a144657d2e5799c6dcc2caac6f80ca0c4e1202da584d1fdb5c35c2a9e2fab2592f499e6fc8dec4ba77cca73cf546e10f1d560ce0c13078396eed107fec78741
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000df64676b42858616c4ba01aa883bb63375a8f92e03f73408fa0e84f83fd93d91000000000e8000000002000020000000ec6fdcbb8e8a30897b850acecfe74b5c2981a9d0d621cd2980e387e80360000290000000c824e011eaabf99c1dc4b84d957a7b0f2ae7f4e8e550550a7da5f6d566334cf77dc8603813678f7f9348df9f899ec1719acefc0eea72bf60d0eeaf61811c2a221126f5508a6fe4c457bb313d6cea42577a87d4886046a62fc1287e4b3c46d2c8fb5cacfa4398c93066a79ddceb3fabeaca6602d2f18ba455a083708407b9b2edacd5a883420a5511f84eebb184c6a6d240000000e510e189accbb3ed75c35b03efd92c7c1547aa5bb1b47a791cb7c8b3191025eccfc18df89d8215476233368da13c81a935d2c0123b07f12f7f7e0cb3160fb218 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410442253" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604e3ce3353eda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DDF2931-AA29-11EE-9D5A-6A53A263E8F2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000fe4be0a19553a7846c0ebe6c1cd440610b1568caacb5828d6e99d3187934196c000000000e800000000200002000000047d3b42d331dccf9de2aa70061d2a1a9836011d24d12fbb5d3f32eefff0d932a200000005dcc829fb8e9fc9336c99d265aee3dd851f997d80fbdd17d2039a3406010e7cd400000002436222f92fc95783291dc21d11e8c49e5c8240566bd2c9681846d9c2225227f05850c86d7d639c3b4eabd89a659d3ee323947693e5bff844631981764fb2c94 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1888 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1888 iexplore.exe 1888 iexplore.exe 1980 IEXPLORE.EXE 1980 IEXPLORE.EXE 1980 IEXPLORE.EXE 1980 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1888 wrote to memory of 1980 1888 iexplore.exe 28 PID 1888 wrote to memory of 1980 1888 iexplore.exe 28 PID 1888 wrote to memory of 1980 1888 iexplore.exe 28 PID 1888 wrote to memory of 1980 1888 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\taoaisi\admin\SDEdit\HtmPop\about.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1980
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56dd40c716d48f36c9927838a6e4bcf2a
SHA18d1c9e201d715ae42f7bb34b9b7042185bc28ee8
SHA25663ced11b1edac1485e066dc84d3c812af96267c426bc9f6488c35e8478b08ba4
SHA5122518ea005bc01dd8f7f73ce41083c4aa1c42a79efb0575839f3efc9c8d5ee11a246b400bbf321a9e9ebb51d69415c0e9b828ff0b0207830a453075e0d5a057ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD566b8da797e6a9907fec017e3390e5bcd
SHA1dbf9a036a9542d3771ec738d695361434dacb71d
SHA256b51cddc7bf81eec57164ce15896ddea930cd9a91837f8d4b2b6eaae0e98d53bd
SHA5128fe86a30c59d8e2c9f59851de11e887c6f246d7439b4cb5ab111e49611de787a7569663d3aad3a85e13e321d74a21f76ccbd5c5296d819e3ff45dcc6c3357c9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD543d822c6a35d89837479212d00f5353e
SHA1fe9257920a7d68a8b2f4c5b58cdfd81a43631cbf
SHA256ade0225e02b679f86c56023d411270f12e81af8b6475cca135e8f9c918dace69
SHA512c77338c76c66995a467a7ae7f92b764b077c77441fb7228e65676567bbd5afd26b3dd27517257d738a8ee564c56e9cb450f454a8bd23144cbc45ed9703900bcc
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06