Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 03:22
Static task
static1
Behavioral task
behavioral1
Sample
263ab175a0a5f74a524cb592d2bdad6f.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
263ab175a0a5f74a524cb592d2bdad6f.html
Resource
win10v2004-20231222-en
General
-
Target
263ab175a0a5f74a524cb592d2bdad6f.html
-
Size
432B
-
MD5
263ab175a0a5f74a524cb592d2bdad6f
-
SHA1
fccdc5ff6a4235a4e6468c9bf57f76f21db8f2d6
-
SHA256
3b34188f72381c298708361a96ea090544d842cf4c8388c12dbc540febd25853
-
SHA512
1dd497ec6484213a2880faa3ae0f6f5a17f17cef845fb31ec3a7760ff05e3d97430916a6b1877124b4350032668da4ce5d5ff11e27bb7262e23e519497b60f57
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{68D86E4D-A915-11EE-A0B6-667A6D636A0F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1196 iexplore.exe 1196 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1196 wrote to memory of 4620 1196 iexplore.exe 17 PID 1196 wrote to memory of 4620 1196 iexplore.exe 17 PID 1196 wrote to memory of 4620 1196 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\263ab175a0a5f74a524cb592d2bdad6f.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:17410 /prefetch:22⤵PID:4620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57065644ada22dcd357b5ae149e4a3f02
SHA107c4d5640efb08ec0b1d4b1194bac4f1bc661ed7
SHA256b81ae0e9397fbfee7e996ac8cbd88f0e327d847adc9297f2b89d2643e5cd4808
SHA512638b042bb6996a7dabffa6e7c5b8e167cc8e8937cde45577e8cc2c1a6d97d07eb4593e933608526139045ece78c9909126da63de250722ee7d3d738120ffafa9
-
Filesize
1KB
MD591abe01116ab422c598e9c8af72cf4da
SHA10f2815fe8e067d48537ad168225ab4674271fa27
SHA256b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
SHA512a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c