Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 03:45
Static task
static1
Behavioral task
behavioral1
Sample
26d489d6b6e1c94e0fcdfbd565251389.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
26d489d6b6e1c94e0fcdfbd565251389.html
Resource
win10v2004-20231215-en
General
-
Target
26d489d6b6e1c94e0fcdfbd565251389.html
-
Size
1KB
-
MD5
26d489d6b6e1c94e0fcdfbd565251389
-
SHA1
8a695d903ecf685e78d874ef7bf2b4d1fb18860a
-
SHA256
e18ffcc4136b338241e1b815608d9d1ae8d599debee057c80748b1a42842d91a
-
SHA512
a79ec76a2707f8c27a553c3c68ea69ad5a7ad4b0815e0361187c524c914a4eb87e22f051abaee2884d75db68cd6d4370404bb6da3dcf15d04b98068f0834ce51
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AC426F71-ABB4-11EE-BB4F-6A04C5405167} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3928 iexplore.exe 3928 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3928 wrote to memory of 3484 3928 iexplore.exe 90 PID 3928 wrote to memory of 3484 3928 iexplore.exe 90 PID 3928 wrote to memory of 3484 3928 iexplore.exe 90
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26d489d6b6e1c94e0fcdfbd565251389.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3928 CREDAT:17410 /prefetch:22⤵PID:3484
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD536b05ee7c645875e213f959d7febd977
SHA12073b785724557390ae8ada17a38c0778b672e8d
SHA25663df73c6de91b20b9b5cdc2241ffd556df8589418290be47cecc542477eefca6
SHA5125ddb4a1cf41b5193be98a134ced224d75e2b1a00616c2f6448dd662d626d10af195c9b41a354dccbba37b90305981d9d36efe85c69712ea906d2f60e82e1f832