Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 13:26
Static task
static1
Behavioral task
behavioral1
Sample
37f910ea22b91f876ddc697b0c3cf8dd.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37f910ea22b91f876ddc697b0c3cf8dd.html
Resource
win10v2004-20231222-en
General
-
Target
37f910ea22b91f876ddc697b0c3cf8dd.html
-
Size
3.5MB
-
MD5
37f910ea22b91f876ddc697b0c3cf8dd
-
SHA1
de1203a4648508214a653da9b93a94a58a377926
-
SHA256
35ee09a6c0058ef951f43c3fa1bafb622ea6f28b653decf31ce0489d0c778d24
-
SHA512
c104ec262d7345d5259f3ecf075c2a334c6205f52bac5765b255694b54fa357155615f6ea0d91552fb6ebae7e3b07a2ffb7fcd7de0def939defebeeb907db501
-
SSDEEP
12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NS3:jvpjte4tT643
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{33F6CC65-AFDE-11EE-AA35-EA4D20080768} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3848 iexplore.exe 3848 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3848 wrote to memory of 2988 3848 iexplore.exe 18 PID 3848 wrote to memory of 2988 3848 iexplore.exe 18 PID 3848 wrote to memory of 2988 3848 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\37f910ea22b91f876ddc697b0c3cf8dd.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3848 CREDAT:17410 /prefetch:22⤵PID:2988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD52f6b11a7e914718e0290410e85366fe9
SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA5120d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db
-
Filesize
84KB
MD5e071abda8fe61194711cfc2ab99fe104
SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA51253a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65