Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Duplicate ...16.exe

windows7-x64

7

Duplicate ...16.exe

windows10-2004-x64

7

feniks-sit...ik.url

windows7-x64

1

feniks-sit...ik.url

windows10-2004-x64

1

feniks-sit...io.url

windows7-x64

1

feniks-sit...io.url

windows10-2004-x64

1

feniks-sit...pl.url

windows7-x64

6

feniks-sit...pl.url

windows10-2004-x64

3

Analysis

  • max time kernel
    1565s
  • max time network
    1568s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feniks-site/feniks-site.pl.url

  • Size

    129B

  • MD5

    257ea776cc82c3289c9d6cac68021c04

  • SHA1

    f1777f0290e9a4ea32950d50d5bb04ca2127c79c

  • SHA256

    2a05e363505b5b47eb84568b45bfc82b20b3f8121bd8cf4af2a3d5b065b4c06d

  • SHA512

    b704cc1084f9290037fa08b25b24867be3f228b4b32f9c7b56d9795f4a3b94f1f268064c133321dab94dc66d0df6c29917c6dfe728b74e63e70d8da92318eb03

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\feniks-site\feniks-site.pl.url
    1⤵
    • Checks whether UAC is enabled
    PID:1672
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa6f5232b288ae576a053343cdc1486b

    SHA1

    59e3e0018ef67c27107c7cd7917f7c2a34c385d9

    SHA256

    418bee34f1950a6fb0c9a9865f63e562c1c572756d609f623a547beb5e3a9b0b

    SHA512

    4f4a33589d15d44212f00f3abae86b7334ebb2a8388f9b87ebf9cb2817f2b80e62021734be28042016867e048bf6168d22170bfd56c84fd2aaa6b95bc75366b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7aa548a0c30331e3f78d2e46606d7606

    SHA1

    3908748b78df46632950aa5fb152f6a25719fb36

    SHA256

    365d018706d5616bef28398ecebdb442b5b864f7e470f695d773ad40d2f69603

    SHA512

    1dcc66b3f654ded3d5e2e1a74226e63bf1c61cb94043728a1989fbcc7daa6ad480b5cd626666517ef9b37b38642c7094a38dfbfae5d4b84ee8a1493940b7ac91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06e9253a645185fef1783a2704ad7afc

    SHA1

    1af9abfe7bcbd8805011f978385ef40da1378690

    SHA256

    62c12883d4ac07530f2397a0c9fc05f2ec802e068da7bfbf6e9110878aa4e2d4

    SHA512

    fd60a04467993627d41211b472ee3926c9a44a9c9706cc8c1b08c9acb09c86574b0a52d4705be5ade9b77cef8fc206cbd46182454bcc990d0e14c05b87474185

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0d572463bdb936ebe5cfa609b6cfd46

    SHA1

    ea3f474fea38b65421b6a7b2eddc944b7f9e8f8d

    SHA256

    5984eb23daeb455fafdc5b15935baac6095e69f426d756d9eb17490ad082c5d1

    SHA512

    8847bc37e75dffabbaab623f71d758239ac339c5fa4b156c5d3cb6e94145e1a22457692293081d42a861dad0b358472d077caa97fc59fc81550df6a8b2f36be0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fe07050234bd74a708be42664e8afd1

    SHA1

    d462f09787d8b06d15fe8e54254a2117b9c85140

    SHA256

    03a4a165ee401ee3ac1cd29d89809ca569611e93259a0eb8083abd27f2d216cb

    SHA512

    d71497cc1ef17ac921c6151b59ea49a49a36c6bbef960256df3df2e4f4e396d0917201d7bc0275ab019b9ae746be7d5df0635cbd8d1b0cd875a44b62188dde0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03b1fd95140c1c784c5b4afaf5fcdf87

    SHA1

    8aa1e67cdbfe06509dacf8240924364dfaa9c275

    SHA256

    42ba2b43493286494efecd6ecd5968f5d716c17e212fe63f490a65090f979343

    SHA512

    cfbdfb948fa953f9d610c031e6551893000b78fd76e9a381cb86fc7a5d91adae2c6b05fba587730314573b797d08719b059cb3519a63ef737068d6ab127c9018

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2EA2.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2EB4.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1672-0-0x0000000001D30000-0x0000000001D40000-memory.dmp

    Filesize

    64KB

    Download