Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 07:17
Static task
static1
Behavioral task
behavioral1
Sample
4316141b10535398244bdb69df7c8065.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4316141b10535398244bdb69df7c8065.html
Resource
win10v2004-20231222-en
General
-
Target
4316141b10535398244bdb69df7c8065.html
-
Size
104KB
-
MD5
4316141b10535398244bdb69df7c8065
-
SHA1
6e99702f2cf7592a04a57a14480baadb76252404
-
SHA256
a2f79f2b124613f07243d3898dbc33c4f4802729167cc268a957bdcf869d4c3c
-
SHA512
2c5d6f637b6ec26b957f63f4ad3381c9b04354e30952e4c197d78a6f27f6ba88dcf85af87783fafdcae535bcb3fc1056d139c74e80366b55f8d9bea397c162d7
-
SSDEEP
3072:SOxIi38IP9kSsgo/ZvxYrtPTKCNtHyUtCuM6D:SOx93jVkS8/5xyP2UtHyUtCuX
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6F35D4D6-AB9C-11EE-A0B6-D6F9353EB06D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2884 iexplore.exe 2884 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2884 wrote to memory of 1660 2884 iexplore.exe 16 PID 2884 wrote to memory of 1660 2884 iexplore.exe 16 PID 2884 wrote to memory of 1660 2884 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4316141b10535398244bdb69df7c8065.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:17410 /prefetch:22⤵PID:1660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD55d8c6ebecb2534dd7c1b0b5192e09238
SHA145d3369058b0490165e327f09114e5e9e8e113fc
SHA2560b02530d23beafdda298d2936925996ee9f8cfa4a364b9989aa396c47a6b3298
SHA51274af700df84b99f70f5db62c2dadfa5126422b307c445b42d1aa0a207924a86099c6aa1c33c212b01746e4802bfaaef9453beb620b1e1b621325140d27ebba6c
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d