Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 06:57
Static task
static1
Behavioral task
behavioral1
Sample
459329afbdbdc0173f1300fd1357cbbf.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
459329afbdbdc0173f1300fd1357cbbf.html
Resource
win10v2004-20231215-en
General
-
Target
459329afbdbdc0173f1300fd1357cbbf.html
-
Size
2KB
-
MD5
459329afbdbdc0173f1300fd1357cbbf
-
SHA1
d31fcecc0ea1cc9448457860afddb761e5cc1fb3
-
SHA256
9f3b61f856595be9d45afbe12ba07cd7f78022c243ea1cb58726bb7431ecf937
-
SHA512
c1e01e02d0850062d359244cc9aa414a73333021a52156836d4797ee99c15f2fe9f85c78f15c47f8cb1e55a9edc15d43814e148da02a5d853fcfcb85c20e3d10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D1E15CDF-AC60-11EE-9963-76CF25FE979C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2192 iexplore.exe 2192 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2192 wrote to memory of 1724 2192 iexplore.exe 16 PID 2192 wrote to memory of 1724 2192 iexplore.exe 16 PID 2192 wrote to memory of 1724 2192 iexplore.exe 16
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\459329afbdbdc0173f1300fd1357cbbf.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:17410 /prefetch:22⤵PID:1724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD59319830715e455a8fc5647ca0e6cfeb2
SHA13e72ed887432bee16ab5bf6aa86c78ae7a46095f
SHA2565297e0d98b0d75a70fdd7b13b2355bb9ee62aeef3459288bf7ef40a983b892b2
SHA512dd1be63a4029cb786deb65fe3c561f194ee6294135d68d9f4bc9d154cc931a4cde080d24f0efd31a3ade1bcbbd9c6f609817e0008e25bae401b73164e5c78c87