Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06/01/2024, 08:32
Static task
static1
Behavioral task
behavioral1
Sample
45c505cfa92386c1d7789b5efa77e8f9.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
45c505cfa92386c1d7789b5efa77e8f9.html
Resource
win10v2004-20231215-en
General
-
Target
45c505cfa92386c1d7789b5efa77e8f9.html
-
Size
6KB
-
MD5
45c505cfa92386c1d7789b5efa77e8f9
-
SHA1
80bd9bfd77451c5b5757d2088e08cef6a0d8b4fe
-
SHA256
ecc4f343f8e2ab68b23b11d123a82d0e4389c5ded4019ceef64e9b1ebeef056a
-
SHA512
23c87356588087e760d7dee126f38be64d03efd740fd93ae788761b1a5c5fba8a348bbf234378d0094a154e350b2bea703f4daf451fe20956a9915e6e10d3aee
-
SSDEEP
96:PZqMrQ/ybRW/ShzVZQImCqzyGkrEvVzF7UYQZEQ5Gmuawc/bPEr:P8YQabIShzb6+nEvVW1L5GmuLc/TU
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{29D29A41-AC6E-11EE-9E34-CE9B5D0C5DE4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2652 iexplore.exe 2652 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2652 wrote to memory of 2896 2652 iexplore.exe 15 PID 2652 wrote to memory of 2896 2652 iexplore.exe 15 PID 2652 wrote to memory of 2896 2652 iexplore.exe 15 PID 2652 wrote to memory of 2896 2652 iexplore.exe 15
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45c505cfa92386c1d7789b5efa77e8f9.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:22⤵PID:2896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5142fe26470607b67197be7312d0b098a
SHA13ed77c05e0b9026ce7a56cad160e7066e8e668d0
SHA25651e93b92426de8e15bc4d2c635c0be4bee89b4790cf70e27363201fd63c68e5d
SHA5125fd272df362adec17aad2d65bb396d2f4ff17a13cfb6dd3e296baca17d8085d2c7342ae076923bc87c2453d17b38ec225e894ec11be4ed884f8f4e538faf1f7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5887d0af7f960723aa5aef2008030d5c5
SHA106e39b44a9122da626e4d327cd9d9626142c6b60
SHA2568248dabf5da70f4947a73c0798492ac3f0e178a0628ef2210bff327441691a9d
SHA5127ef0959d09a78940acf2f1f3041c3045b3c7081d4054f2ec007421345ae821251865a7158f4fe584e3be9f3919e50d186530f8c406db252f0d8a0c158c56f681
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD549a9eb19f7870a30c00a143d6ddfcafe
SHA1f0849e3e5a9828fffef8b82ac0662826b1021329
SHA256f4480d54c5127797b113f0bfbd0f4b78cf22aac1ccec7f5a15148847b77d730e
SHA512c069118872afe9c8b67d1bf1a24d6ba06214288cd65f4418eb0002b5495eecb1027d042ba74cf532ed6463101dd0a38b3a7af2b93bdcc85e0926ba51a29182d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5481ee7cae23f3034a3baa410e9d1bce6
SHA16dd3844fb33d5e7f028e0dd10f1ef58918cb23a2
SHA2565833b4b6a514cf589050c8ee3e19d55c5ac7c90560a44a8f1ea6e7f70a83b9f3
SHA512723a55cf0dfa741bb5761f53f7ed35689b0f9941237a725599e552a740c541f1af576f34b2f654bf0803793498e10a692f049f01aef1524533a74a747e94b86f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ae0587d73d5223ba4e7b620f321ee127
SHA15f37e02fba52cc28e02cdd71e30d9fdd5f8d8edc
SHA2569d24bf86c9fd59be4e0da69f3a8fd7fb155b12b0a2729b872958afa9418aaa0b
SHA512265267e125b0e0832900b9818de1a8e6b45ac7aae1d2a49925fc30e46e94de0ad525234c8deb9e181471055f295b05209fa2c1a38d430d9211e5adc709c3e25c
-
Filesize
22KB
MD5de873249cbeece0d5fe92c45e26d8b49
SHA1751515c3afb86da9534139e42c6c557af068328e
SHA25602b8f73bf53e43091f3abeeddc4ab084e83f20c5ea81c06c8ccf028af2a907b6
SHA51250a58ee1c12ec79a5279a40f663266c34be73b421f7536838855b0f5e6d87cd859119c14fa789b713b13027389683697e368c3182ae6bebf33718c3d66e519fe