Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 11:07
Static task
static1
Behavioral task
behavioral1
Sample
4612e1b47737b7c9dc59124fe78a59a0.html
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4612e1b47737b7c9dc59124fe78a59a0.html
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
4612e1b47737b7c9dc59124fe78a59a0.html
-
Size
555KB
-
MD5
4612e1b47737b7c9dc59124fe78a59a0
-
SHA1
fc654b2d734b5d164c0c6b7cb90d4645a1e0c15d
-
SHA256
f80f3b7fee7d2f671b81217840eda5e9cf97aa5cae079af327bbbe6c959e6b8d
-
SHA512
2b2aea5a814d252d276e20829af3d91c8476c5d35bb844ef196a08f485976dbc7c8b9f6911f6e10dceede135d3a06e1a4d978fd2bdc543582c7c081e59f8794d
-
SSDEEP
1536:dLnQmUjfvQ3hNNBO7WLY5zKIUdCgsowNOEv5bUnM4RYhlCyXI9RnAWOWKbwGNRo6:drzUTvuH8ophMbyRZp2vERI1
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D8E1D9F7-AC83-11EE-AA35-E2EC48AD62A3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3676 iexplore.exe 3676 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3676 wrote to memory of 4916 3676 iexplore.exe 18 PID 3676 wrote to memory of 4916 3676 iexplore.exe 18 PID 3676 wrote to memory of 4916 3676 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4612e1b47737b7c9dc59124fe78a59a0.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3676 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3676 CREDAT:17410 /prefetch:22⤵PID:4916
-