Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 14:54
Static task
static1
Behavioral task
behavioral1
Sample
4683532bd9a9dbf1ab3044410a50144f.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4683532bd9a9dbf1ab3044410a50144f.html
Resource
win10v2004-20231215-en
General
-
Target
4683532bd9a9dbf1ab3044410a50144f.html
-
Size
28KB
-
MD5
4683532bd9a9dbf1ab3044410a50144f
-
SHA1
321474560ae21a86d50ab062454a6e49af63d900
-
SHA256
33c73903bff57c9186faf825382395f21c45ab7c6042080cee5c907420fc9786
-
SHA512
5593d71f13fc03fccc85e07278afeb2c2df3ce702cd35fbb55dd36d212e0285b1bd53797207f4466daf94ee657ec2dae1808e3fd7cbb760b05ea84844d427fb7
-
SSDEEP
192:uw/cb5nGZI2nQjxn5Q/knQieHNnanQOkEntAWnQTbnlnQ9eTjm6MPvO4dQl7MBnl:+Q/omFivONSR4U
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7BDC4BFF-ACA3-11EE-8184-52EF8B93895E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2120 iexplore.exe 2120 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2120 wrote to memory of 4500 2120 iexplore.exe 18 PID 2120 wrote to memory of 4500 2120 iexplore.exe 18 PID 2120 wrote to memory of 4500 2120 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4683532bd9a9dbf1ab3044410a50144f.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:17410 /prefetch:22⤵PID:4500
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a288a1e2f464efc8bbcd857937c7c2d7
SHA180d0f1cd77f83237b3a7ab2b3543956edbc4738f
SHA256113210490fc52a4bbd1ac978866e18adcfcc191ffdeb700ca6ba1341bad6af75
SHA512c04ccd7ee8018928a2e9f8149d94bf050d4ff53821e6cc3d2ca42e6474f440a54e5d121903b27cc1c98fcae832a2b678ccbb7e4b0ce2aa5819fe834be5b2397f