Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

4c0c72bd45...9.html

windows7-x64

1

4c0c72bd45...9.html

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 17:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c0c72bd45beec49d08c2f1a52794939.html

  • Size

    6KB

  • MD5

    4c0c72bd45beec49d08c2f1a52794939

  • SHA1

    755212552ec23b6c356dafd1920f4f2627ef2d7f

  • SHA256

    e4b585d36c708b63b828d5c3d5372607d2e5b2b8c721903e3e23f59358868c71

  • SHA512

    8b9d773926c0362dd2cfa359904f6fe47a030dcf291939bc52d3aebd0f99c2de3e255b11c3b019b846a8afa0b52502d5e11f5be765a2eb8032570fafe4a715e2

  • SSDEEP

    96:uzVs+ux7oQLLY1k9o84d12ef7CSTURZcEZ7ru7f:csz7oQAYS/Mb76f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1968
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4c0c72bd45beec49d08c2f1a52794939.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2004

Network

  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    35.82.170.47
    fc01.deviantart.net
    IN A
    54.187.148.60
    fc01.deviantart.net
    IN A
    52.40.105.29
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    35.82.170.47:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 08 Jan 2024 17:33:44 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    44.232.141.196
    orig01.deviantart.net
    IN A
    54.188.178.16
    orig01.deviantart.net
    IN A
    35.164.248.218
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    44.232.141.196:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 08 Jan 2024 17:33:44 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    72.246.173.187
  • flag-us
    GET
    http://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    92.123.128.164:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
    Date: Mon, 08 Jan 2024 17:34:12 GMT
    Connection: keep-alive
    X-CDN-TraceID: 0.a4777b5c.1704735252.2424b727
  • flag-us
    DNS
    iexplore.exe
    Remote address:
    92.123.128.164:80
    Response
    HTTP/1.0 408 Request Time-out
    Server: AkamaiGHost
    Mime-Version: 1.0
    Date: Mon, 08 Jan 2024 17:34:47 GMT
    Content-Type: text/html
    Content-Length: 218
    Expires: Mon, 08 Jan 2024 17:34:47 GMT
  • 35.82.170.47:80
    fc01.deviantart.net
    IEXPLORE.EXE
    236 B
     132 B
     5
    3
  • 35.82.170.47:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    698 B
     650 B
     8
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 44.232.141.196:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
     347 B
     6
    4

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 44.232.141.196:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 92.123.128.164:80
    http://www.bing.com/favicon.ico
    http
    iexplore.exe
    912 B
     5.1kB
     10
    7

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 92.123.128.164:80
    www.bing.com
    http
    iexplore.exe
    386 B
     690 B
     8
    6

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    960 B
     7.8kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.3kB
     15.3kB
     17
    18
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.0kB
     7.9kB
     11
    13
  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    138 B
     124 B
     2
    1

    DNS Request

    analytics.hosting24.com

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    128 B
     148 B
     2
    1

    DNS Request

    counters.gigya.com

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
     113 B
     1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    35.82.170.47
    54.187.148.60
    52.40.105.29

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
     115 B
     1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    44.232.141.196
    54.188.178.16
    35.164.248.218

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    72.246.173.187

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    58d8f92bbc39b453fcb9612ddcce35e5

    SHA1

    0a9d6236f089563836d7518292a6cf4920b117e4

    SHA256

    faf6cf94494023d8fe5216a75514273b3800972e8210a7be20bf86ff54114063

    SHA512

    f5506e1c59b5f524e7997b9d3c52cf95b2e6a9d5803e4acc0a84d50e4a98864988797a46cf178ccb16df20dc254094d8d06364233d44b13b8451238f1b672802

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf0a39cabbe74752ea5d5b40c5c28c70

    SHA1

    4fc87ff54189ec9da9fe9d2fcaa9ab3657376567

    SHA256

    855422bd9b201d337db81fb0af0f565fdcbdac855a5b20b8ef7b897bf82d5002

    SHA512

    1400a85ea4faec5041b2feebac7860ed113960d3c9d85698e21bc713e11306fe5a828e82c69b932de855e7bd728745371f4f456316c3a7a90a1eacf32ce8bda0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5ca276f8623d03844cb697582da9039

    SHA1

    edc410146d7ebb8ba00cee09ddff3a4a556d87d0

    SHA256

    7a4176b2c4353f79c151f6249a1717c7642a7f8fb04b10f0a0ab875c6ec69620

    SHA512

    30966afba59603cfbccf6ed340f29d533435d58e9930c856dabcd8d508e981132cfe1291b7641ea12321cbb329a4cfb29be9ce8e0a8a577ba3f39bb1c4f67a0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0518671ec6fa88f1b3f67069928b2c22

    SHA1

    3ab918efa099e56e0915f0afc769aa6e0ef55ad9

    SHA256

    adc987f6b213381077fa3b9005c8faac0213da12e0072d06d7befc43e596658b

    SHA512

    90c08a006a71f8145d1decdb3f221aa366c7aeb7b509ad21f60e99f00397bbed5f4534502e20694efe011bd641f358ffbdd9f9642026122fe8283c7a75fd5e07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a637b689fdb8df546a0e53e0fe8a78fe

    SHA1

    aac0fe0d604ad7e9b872fbca71f90eb0c4770069

    SHA256

    a90c450db033de2dc8f4eaa5806e0f9a949ad8c322aa8ddede23787bb764e9bf

    SHA512

    ce3780b42760a295e5bfab818bd255188cfc4eebbb51549c1044c006474d0a4220b411e251e2a9dceae482970f21be4286ff391caad9b89b594185fd2ca16a52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c5dea422c8fdfabca2025e663f598d42

    SHA1

    51603262464f331ed7558cc617e25126081e0817

    SHA256

    025e3e9c1f8e7961244ed359dd37e93b27483b2082a492c18fde67a08023ee02

    SHA512

    4ccfd2f03945339d52eac5deaba71f9dc5adbc5c653ca424dca1eeda16c199b5732252ae182b6e0c8a940f8a5505effb58a7ef32b9bd1365d3bfba54a892ba05

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4F20.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.