Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
82s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
09/01/2024, 04:11
Static task
static1
Behavioral task
behavioral1
Sample
4d4dc293cead57fa905c4c554f39249c.html
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4d4dc293cead57fa905c4c554f39249c.html
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
4d4dc293cead57fa905c4c554f39249c.html
-
Size
66KB
-
MD5
4d4dc293cead57fa905c4c554f39249c
-
SHA1
26b0965d49bfb547ce34c41d085b9ba8b1509d49
-
SHA256
2ffb25be0aaae33c68689fa65ff4161454ab4699828034365888d92031e08f02
-
SHA512
0ebdfe86a4e2e6af20bc9cbf5605097a4faa5d4094b7364c9159ff29c0c831cdd54972fd38d78584ccc389751253d5cd3a6e0d0dd2084e3ba636048be9be29fd
-
SSDEEP
1536:zmYwGw4Q1mhiCOZ8P47jFi4o/LzcuRev0+gRIJEJNezcekezKeevNezKee9NezSd:6Yw0Q1cfsv0+0jlL2EA5ie3Tw64h
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{342B5CDE-AEA5-11EE-AA35-E2FF52840C3F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4872 iexplore.exe 4872 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4872 wrote to memory of 3192 4872 iexplore.exe 18 PID 4872 wrote to memory of 3192 4872 iexplore.exe 18 PID 4872 wrote to memory of 3192 4872 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d4dc293cead57fa905c4c554f39249c.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4872 CREDAT:17410 /prefetch:22⤵PID:3192
-