Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 08:19
Static task
static1
Behavioral task
behavioral1
Sample
500f067440f611140a3b376491f3bf52.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
500f067440f611140a3b376491f3bf52.html
Resource
win10v2004-20231215-en
General
-
Target
500f067440f611140a3b376491f3bf52.html
-
Size
20KB
-
MD5
500f067440f611140a3b376491f3bf52
-
SHA1
30f8ab19fadb61ea0121bbea517418f63c9db17d
-
SHA256
84f9dd32b131898b314eba2c1557d24461fa1885f3faca5590a15935c67aea32
-
SHA512
2bbfba66fca7d2b5464f81948452619b284d2da913c77adee4ea81c5dc18669882d575741859509dca6008073e7f2ff207c48539807f407854a71896c399840b
-
SSDEEP
384:SIBQoayKk1BoY0Ub/+ROO+G+2+na++J+Ke+/+e+l+F+SD+t+qQYZ3XR:SyQzw1B500/wOOFr+b2ccRKSHDalQYFB
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{00A1F50E-AF91-11EE-9A4E-6A04C5405167} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3912 iexplore.exe 3912 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3912 wrote to memory of 1248 3912 iexplore.exe 18 PID 3912 wrote to memory of 1248 3912 iexplore.exe 18 PID 3912 wrote to memory of 1248 3912 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\500f067440f611140a3b376491f3bf52.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3912 CREDAT:17410 /prefetch:22⤵PID:1248
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5ba1966b1d2f1cf2c58cac3d3e282a40a
SHA1bea71bcc4b066b697616bedeaee659adfefa434f
SHA256820cea212c3cb8ee4266f61f1acc04768eb38d74e36e66d4af0e08b081f54d42
SHA512f2cc97e5b677e17e2e444c168302186f7f3d6308a6a179910facd42354683b9326aaa1d8d9c6ee3aa7f356b23d49f535b0d5c7ddfd6f11b4cc2b19790126d084