Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

OneTimeCon...17.msg

windows7-x64

5

OneTimeCon...17.msg

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OneTimeConfirmation_Retain notification response needed today -Password -expiration -review __ Case #_326317.msg

  • Size

    139KB

  • MD5

    d31547144e718da96d32d0cd7e5c4a06

  • SHA1

    a75189d9ec2d5945eebc8e1ad56d987ae1cbe41c

  • SHA256

    fb4abb9f2d7c2526d0c6869c928a870dac6730d681ce1f2e6f00a5325deb1f18

  • SHA512

    b4073021b558dffbcb131618fef8c27028c5cf197ad26984c13a3cec2dd4f6945e7fa54c3f6adee262573c46a08429c14446f83917ba8d3387d0367d8daaad7b

  • SSDEEP

    768:EJs4uikJMgccYtWcKBWsK3fICR+DNh11fopaqnFkcEdzgWsK5Pfxv8XuGquGDzN5:1i3nWpWfxLwcW4uGquGcSSTNqh7QcC

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\OneTimeConfirmation_Retain notification response needed today -Password -expiration -review __ Case #_326317.msg"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    970B

    MD5

    754f2e8286fb172efe8f3811339e51ce

    SHA1

    38a1d6e81ee5c37c6405fcdbd813e9324b36afa9

    SHA256

    9ccfe7043a83733610f5ab871691406cb2501e0af8439f224e137bba5af22f2c

    SHA512

    5ffdff828bc2c7db236b4a75de820a2ca8209dc7043b416dd345872b9f595048f689b89904bd62ec002673fd9196a81dec705533c24284e5cd00efd316c25676

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • memory/2348-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2348-1-0x000000007393D000-0x0000000073948000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2348-124-0x000000007393D000-0x0000000073948000-memory.dmp

    Filesize

    44KB

    Download