Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

BLANDITIIS6.html

windows10-1703-x64

8

Resubmissions

26/01/2024, 19:55

240126-ynh2caegar 1

26/01/2024, 19:53

240126-ymgf5adcd6 8

26/01/2024, 19:52

240126-ylfs7seffk 8

26/01/2024, 19:49

240126-yjnq2adbh6 8

26/01/2024, 19:46

240126-yg89ysdbe7 1

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/01/2024, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BLANDITIIS6.html

  • Size

    40KB

  • MD5

    0a940d1bfa4b0834a4f2af9080578372

  • SHA1

    f4e05a2b419d4caca71747dd174fc77d04821994

  • SHA256

    f372c5b6992032699ef6c66177131e6aecd62431cbca53fc9c2daaaae7650199

  • SHA512

    1532d9cdbeeedc98eddad3b878dbb98b5b506013c353619cee9020cb7f1e954521375277d7daac76d6eb642ea5180b942bd88f02cb72e639c46677335f654aa9

  • SSDEEP

    768:MBL+oAZizxCmaptUR6lUYWGLYrpVKS+3xVvMFD/ajVmUZPIzN:k+oA0zxCmapioerpVKr3PGIVmUGzN

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\BLANDITIIS6.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4912 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3888
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\system32\ipconfig.exe
      "C:\Windows\system32\ipconfig.exe" /flushdns
      2⤵
      • Gathers network information
      PID:1560
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3716
    • C:\Windows\system32\ipconfig.exe
      "C:\Windows\system32\ipconfig.exe" /flushdns
      2⤵
      • Gathers network information
      PID:4216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b610bd5c61e2121914699e4b6cb9f7f4

    SHA1

    514f5ad7770f18e1c5b62253d95d6aa3c63c83ee

    SHA256

    3a418958f81aae04aa13719238c42d24adc5258b95246b3df0b32a1bf7676b51

    SHA512

    9ebb50a5b4942dfbf1a037e8a1b6308502d5bd337abaf90cca0d44f3a88001b25c6f82787f13b2d5a6f2bcb81209f831c16422d4c1a6cb6e07d55e8dccd7b3b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    eeb6157238fbcba4665443d262994faf

    SHA1

    b4ad434b6e960cc1f54e5b3128eed1b55f2c17e7

    SHA256

    4f75215b6e33ceb476257bc7639ea54edd1b6f7c999dee9ec21fa0c04fa1f83b

    SHA512

    05c1f2670e1c935d827040dff34d1f1ddd49d783948a69a2e3490754f41d1aa73594278f5547690aca7ac24b2320c3d258cb8d99b83e51f328df74b6add9ea04

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
    Filesize

    3KB

    MD5

    f7f60fa7ae32e447243a32a524f645ee

    SHA1

    82afcad59dcc5857601a9aedab68b6149c73ab8a

    SHA256

    a210fa33d626904af6bf377eb4366c82166c86a0bb48ecf1a1c16f435aecafee

    SHA512

    3c42d7126ef60868dd8e2a7a3eee1253e4845ac3872bc0f9c62f88194b7b2d5a2193f3a29f2278464afc11d0848f50e7f69695b8540f0887c195c08b766cc617

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verA2C.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DBN5HPBJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3M9YRZNL.cookie
    Filesize

    539B

    MD5

    f7bb2eecad75e51ece4ab9ff6230a2ef

    SHA1

    ffeef7fa38cba787f8ec94a46f7183a2e3cce350

    SHA256

    22eb0ca26ff011a54302ed810599bbed4a5192e1451fc3c75e49be6a752fdc9d

    SHA512

    b896087ae4e1847804d9444c5c7a2607ba0678c18afafb0b5c9c3260b8fc7eafbbcff6690ae46c003e0531f074dc13dc9a41c66ee3fd821f453a85b39e2e5bfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
    Filesize

    3KB

    MD5

    7f4db7dcc765d94f93dde4e5dc6535c6

    SHA1

    582c4c174f2a4ccc6213247fa17cd6ca577e4eae

    SHA256

    216f19bc36ab0cf62a865a13763f80178c7dabd1cce3e73f08bd9a9eb2391074

    SHA512

    359c38fcf0e4200188127967843b24a4f5d1edebf5699e228c2613447fbb79ad376ef9f99dd981903fbc03f60d8abe6b9591c7e9463321a562819062a8705c29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m0l31vuk.0he.ps1
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
    Filesize

    352B

    MD5

    d8c27b5afd98f840d7a6181d72a62f41

    SHA1

    9dad58054096b2f91b781049bbbd74c6c4744713

    SHA256

    640d7055cdcc3ea78d0360f434827c65ea39661f9b102fb5c727821658dad0ab

    SHA512

    b1a0bdfa5babb12653afb141cfaf846af6c11d8e05989ed608ea7f9f329abf34e6a79f25e3a66ec6bb614f22b0e8448772fd378bf2d3833456a17e98514950dc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    5KB

    MD5

    745afa130b9bfaf7310a51970d04a1ce

    SHA1

    6c99d4ac77351462d3015e2b57887e9ef6e67f03

    SHA256

    dfa3f3d4582765f7db6d06d3569cb663b8b552f29ed35c501c6290e5a5c5ba06

    SHA512

    898659c89904495f0e3c4d63ca2730969b2675ad4b1c73973dbf9b767925f8291ac65b192e9151ee478be5d2385482438742448d60a58c3218efcf3ed8182e03

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    5KB

    MD5

    b8023c9157b82e9c1cb3ae59f0a5fbfd

    SHA1

    4360dbf83321279f7c132b1b46608c742b799cb9

    SHA256

    6b7eb6ed52457f86c1786612ff6ded5f177cc1d2b6ccabda28d0106cebb05629

    SHA512

    4bf4785b669b02d4d4f4259855cc131602664efe245bb3451c021934ddfc680b1ead5b345ea4a4b0026775386b03fde62e25e2bee6d24a7acf93a5337a3776db

    Download Submit

  • memory/2884-62-0x00000122E20E0000-0x00000122E2156000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2884-22-0x00000122E1750000-0x00000122E1760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-99-0x00000122E1750000-0x00000122E1760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-75-0x00000122E1750000-0x00000122E1760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-19-0x00000122E1860000-0x00000122E1882000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2884-20-0x00007FFC3D0E0000-0x00007FFC3DACC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2884-21-0x00000122E1750000-0x00000122E1760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-115-0x00007FFC3D0E0000-0x00007FFC3DACC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2884-51-0x00000122E2020000-0x00000122E205C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3716-144-0x00000180ECAA0000-0x00000180ECAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3716-190-0x00000180ECAA0000-0x00000180ECAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3716-212-0x00000180ECAA0000-0x00000180ECAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3716-227-0x00000180ED3E0000-0x00000180ED4AC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/3716-228-0x00007FFC3CF10000-0x00007FFC3D8FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3716-143-0x00000180ECAA0000-0x00000180ECAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3716-141-0x00007FFC3CF10000-0x00007FFC3D8FC000-memory.dmp

    Filesize

    9.9MB

    Download