Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2024, 17:05 UTC

General

  • Target

    d40d5a39c43dc3175ebacb9a7744fb9b.html

  • Size

    9KB

  • MD5

    d40d5a39c43dc3175ebacb9a7744fb9b

  • SHA1

    20128b21765fd5127e662a2a59a36d624f1f65be

  • SHA256

    dd91ac3a9ce8b82d4e0aa8724436b6ce5108ce1158cba0ad49d07a88066237b8

  • SHA512

    9861ba3d731e41e70b6b417e0e525c87244c0a1b754580fa4c291b2172a4b4c5024088be7b20eedb869700589220be77ccba6bb8103a2f97fd7e6718ebe50770

  • SSDEEP

    96:uzVs+ux7CatLLY1k9o84d12ef7CSTUiGT/kPs4pUlVHcEZ7ru7f:csz7CatAYS//JUPHb76f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d40d5a39c43dc3175ebacb9a7744fb9b.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2156

Network

  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    44.231.203.91
    fc01.deviantart.net
    IN A
    35.164.115.137
    fc01.deviantart.net
    IN A
    54.71.141.146
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    44.231.203.91:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 18 Mar 2024 17:05:46 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    54.190.93.196
    orig01.deviantart.net
    IN A
    100.21.26.51
    orig01.deviantart.net
    IN A
    54.149.170.165
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    54.190.93.196:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 18 Mar 2024 17:05:50 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 44.231.203.91:80
    fc01.deviantart.net
    IEXPLORE.EXE
    242 B
    132 B
    5
    3
  • 44.231.203.91:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    1.2kB
    1.7kB
    12
    9

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 54.190.93.196:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    660 B
    387 B
    7
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 54.190.93.196:80
    orig01.deviantart.net
    IEXPLORE.EXE
    242 B
    132 B
    5
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.6kB
    10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    851 B
    7.7kB
    11
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    827 B
    7.7kB
    10
    13
  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
    148 B
    1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
    124 B
    1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    130 B
    113 B
    2
    1

    DNS Request

    fc01.deviantart.net

    DNS Request

    fc01.deviantart.net

    DNS Response

    44.231.203.91
    35.164.115.137
    54.71.141.146

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
    115 B
    1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    54.190.93.196
    100.21.26.51
    54.149.170.165

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e01cc4d3f1647f7f5a92543f7270e9b

    SHA1

    78d3e3c248a19ca8aa5bdbccc0bd06aaa9b60f9b

    SHA256

    9b4eb6f67d57786e70cbcaf1822aa3091bbbdf04fcbe40548059d6d1448c196f

    SHA512

    109ff3a9032b31ac7a6c431a2deb1cde31cd6aac34c5070e26221ced2387964d84fe17be0626705610c1c28f9e886ea6b47d1e18637a5b1eba63969f00d382bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    665d3fc2627c71cdbf5b13e7d71672eb

    SHA1

    615cc76ce61bc9fe7c4624b1fb0a8bfe254ee862

    SHA256

    70406e2faa6934911e3a3b7c98dbce5b157d1bb9330aeea4f0c5145906d1a0ac

    SHA512

    da520ff2da31661fdbeb399c9448845bc752740be3a7f8d4934c67ab05e8d29654f038dca345856c119d5b3f223c19be46f851e26341d0317c05c6d4a1f38d37

  • C:\Users\Admin\AppData\Local\Temp\Cab8A56.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar97C7.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.