Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

_16ec2e4e-..._2.zip

windows10-1703-x64

1

_16ec2e4e-...67.zip

windows10-1703-x64

1

_16ec2e4e-...67.zip

windows10-1703-x64

1

16ec2e4e-6...67.xml

windows10-1703-x64

1

CyveraSystem.reg

windows10-1703-x64

1

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.004

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...cy.log

windows10-1703-x64

1

Logs/corte...ad.log

windows10-1703-x64

1

Logs/cytool.log

windows10-1703-x64

1

Logs/cytoo...rb.log

windows10-1703-x64

1

Logs/foren...ts.log

windows10-1703-x64

1

Logs/foren....log.1

windows10-1703-x64

3

Logs/foren....log.2

windows10-1703-x64

3

Logs/foren....log.3

windows10-1703-x64

3

Logs/foren....log.4

windows10-1703-x64

3

Analysis

  • max time kernel
    111s
  • max time network
    179s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/03/2024, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ec2e4e-6cf7-4e69-b2f3-676c8263db67.xml

  • Size

    4KB

  • MD5

    7abb1c37089c3f0acbf716a750771100

  • SHA1

    54e0104b891805057324c30233e0003bde94c663

  • SHA256

    2faaddc8594ac967196ff0214b132527fc3aee72691b5f9a033ea6c047e62beb

  • SHA512

    38452059ff42131b56ae96a788477c85532f10ec4d7006010b6bff9e8ca189a53dd838110394072c2d6af45fb36f80da35ab97cec47bcf6e55dc75b6a80cb460

  • SSDEEP

    96:wanGgkoiZhV0v8/dxFvoxoTTrqIR0pz4ODW4Eb:jn+oE/d7oxo2IRW0Tb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\16ec2e4e-6cf7-4e69-b2f3-676c8263db67.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\16ec2e4e-6cf7-4e69-b2f3-676c8263db67.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4912 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    25200eeb2faffa02c43fb57844135379

    SHA1

    42f2a5ccdae3103e22905d24b689b8cdf253e044

    SHA256

    13eae90ccfd447309e278c9382d9c041a8439ca3665cc3d517242f1ecbb2b6fa

    SHA512

    5ef629bbe691182413cc6e159f5df31a3e5117c745309239db1a736c2516309dc0fcbeeb8f34c82fde124d1ecc8ea2e56e077e0caee80a45554e5639425f2c6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f0f1aa2ee0b0e7de5a1f32c40b2648b5

    SHA1

    c694c4d28f3daf5d0f90229afe427e9cf47889e6

    SHA256

    b9efb01e1b996690490508f0678c0df9b9c23fe59635a2f214db912b7e3c861c

    SHA512

    b6150bd824ffeb0ccce1731559d711e374feb8f7497d6bc0ddd63160b0d2240316829e708f3bbe1a2062e2ce7845a18e22cdcfec588f8de7ce355de30dcd986b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QO128Z61\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8GFXO1CW.cookie
    Filesize

    543B

    MD5

    bda3601867a71f272086025670dea709

    SHA1

    4f3e73a233222368fd08ae1e309799b615fe7837

    SHA256

    0b1448db11f782b72f49343091e60a711bdec090e63a1655132cacf8c21bf404

    SHA512

    54adb24eae3b1b282f1d2b97e0d2a0ba7d6e70d80d0383f0fcd677920af79b25b9df46fede99c32257b7a3eeed6edb14fd3bd3d68a5b705632cd2d5319cd525f

    Download Submit

  • memory/748-14-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-18-0x00007FF83FB10000-0x00007FF83FBBE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/748-6-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-7-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-8-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-10-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-11-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-9-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-12-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-13-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-0-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-15-0x00007FF83FB10000-0x00007FF83FBBE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/748-16-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-5-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-17-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-19-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-21-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-20-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-22-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-23-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-24-0x00007FF83FB10000-0x00007FF83FBBE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/748-3-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-4-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/748-1-0x00007FF7FFF30000-0x00007FF7FFF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-2-0x00007FF83FEA0000-0x00007FF84007B000-memory.dmp

    Filesize

    1.9MB

    Download