Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
06/04/2024, 20:54 UTC
General
-
Target
www/backend/public/injects/html/banks/ae.hsbc.hsbcuae.html
-
Size
21KB
-
MD5
4869bf70f8f51d06a480f3417ca87e55
-
SHA1
0f80d467aa0d1cfdc7f95f07800ad7629aea797d
-
SHA256
c58a87e65b35f78958bcba68828482507acfb3272e5086eb0025e71d3de69517
-
SHA512
eb3e26bcbb3ab623dda45bb3077cb9939850f393020965a3908939815c6ab62f8c11e942b04507e4bc6f093e38c9a000ab1faa5c58a40e56b499e3ef2b4ffdd2
-
SSDEEP
384:08xi1BLDHQDRSnVLDHLDlKlBBu2LDHQDRSnVLDHQDRSnmmR1MtquXtfqOY:08xCQDRKLDlKlBA2QDRSQDRHmRz
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\backend\public\injects\html\banks\ae.hsbc.hsbcuae.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
-
DNScdnjs.cloudflare.comRemote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.25.14cdnjs.cloudflare.comIN A104.17.24.14 -
DNSajax.googleapis.comRemote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.250.184.234
-
DNSmaxcdn.bootstrapcdn.comRemote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN AResponsemaxcdn.bootstrapcdn.comIN A104.18.11.207maxcdn.bootstrapcdn.comIN A104.18.10.207
-
GEThttps://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.jsRemote address:142.250.184.234:443RequestGET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30399
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 05 Apr 2024 20:16:31 GMT
Expires: Sat, 05 Apr 2025 20:16:31 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 89258
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.cssRemote address:104.18.11.207:443RequestGET /bootstrap/4.1.0/css/bootstrap.min.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sat, 06 Apr 2024 21:04:09 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: DE
CDN-EdgeStorageId: 723
CDN-EdgeStorageId: 617
CDN-EdgeStorageId: 617
Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT
CDN-CachedAt: 2021-07-24 16:52:17
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
Cache-Control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
CDN-RequestId: fe637f643ecb37778cb95cee551d9dc8
Content-Encoding: gzip
CDN-Status: 200
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 1659300
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8704ba8dbe9f23c3-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.cssRemote address:104.18.11.207:443RequestGET /font-awesome/4.6.1/css/font-awesome.min.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sat, 06 Apr 2024 21:04:09 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: FR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
Content-Encoding: gzip
ETag: W/"89916fa773ce96569604016ef25cab50"
Last-Modified: Mon, 25 Jan 2021 22:04:54 GMT
CDN-CachedAt: 11/26/2023 17:42:21
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 1186
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: 512ac3615984df6e2626ad19f562116a
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 1659305
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8704ba8d9c1c06e5-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.jsRemote address:104.17.25.14:443RequestGET /ajax/libs/jquery.mask/1.14.15/jquery.mask.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdnjs.cloudflare.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sat, 06 Apr 2024 21:04:10 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 5836
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03ec3-5a58"
Last-Modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 1299796
Expires: Thu, 27 Mar 2025 21:04:10 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YdDeaoS5vNM0i%2FERGISWGXRaXu%2BfhFvHr%2B4C1prEMO3ku%2BmVcrN0Pr4vaKhELqwyqRdyVqZ1QqFXKxfcsv1g8ZRE4WJxSQE5ebDTBU9%2BkJG167zOGlt6eMjlgMYKyZwPz9vuE8n0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=15780000
Server: cloudflare
CF-RAY: 8704ba8f8ce9942b-LHR
alt-svc: h3=":443"; ma=86400
-
142.250.184.234:443ajax.googleapis.comtls
-
142.250.184.234:443https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.jstls, http
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.jsHTTP Response
200 -
104.18.11.207:443https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.csstls, http
HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.cssHTTP Response
200 -
104.17.25.14:443cdnjs.cloudflare.comtls
-
104.18.11.207:443https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.csstls, http
HTTP Request
GET https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.cssHTTP Response
200 -
104.17.25.14:443https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.jstls, http
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.jsHTTP Response
200 -
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
8.8.8.8:53cdnjs.cloudflare.comdns
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.25.14104.17.24.14
-
8.8.8.8:53ajax.googleapis.comdns
DNS Request
ajax.googleapis.com
DNS Response
142.250.184.234
-
8.8.8.8:53maxcdn.bootstrapcdn.comdns
DNS Request
maxcdn.bootstrapcdn.com
DNS Response
104.18.11.207104.18.10.207
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
344B
MD536c91a0c11422475332b3abead1f7578
SHA1dfd2e77bfea210353be03383fe4bcecb4c92ab68
SHA256c80e3ef778473429e780753d74441e0f007444abd449d0796cb2f40e6f6cc4b8
SHA512b64ee5d838e23c0677bb286d724c9a21743410a3c79b57d44d2a1a3a5c3efcf29012cdb2abb99617e2cdbec8bc5f4ec0897858a6ab82a1f9207b9a60d8542225
-
Filesize
344B
MD54c3ff664454767a72079e784ba2cde66
SHA1b1a5d5dbd08b7065504994db19eaca97e724023b
SHA25684b4933c48fe713614d8735f9e936977ce21396247e4cdf3af9c4842fce7eed7
SHA512196fbd4935a9d19ce04f88f352455b7bb25864b6f87b82b5afc0c6ed101b90e95a1da2242ffbf217678a782413ce92bccfa2068f29bbabcad6f046ca56b0637d
-
Filesize
344B
MD5ff68249e335f6409785fa48863c0b1e0
SHA17c59110afb84ca481af8846723d60a67783ca477
SHA256be3ffad329f66c21f01c2f862ec16518ba3e503e9d6ca6aeacd84f3ffbabdba6
SHA512ac8a4bc4f49533028b1afa5cce009eb856d4dc9f8afb0ff89faffa83e117efc8e4abe1bf94ed659bfb4aec293f581e598d2b5cbde3218810d00db935f4a435db
-
Filesize
344B
MD501a51ee37b73ffe90ab7e5d1952a75b4
SHA13c5c754882094e33c6483c89d7fbedccafd08333
SHA2563873f44309ea19e290240270011e1304485f7906a94d3ad2d48993e12cc7ea9e
SHA5127d7de8a3f71b0c6084adc469926cfe220cce17b116dd15bfc9943fac627a951e5f5266687b68a7c56a0273ddf67e192ff20958eb9705e54dfa46cc55a5819d3c
-
Filesize
344B
MD5eceb147c79b0532683c25e97919e9bdf
SHA16f04fe52e4e5835ad47ad8f180b8551af314dc83
SHA2566a2602371a0c6ff884dac08e9d705bcf93cd6aad6636228d7a759709878f7261
SHA5129e1f41f87b7a31f31fbe9c17c7d88a645848c0eccca59cd94084dec5c91bdbaac50e82db00aa24c9d5837ad7e5b59c18a94a78b07482301c6f9df41a5a01217d
-
Filesize
344B
MD5d0624797b9e5cfe0217ff10b6878d65f
SHA1c9d30de4d6b808af2d8b323c3899f257fd01241b
SHA2565540ac0cc9bd2b490cdfc66907bc5e23e7f29a16717ae9cc165a30be6ab38614
SHA512fce2dbcab8a76adb544ea261c3d36b873581752812f1d951c242577ceec79a7692c5a495e386b748e0f5d6b6a1d38946dc6f592f404b60b70f8f96a86e465655
-
Filesize
344B
MD5b7ec32cbe811421d140f08a5c1e505ea
SHA1e02ffb7af3597d1dee9a77a47bc81dc32b719cba
SHA256b742a64cdd4da42375dafb826a8b5c1c57407e0bcad9dede1bbaace9a3056aff
SHA51260dc8b77ecb57acf3db673df70b3f5224d04893c3dbb20550f753d6b35cb1aa0edfee09378c2fd980bc2f28e602a1ff16957d20cadd8629435fd576175e5ad6b
-
Filesize
344B
MD5bc9f3bd266c73d12f48ae09b4de20801
SHA134cb44c68d5a786f009d42cc62229d969f892789
SHA256616c0ff52594978fdb8309d41136f670a7cffbc652d116b71535dee96fc33c3a
SHA512bbd1d18d87dac188f7487a8ea52673d588b70c3c7b36ff2bd9fdf413d775c76b17e7e83ab61399fded94b534399de1b9e7fc1c8d3af03945ee5a053d6f41b718
-
Filesize
344B
MD5ef3fffdab2989d6048d653ed48a1b1a9
SHA1367435879332a82fca08becaabfcb47030814ba1
SHA256b5978b4c2997e686e9e8ab96ac2ff3cd5e4bbc015a54a1af03cc2c3f5b6fbadd
SHA512f2469219f4f6f3bb75fbee9714ea0bffddbcafd0f3f5a71d34ece069c4779c868cfc52c612876ec7d145f8cabc201691e92283d7d766c59e2763f2150042a7c2
-
Filesize
344B
MD5eb9261b605895e63b983d4b543a0037f
SHA192fd5f2da567fcf6c24323b04069cd18e569f597
SHA256ad526f616214c64c89e9a622a3d36c69540f4e0cf6610e2e9d3d2a5da1f3ca41
SHA512d2e64d9a1c8f22ff8ff17072ab5d905b8ead154903f2ca903f2c238378d73543755eea209677c0d980fb5f995662f928f61430a1071c54f6464fa4ad733cb26b
-
Filesize
344B
MD5c30535ffb6b43d79a8a1b90bd8164f12
SHA167d7a6cf40b46b045add36ef9bda195d206694a0
SHA25659e53902bc3a72d23454b360fdee0d4c5c88c5cb4f7630310b532a11e3db1b5f
SHA5129d49b05e4be32eaf351102ecf028705cdb75abca834cf2dc58f9e97b147803d19c96c5ff4b51b2a09d7bad99536e0baa6850136279de484158bfcedde8efabc7
-
Filesize
344B
MD55c7a7a4a13a69251c0f01c77b0d09636
SHA190c5115d757e3c312682f87ceb78defce694f744
SHA256380a05794850ddc45f739d61fba887cd78fa91bf3e11019065edf600fb5b3000
SHA512e887af14e0f294ca642b81890adebe4ece6265ae2a68125fe6137664e2bb5872b3c3a99743903cf9478eac9ce63c10246a6ae94e3373d74f6e9981acc8230717
-
Filesize
344B
MD524db48e712297c4b6d45e27929b25a96
SHA1d5addeae7ab38f28012101953c2b5ff0511c9632
SHA2566e2ed239b4cbb87600a1d383090914aa26f8a99f46c08f9dc18491ca81545552
SHA512e232f741fc2d214bb9722f15a6d810b926683d85b59e75db2eaeb3ea23feaf353822da583ed6e71486b54fb395925245edf14f1bf4f422af87d9aa16bb0781ef
-
Filesize
344B
MD58946676de1b114197e34a42779fa42e2
SHA1b214dde1a78abd2652897feec368c9a47c7a586b
SHA256dacb2a2fb40a0048f904179529c2c4fac554c7317213ac1eed4b70d71cb5934e
SHA5120178a4cf8863b80e4d2109b5c96863d4bcd69e691bd43c073123ceee7049b4dae0711e8db57d879f4e43e91b49ac57ce6ee47313bf51d8d67bf718e7f3dbb723
-
Filesize
344B
MD5332e81e57693fabbac43ff1357a06d91
SHA120dfc1c028675b3a2164cd700a7728b25933e7d9
SHA2564c62e2bd50c924b530f5119043026434cde984a4e8d3a074780a22332f2d548a
SHA5129c28d8fed474cdd80b32e4f33b9f4bf9ea5a0feafe8c9de15bf2043a0b032ad947e95e223ec6afd6830f6748129e50dacac4a23ed439336496fd5059d8f37547
-
Filesize
344B
MD5c2a3e1d151e96a319eae620f0d74ffde
SHA17f3af9024ecdd5b1d4ae34e62bc98f8878ec6b67
SHA256126c7e2150a64a20a15871dec04839792f3d2f7581903378b4d4098f1f94e035
SHA512f811ff9dd79fa08cc3a8ee7d248ad3282fd4457723659cae901310833ee310487233f3bf3836642be71676d3c83cf9dcedac938213053a105787dd6769e04514
-
Filesize
344B
MD56073f2c94641bc8407d53fdcc58de2c5
SHA1407d67c0247c5f26eb24ff64af675488cab6dab8
SHA2562dcc2544fe7c38ba92d91db14a143f008a51ebfb688f758b4397fee9f0792705
SHA51211ddadbe65280c9fa74230f54f91a950773b4ba6b4827d258d2a282a1d1bc8aa06dc68ed2b642c0b3177cc6f0d249b3812aca1a0a2a7918212efff20f19e2922
-
Filesize
344B
MD5dfa62d2ffe2729c1d83f7430a7932eb7
SHA16144d220ad2b0ced546d0b91e6c912755ef93b57
SHA256bf54a89afcd29aee393281849ba69bce844fbced5a23c64cf80dd2c1341b65c1
SHA5126e14e41a5f966350e92b7027b44a2cbea68210db0e812900bdac477f9cb7d4bbfd49be82af1fc1b568c6055504e86ec48a1fea1c7032967f37cde1a8d7e943e7
-
Filesize
344B
MD5969abb0240952ae53a7c62882325dc4d
SHA1ce4e6c0ba8899171f3c243f38e7520babb2f685b
SHA2566b918876248b2fa418536df1f406d8f42fbdc91564420ccb47f7023586777dd5
SHA5129656c440749b8dd80605136e82bd9097d57e1f34e9adff4c9324cf3c4504c6a7628b06ba93344f4af218de3b0c96423bb2fa8c4397274c12ee536ed2f4c70da6
-
Filesize
344B
MD5f7c6c3791442dcf640ff7a58ca73b9e0
SHA117b1055215a03ce754205e718b6bfd8e02f66ff2
SHA256d2f3d0a685cd08b7f7f1292898b951dc466c28be904acd804f7e7903c45dcdeb
SHA5122650b99d4ac5000566e8fa2bedfea4911a87e9cb58c4e6816e1a4575abecda88751e0b2eb0db0779ad7c5eaaeda49649d924361a42f768f43d39d0392cc86b9e
-
Filesize
344B
MD563fde32ec0f58df99ec432e525c42610
SHA1b895e5358908e052e996213e1d2ee805e37075b5
SHA256c842d22720ed11dd0c95bc6a279c6d3488b4e62fe47351adc0a7a6966c3dc2c9
SHA51291b327fb3616de38d2e58720d021c6b22e5a994843ad89c3abc11d31cafb8e9854aab1cb3823a69e867bf187dbf7083a3bba64dab4eedfba90758b3019183634
-
Filesize
344B
MD50a7b29bf96ca493185150aee3d275d39
SHA1128aacc6bd71dc84a34443d424f440bc2d93c3f6
SHA256e057b4f71216e9f624b7bf2e9236eee63401878e198e8e05cbacf02bf1abce5f
SHA5125284a76d74bd51439acd755a7d6d2ff0c5d666f13343be83fb235868195fbd229639adab10b3e6778306a225ec4c1b69ec91ede963ec557ce20698ecf3b4ff76
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a