Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7Hone - Installer.exe
windows7-x64
4Hone - Installer.exe
windows10-2004-x64
4$PLUGINSDI...p.html
windows7-x64
1$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows7-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows7-x64
1$PLUGINSDI...app.js
windows10-2004-x64
1$PLUGINSDI...uts.js
windows7-x64
1$PLUGINSDI...uts.js
windows10-2004-x64
1$PLUGINSDI...dle.js
windows7-x64
1$PLUGINSDI...dle.js
windows10-2004-x64
1$PLUGINSDI...min.js
windows7-x64
1$PLUGINSDI...min.js
windows10-2004-x64
1$PLUGINSDI...ons.js
windows7-x64
1$PLUGINSDI...ons.js
windows10-2004-x64
1$PLUGINSDI...ics.js
windows7-x64
1$PLUGINSDI...ics.js
windows10-2004-x64
1$PLUGINSDI...nds.js
windows7-x64
1$PLUGINSDI...nds.js
windows10-2004-x64
1$PLUGINSDI...ies.js
windows7-x64
1$PLUGINSDI...ies.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows7-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...der.js
windows7-x64
1$PLUGINSDI...der.js
windows10-2004-x64
1$PLUGINSDI...ils.js
windows7-x64
1$PLUGINSDI...ils.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows7-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows7-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1Resubmissions
11/04/2024, 06:06
240411-gt1pxagh4y 711/04/2024, 05:53
240411-gllk1sdg28 711/04/2024, 05:51
240411-gj89asgf81 711/04/2024, 05:48
240411-ghl3dadf69 711/04/2024, 05:44
240411-gfgpwagf3y 711/04/2024, 05:39
240411-gcnn1sde52 7Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 05:48
Behavioral task
behavioral1
Sample
Hone - Installer.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Hone - Installer.exe
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/cmp.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/index.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/app.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/app/cmp.html
-
Size
5KB
-
MD5
d7b8b31b190e552677589cfd4cbb5d8e
-
SHA1
09ffb3c63991d5c932c819393de489268bd3ab88
-
SHA256
6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
-
SHA512
32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
-
SSDEEP
48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000006d6ada1a8f4741c849dd5f4eb4e0530d28ec79ed45e544984484d003a3bb1596000000000e8000000002000020000000f20959bde8a4c38f7c2de0e97423c175e6d4475e54cd4930d950b75e1a86acb52000000034025a026c139fe0dbbeb19e41144a5401effeb5f7b7f582ddbf75165cc39bd14000000056ce5afb30f58e87d6098ab4bbaa3489be8176e27c23e40ea390f9f32ba6c0f9a0cffccd4340abfe14b6fa7c0cf08676f22f6a6fb4733e99ce9acb327dde1f74 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C233931-F7C7-11EE-A01B-4AADDC6219DF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419579531" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000003b314a133dd42d5b867203c1159f1c655dac623908b3bbd03e9e514bb603ac09000000000e80000000020000200000009a2c6c0e0368f64ec3520cebdbd49d0df8731957f5f5dcce6b0b7d028622a22090000000ffd80a70c0d010cce75a19941b152e6789e78bc39b775ea2c562af48c6ff0f717b82b98e9619105a7158a0d9d64ac0c77909eba571f77d8df419772efecf643f4f8ac45de3f6c5b1c1ca5db80db2bb49a3300485bdedfed734b96b6bad29248b9c72b11d8d81519b66003ff5513b41b633a93b6d623cf8d6753d8d6606cf04384b0010fdddd2ffbf2d4680d99d8cca2a40000000fd2ee6429d311ca190c08360f5e87761fc6baaf51155ff66e7bcce859b3b5e14c960120a19822192bc890c4872d2b235c738cb1ed88125d7fa818932e9fa502a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02ec210d48bda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2200 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2200 iexplore.exe 2200 iexplore.exe 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2200 wrote to memory of 2552 2200 iexplore.exe 28 PID 2200 wrote to memory of 2552 2200 iexplore.exe 28 PID 2200 wrote to memory of 2552 2200 iexplore.exe 28 PID 2200 wrote to memory of 2552 2200 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2552
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55f768b051766ba299d9ebd4e46a77a97
SHA177670205b9308731519d8eaaace54014b8b7d8cd
SHA256d70c65f7e57bb39c0dfdb4bcb5aa78e5a99e3affbfd802aac7fdbf2a63726bc9
SHA51269031df72a19b224b737f4ca6662e3aa6975627f78930c88a29e6b8962c3807acc61116bc99962d2f46bc6b975207dd4d30caf3ad1a77308e3eac2689744a679
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
3B
MD58a80554c91d9fca8acb82f023de02f11
SHA15f36b2ea290645ee34d943220a14b54ee5ea5be5
SHA256ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
SHA512ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06