Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

uofaDocTypes.xml

windows7-x64

1

uofaDocTypes.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    6s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    06/06/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uofaDocTypes.xml

  • Size

    1KB

  • MD5

    65a9bed80df6e776664386c10efcfb55

  • SHA1

    d270c550b12e22a821c1f536eb33cb6aeee67d51

  • SHA256

    d3a823e659bd2c06be7380f3dbad0039ccb491429d24e82ec95226a4d92b95f5

  • SHA512

    683ab3bfad844ec9f01c305eb79f5c7e73d6dd8316eba380ab83fbf0af2979e789f2006925f3fe16a3d3dd7f47dfc64fc4ea2f1456d16a08c53116768ab29c2b

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\uofaDocTypes.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2424
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f2f895a384ef9aac3ff4a5c8a8551e1

    SHA1

    b243664d15a6d3770361b2a4bdbd35af3634aa06

    SHA256

    e5d488dc122c5af5e92fcc8a2e3bb8d7254eb45cebe9dea8de2b70fa771602ae

    SHA512

    1c90dc4cab9782655d622aeeb9347c8a9b0d2c8e7434b2fef7625d558a9675f2e7dd3742736b8bcf7ba9e7d9b0d6ad596ddd4fde11eb0e7288c7595c66985526

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c29bd385614ddc9bcb26da1d9b51cd3e

    SHA1

    2a5d489a2936cfaf1621c89db1e9969dfc755779

    SHA256

    139901e63e661f2fd2c80b3d3dcf3345f6455137b345b7f43b2e61e3f15f74a1

    SHA512

    c43a06fd09d5d186c4e655dee02d011d88e67c962d9bd399e589b0a27c49d50e6ef5ea1df3723f84c8d8f0e8311ae06a7f77633463cdced40c48adc5f529d8ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8b6b09e52446b478857baf46913dcfc

    SHA1

    b2a6a148e49d6bd9fb51f2edbd2e2ddf2416fb62

    SHA256

    fbef15e2b04da8f30247afaf22acd23560f836e9785b1e0292406d7d64a6adda

    SHA512

    e4201c51f11e283d259bf492b0f95516fd9a1d9e9ed189ce0d2d3812ce9b7ebf02c68c344560a11318ec2dd7eb0abc9b64d2852f159e3d4d27f1493e960e0799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0360c675e70a71941687496487a9bb3e

    SHA1

    4d8166922e31701f996900189371bfc762a898d2

    SHA256

    ad585993744c8a855b34b7aa064cea7b504dd2268320acf989a2dd677b7fbd03

    SHA512

    a9ca631ca015485699371d8e4c6ed458feb0f7889373a5020d2e9a065ea5aca296438421b01322a2a95b3723ac48872035d0a5842e31ababbf82005f836e9641

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0029005b6e1dc479329aea95678ca10

    SHA1

    48432379a7d8aad649993c810eef92f2bdf98c84

    SHA256

    155b9488bf9ef56eba010c9dd5a25e913b6512896d56bfc038242d0a7c582184

    SHA512

    1d23cd266190eb92df9b70d3eb3ab6bbdddac4d340c8b4ca08125ff0bdd0d364317bd6141a56c3ea0c521f43b3214fea20d1b042a1e8d581fe516d624a5740cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d43230f1a508e0a16d69d7ca39db8268

    SHA1

    0ce293740a8cfe0a7724ede63649cc9b0b72e7e7

    SHA256

    e2834cf1df249f5111442f3f534ea533e2c059eb56e2f00c5719a048b8692ba6

    SHA512

    9b8b932ded1240738cd896644ccb3a931cafdbfa13d8a7ccc0f58d01c6d855085eef095c273fad843f317c6d5cd1075a22981f3ceab5fb7e8465c42efa4a41aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cbebf2844bccc68ee3e8755f6850d4a

    SHA1

    789b4fd5e76a147f829245d83f5dbd919a0494db

    SHA256

    3b5a52b4055ea77470bef005ff1e79ac98fb2ff10df8f1ed6af9cc9242ccfc04

    SHA512

    3caa79b215d0e43adc08d3f4f6d90e448b017e66dccd6768fce83b57519f899f0ede5f489fd1e9dd9534f6b0b15785ee7f462bdd5351d9f6ea61626a2cd59085

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a81f9deca1bffbb909ac183c20b64493

    SHA1

    864f4174514d8db8d069878170db34a693f83f7f

    SHA256

    30e30a9d7b4c64cf0e07e636dfdb06dc8feb239f88abe7f4d7bad8ac3c6b1dcd

    SHA512

    5f149e560bfab3be313238a30273994894b4002f3ba2f1df6cbe63a6f9c80bbe91992e50e065f45cc297a9f5c3477724e453c38ff5c67c71357a3a3e19e83201

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f69f6d33d02fc93a62f6c95c40a840f

    SHA1

    875556b0e0b29a3d3efca9bb2fb71b19329f11cf

    SHA256

    714835c61f60491bd757a998255d3b76f0002920e476783a6b96b78eeb1460dd

    SHA512

    2a2a9b958e60478dc18e7f6c3a4e8abfffef2b1a917a01c549fe8219f42d2ad03330101825702eda1476857da33203ec8580c71679073e6adae1aef287f3b6e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1AD2.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1BA6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit