Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

sample.html

windows7-x64

6

sample.html

windows10-2004-x64

Analysis

  • max time kernel
    111s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    514KB

  • MD5

    a4b864d6d8693a449ba42abb51e042f0

  • SHA1

    1a6bb7f58fc9315558b9536830f76e46b5995683

  • SHA256

    380f91ebfba5778d5d84650c2e0116cb8300a44ce8bb48239a729efd5c5718cf

  • SHA512

    46cd05245b4b29b5e0cbbe8fad6fd3a19d829ca599adb9bd0fe79707e27e11d59b1aeace94b1b9e1daddbd76e1fecac56a4d1ecb764e425189d0f4efe4e43d92

  • SSDEEP

    6144:VMQt8gt8qt8ft80t8Ht8Pt8rt8Qt8wt8T8Txbi:V7tPtbtqtztqtWtAt/tttk8Txbi

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1068
    • C:\Windows\ehome\ehshell.exe
      "C:\Windows\ehome\ehshell.exe"
      1⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1700
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch /SuppressDialogs
        2⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        PID:1200

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      854B

      MD5

      8d1040b12a663ca4ec7277cfc1ce44f0

      SHA1

      b27fd6bbde79ebdaee158211a71493e21838756b

      SHA256

      3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

      SHA512

      610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      55d476f4c3333ce9e9afc41d2b516a7c

      SHA1

      ac45c526f6d13a2fcfe91e22cb54d22b5b09ef6b

      SHA256

      2d8e84ab294acd11a1fed845dd9adf1770561c06014a78c48d963e325935ef49

      SHA512

      075d72dd854f06a0e945da8067717af6bb8e238b4c39dc9e1b7365f9e8ebae64bd1585e13756e2b77048e2f2717aa6864cee2e57de265f6f08307a728fec3464

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9
      Filesize

      472B

      MD5

      3665df621f90660848dcf3e894b58629

      SHA1

      dbc1de6c85aaff5f54071dcebfa900ffc43b9b49

      SHA256

      6c1d856b33871105bf000752af951492cc67cd4832f7c347fe87ae360668a089

      SHA512

      2f9da79eb5ca4f4742a5cc1181936d64639db8430be7471de3804b1a8eefd7af9fd3d5d55f7e93b5dfc93f486b9b0de0907ea83e9abffd5c8ec9667b807c2d6d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      170B

      MD5

      af97465b942332fe3139e1d0637b27bf

      SHA1

      3f813160ae5c85b83ff7977da9eb81df385c8c00

      SHA256

      c0a4e0705f7633c22c5dab91626fa6af63376a0ef64c62d42d135328cf197da5

      SHA512

      e895339b73f766da1fdc567ab244f17db988592810baedb1a2b746bfb5d2ee8476b4bcfa9123671baf13ed4ef28ff774ed661f1ae16a1670f0f995124fde1659

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      b264200b3380b9dc6d096308e2ad6ccb

      SHA1

      8f4b30e415e47c6e5be7794f90003b74b9ebac4f

      SHA256

      537ed8391a8b698688dcb12d083fedb9699f3a16c11ae803e414a85fecc81b40

      SHA512

      7b0973bd7d0b50e082876ea34da4f57a8961c0b224ea9011abfe4881b62a5063dcb25ef822d8a922ddd3d0a47865115cfac6b81d599f062929d0357aa5b08d92

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18ff1db71ef63dfccbf955d52578f368

      SHA1

      60ac65b043c5447eff7d3bedbaa7d6219fc87e72

      SHA256

      a9e47413fb258109e76a7b3a7b227d48d5c3480833cf34c7087a3c6fbf2af8ac

      SHA512

      730882396f0b3b8ab5dc9736e766045ad035f57b1724709cc00728fc7864b751dd82904f8433849e51f73fdc0b71896a1909854b1e151f04df0d443227f9c2eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a5cb122d00775b8bd59613eb48cba545

      SHA1

      e2708fcc6fc01b57fccc004734df743edf85270a

      SHA256

      e6f4e6ab35feece2bc90297a4a8d3118e087f181ae7b0886514885b0643fa263

      SHA512

      64991ae4829a078d51ceed04e916e8e0a072ed52e74f9ba540cab15ad41d82c61ab85cb79379318140b9935c3e0ba72860aef3c2573e3a5d6c9441746e13a429

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d1f0e3844c48c36cfff34da1a3f4f99e

      SHA1

      abe3104ddc39cd80a8fd1ee824033f0f0684f311

      SHA256

      3b3f5c40b17c1a4e7e13352fae778789f3326ab886edcd7c08a91727f0f90127

      SHA512

      f3b30397029a3c61cd870e193e2f12dbd3ad5956da38a0d1788933c5b723796bf42b083363b2a6600f4bd8a52f2087d06e5ac9effea739871f62b5dac9f64c7d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ff427bcc902eab090985ddf441da160b

      SHA1

      9745f7d91df710a7c4e7411119fd8c1c0b9151b2

      SHA256

      0e84a6bace1df04f60947d64899c86a4a1366c67517d9e5433af6e1081075879

      SHA512

      075ee2887e6e19496697bf7678558935dc06e3b1d6f3e24d10ff93f9ad023c0eeedb2da396d7b8e90c7d902f0525ead5b34d7ea2297a2ad51c84a02a7efd5336

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e4889439648f68a0fcc5bd946b33f575

      SHA1

      6579fc732797bb989bd87af50e43a1a8c5eb76c5

      SHA256

      3e71100fb79994f98198e5df8fabc8e01814d6ba5a0c1b60ffdc56da29a79fe5

      SHA512

      8705c421d3d997fbb9ed66021115938d44f6293268fe0e3e61827e218c2fc951c329dfbc4f1d6817f0323719304e1cf3c5f69b0f2671a6388a80db1eac67615b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bd818d44254f0ac71d00213f4233576f

      SHA1

      804c7375353acd1897d8392ab3d63ea214809c68

      SHA256

      a91b989dc91ee22e8d2c693dfe956b2042a54e71b02f4736b08a553322eb78c8

      SHA512

      47c00024440dcc7a72ce1fb5973160fd1ee0a912a8693ab850b060ad41f7e0b07dce499c3d6cfed9eb82aa891065b07262fcd1cbcc52cbb1690909440ba5ff48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5eaf3a416a0213c3a1cb0e5f34f3547d

      SHA1

      ec39d29ab6880d3da21f7875ba362ed53607935c

      SHA256

      c8b06b2c74e0d7d15e5f4a0f86b20c722c601d7eb0a17548314962fa2b8a3923

      SHA512

      e35fae4d53d1399574f3bca30c42ff64cd22e67766704ca4687c503a2c4e2c6bdf07a853b118b75e63df6f86c4ea7a4698ed3bfe6050e94f16b8db52b170e9f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48c17c97f1fbda23c5f1a861bdb96b80

      SHA1

      3f7436915b038342f0db7ecdf597ab2563e86b58

      SHA256

      3d7c20cc9a55a0da8b4ba69ced53de5a9028506c8620c55f7085d2ecedd5fc30

      SHA512

      a4d813c9243343cf4aa9093b20da1287f778c7a1973a03e929f8131917d5878ef8ed4cd984213e41b8fa734c0f67b74d57fd02e1bd4901f3efc6041ec840ae01

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33f8eba107d153b349955652d1d0f853

      SHA1

      f7c13cb08e2efb41445c7a9896f768181e62ff9c

      SHA256

      42a2f70a77f62fc3a065f4097a94834687dfb19d2098dfd2ddced98ff757520b

      SHA512

      17259ea3afebbbca74499ea510b4ee67cd83a4e7f05b745eccdb65a662754f93c15423dd7061aea440a63e20b930e16aef973553ea06b7a02e5e5a20f1b821f0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6116e44c0be912091ae4cc82269535a4

      SHA1

      e4bc046ee3108cf4b9b55540bd8563be33d4cdc8

      SHA256

      3d0cf9d6ea58e8b0808a15506418188ad081eb876150faa08a3e889f1e59c36a

      SHA512

      cc9b4e5b4f3cf53a4a375fbc8862ecafcf5bb8a2d28aa17a10729890b99dd98e236cb1b6ce67888d23338c47148b2b1f80384934ddd9c2468ab6e90bf3a0008f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9
      Filesize

      402B

      MD5

      01523c559b9806f01ffb2b245e4c6454

      SHA1

      7ce5b290134cda8791b4cc9ede29a8fd3fc3458f

      SHA256

      d3fbe5eec272296c82beeb48ee24b51db6e4a7976bbd934a72752647631d0754

      SHA512

      403c8fa872e91de80f246980c7d348c8cb5a7ecfb6ae7759d40b50ea74bd3cead41d54ab3e07fc538fcb5f9ce526ade1cf6dd1d2696b0ca377d6ad38be5b4d9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{ABD64CF0-5001-4A17-B97A-99ABBC6CE97C}.jpg
      Filesize

      23KB

      MD5

      fd5fd28e41676618aac733b243ad54db

      SHA1

      b2d69ad6a2e22c30ef1806ac4f990790c3b44763

      SHA256

      a26544648ef8ceffad6c789a3677031be3c515918627d7c8f8e0587d3033c431

      SHA512

      4c32623796679be7066b719f231d08d24341784ecfd5d6461e8140379f5b394216e446865df56e05b5f1e36962c9d34d2b5041275366aeabcd606f4536217fe4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA44E.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA45E.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1700-562-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-563-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-564-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-566-0x000000001DC60000-0x000000001E268000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/1700-567-0x000000001E270000-0x000000001E3F4000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1700-568-0x000000001CB30000-0x000000001CBCE000-memory.dmp

      Filesize

      632KB

      Download

    • memory/1700-569-0x000000001EA40000-0x000000001EAF8000-memory.dmp

      Filesize

      736KB

      Download

    • memory/1700-570-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-571-0x000007FEF571E000-0x000007FEF571F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1700-575-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-592-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1700-561-0x000007FEF571E000-0x000007FEF571F000-memory.dmp

      Filesize

      4KB

      Download