Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Inv-219538.html

windows7-x64

6

Inv-219538.html

windows10-2004-x64

6

Analysis

  • max time kernel
    449s
  • max time network
    443s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inv-219538.html

  • Size

    1KB

  • MD5

    d2c58680078d63f3e37c529ab6a25e14

  • SHA1

    dd281da25eaac82c264a18b07aca1a431f3cafa8

  • SHA256

    469bee8515910670d8fc028bf9cc575036f000bf5d49a90e0245c1bebcaebd53

  • SHA512

    ead1dda7469a4a0faa6abfcf73d4ef2ba2a79b2222f258b1c0676d948c873e3c3516f4da834a3b138ffc516b73e4d61e0e7b7ec1e8eef9b61997cd64a3012575

Score
6/10
defense_evasiondiscovery

Malware Config

Signatures

  • System Binary Proxy Execution: Verclsid 1 TTPs 1 IoCs

    Adversaries may abuse Verclsid to proxy execution of malicious code.

    defense_evasion
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies registry class 44 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Inv-219538.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2324
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2456
    • C:\Windows\system32\verclsid.exe
      "C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
      1⤵
      • System Binary Proxy Execution: Verclsid
      PID:1716
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2140
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 0
      1⤵
        PID:2980
      • C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe
        "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" C:\Users\Admin\AppData\Local\Temp\Inv-219538.html
        1⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2172
        • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
          "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Inv-219538.html"
          2⤵
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2776
          • C:\Windows\splwow64.exe
            C:\Windows\splwow64.exe 12288
            3⤵
              PID:1688
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Inv-219538.html
          1⤵
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of WriteProcessMemory
          PID:1340
          • C:\Windows\system32\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Inv-219538.html
            2⤵
            • Modifies registry class
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            PID:1532

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b9e84f19bbbef6cee0707fb0fa198574

          SHA1

          328af2452015e1e85f5e46caa7af6ec62fc53647

          SHA256

          6b41ec5e6f9bea70b21b70a2e9de1519de626c0f7c5d8c6646b1eb5fd9d40049

          SHA512

          4035f57e90318514d065696bfb2be0781395e26ca9e08ad6a8312428339f9dbe183d0a848c6a16815ebc5f607d198e2cdb8d2fca84851f68af05ad62d71beb02

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0e36a1211b778589e03d33c7f150b7ee

          SHA1

          d17a077ee31237c297489931a8fa96c335b6d7f7

          SHA256

          9e69c83acc43dba239d67400a4392447ea24b7ed52356859a82bf019ba6fb1dd

          SHA512

          3fa6657a9496563c8d310402da1b1dac12384c42b3baaa2efb89c8643eac22249f94454c3e22865da08d7793b7362a8c24db217b75d889eaf02bc303c0535d0d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e27fc756a60ae1bd33a5472a1adef769

          SHA1

          e2e72b25340b8ea8f1f61a5760f91eef3f2783b3

          SHA256

          7b35620df310bd1353c5a034f110193387e60aa6828507aa7de7d6244bf2a325

          SHA512

          0b7d89cb1fb78770b24e2843fc4d00bb68275831bd4f93f537bd4d6df5ef18b18d7b10bf780128af56921265820745befb7ac5e5225645ade83b895d3f5ac30f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          31252a4e744b68f6d4539ffa856086a1

          SHA1

          7a7b4647fb9341043c8573bd0d59b6f61e4bce44

          SHA256

          48cee8d8b1a07e89b6e575271bcd3f2171d3cb4c696471a7dbb6d54674352149

          SHA512

          cc255f2785f95a608751bc0e418456fd2a3f7a2c5822fb60df80139ef6e03a5fd8b2e82b301bef5043f3aec6a439f7c5145eedf057409603dfbafff7a9fca11f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2412f949ea16f8eeadc18b338fe49f45

          SHA1

          99d53b2a6d382cd22c463ed0de0c60a27f691ee4

          SHA256

          dcf7284d69cc0367f9911b69714da58895d9866a167921df2c9c8945a04f93a9

          SHA512

          33a308f27ea0f130e68930244d54db71e63552a8b2329778ca5d5264259e8475e44d4da6e1cac30214e10d4d4d565018e2041886e221165f57ccae5ebcd39bdb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e55a789d6fc5da50ac0e36ed7c784c0c

          SHA1

          445ee82946abc4bbafbc2d6ae82a6bb5a5ad789e

          SHA256

          037d56c8ddea53da3e1f231235dcca192d2b1572fd092c2a3229137a302ad256

          SHA512

          d8764cfb9b04307bbbdb14710d49674fb11808f88c594f2613ca15f7a59c9f77d41bcc11f62e9327301daef160f4bdae0154626f1c1b96d65d4c52452ca0aecd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f97e9d0ea56461fc6e434de7b7ec42ad

          SHA1

          bcd4e93a8b9fc41d36722aacbedf53f4c6fc0cf1

          SHA256

          2aada3b37285608784b756827390b645dd76b3f012a1293a284e0bbd79cd750a

          SHA512

          08eb76a01fdb9d0ba6a5a0b249c26991d39d24faf9bb229badb3a7aaed91697e6cb6696ffa65be7a8405f0da3f009ee20fe2b5cb380d27a9a96bdf0f1fcb5683

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          25fecd1fe78ea8525988c1f5f778417a

          SHA1

          b70dad54924f3592621be18d005c89818253455c

          SHA256

          5e15165f6cf851eeed765784d239487e1ab7b170219392183ee90356d2ad8cd0

          SHA512

          56fceb89c6aacb403fc499d58d7126d58512817b38f44f9a5dc999ed706ba6eeed9e9df4b0653ef17e0ee21c118cd60e2f7532326b4ceb0d09d1a6a18e73441c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a989893d2dcf4ddca2a12d58ec008cba

          SHA1

          77f99b4323ca9a2a208d5a4e0ce72661e92000f9

          SHA256

          e9a862bfdbaf79a1be543daa2c1c97f094b42709c2af8281eb6b3b94821ca02b

          SHA512

          f81b985cec3e26e986211ad112fead73b4316ec0b21ba7f2dea254400be7fab6d31ad4c2a5d0736c919ac43969ec41d283743ac3e47b1a0a6b229d0a132ec256

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabE302.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarE372.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~DF6E6DD0316EB7B454.TMP
          Filesize

          16KB

          MD5

          da14b31eeb648b0c59712f846f039b37

          SHA1

          6a1bd4f6b89ded258e6b1872e3c46793f4524d85

          SHA256

          9e89ce8b243b7a1168f3a7472bb8809c1501d3d95d9168298b67e8cd6424f953

          SHA512

          235b575595f3c28310cad49657fdc7354d92b56ed3a7d8c6123d93994782f50ceaa0d8012b7e3de0ce214fe98c450a58b4e83e1341ad15ad8c8d8a6e01f52e7d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
          Filesize

          19KB

          MD5

          5a61ece784f5e773a1ec2ada8b733273

          SHA1

          6777d3fcf7f6c53bbc68cb94f5e53574496565f8

          SHA256

          02fccaf6aaf0ecc1a046c5608e7b6b2881a81be8d833d9323c424824a610e6be

          SHA512

          c7d4d79999835f76b4f748692e609af919644f98c8ab715266d6a9ca31fae5032f1c38710bf78c8ff6511a94b546d6715f474d9a9aa7103197be9b38ab10f728

          Download Submit

        • memory/1532-641-0x00000000043C0000-0x00000000043D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2776-633-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2776-661-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download