Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
10/08/2024, 20:29
240810-y92etawgrr 810/08/2024, 20:25
240810-y7nqyawgjq 810/08/2024, 20:24
240810-y64e1a1apf 810/08/2024, 20:23
240810-y589vswfmq 810/08/2024, 20:16
240810-y2crgswdqq 8Analysis
-
max time kernel
52s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 20:23
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nexuscreafilms.com/linoleum/braille/?GWdikZfzgM=bHVibGluLnByZW1pdW1AZm9jdXNob3RlbHMucGw=
Resource
win7-20240708-en
General
-
Target
https://nexuscreafilms.com/linoleum/braille/?GWdikZfzgM=bHVibGluLnByZW1pdW1AZm9jdXNob3RlbHMucGw=
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B6B49A1-5756-11EF-8893-6AA0EDE5A32F} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2692 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2692 iexplore.exe 2692 iexplore.exe 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2692 wrote to memory of 2192 2692 iexplore.exe 30 PID 2692 wrote to memory of 2192 2692 iexplore.exe 30 PID 2692 wrote to memory of 2192 2692 iexplore.exe 30 PID 2692 wrote to memory of 2192 2692 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://nexuscreafilms.com/linoleum/braille/?GWdikZfzgM=bHVibGluLnByZW1pdW1AZm9jdXNob3RlbHMucGw=1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2192
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd3d79eda786b6ec714ffd4c144e453e
SHA13e05c7af4b36c47b328577c3773fd2af7d3634b1
SHA2566f958cf7e802beaf35d8cb2a524bb90b2cd00dc4bb3600152f1babef346b30da
SHA512a8c435e9d35051f44ddf4bd669a7202158b6ccbdc7138b565a9865cb9284edfe2bd2ce42450e2cbb5f0379c85bd4e43e198edbbc3c5da04ecc07eb12dbb73b74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e54af3df91b7802099c3cdc262b3e991
SHA1413a5592a8025f5e9b3aa344ff32bd137c30a8e9
SHA256634e3cdf41ee955ba5dbce694cecadce41c426da0b521d69a7d81408d6d66b66
SHA51275ea6fc809d9ed0b4f59055f8f1fd339455b398f9386f81c8713cd9f49609241b55e2c776d5c4a182a85f1b7c633cca2031a13d1fbdf3e9cf0808e84f533c7f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df508bca0888c92f9b21a7fb17a5014a
SHA1d540d3bcbe2f7c0f737f44ef692ad209d05aaac6
SHA2566b913cf0b650e246dabf5108d1cd6e6b444bbc516cb28541da641957c0c36f84
SHA512fe7c1de6f2cb1852c19bf0bb3d15d6ec70c774d75ce413bd2419334f76d8a5c2cfbd1a95f1fb7362ecc85130482e6e1fb70e7036cbf65eb4bd5be8546f7e6178
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c38c61ad043a6e36290594f9b83b1df
SHA1a29299d8144ddda5d6e470c596366a4cc1eed84c
SHA256e5c2b1a8be81c9428467d2f275bd0a3cdd62fd785b1df4fb4a7a9132a236b8b6
SHA5123c03e1898a77f34885706244cb2fbc03254346409208c9af70b29cd379e2b53390064fec46949b33d581005ff89eb0254e9738593d1921f0eeab385ed86c0905
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535ba55eeabebed9287c22c6aa215d642
SHA10ec1e1e07a1f67309a3da5f11439f6e98b9b2b29
SHA25624aabae957a69e50005218844988245914edb088c267b8f13446909ceec2a2bd
SHA5129956cc0e1bb8fb3942b5bab5d12af51792ba20c92ca4df8da9ade9b7207c8a3a5bcea9693457599b90738d6b967f422e12b5d8ab728b262c46549b3e5050dd0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efd02c3dbfb0174f4f096356ee200391
SHA1f74816c243bf55c3861df1b839c67cf6198b4ea4
SHA2568fc56f8f32669b0b908ad4be3840fc96bd4750028f6a627ad6b3d4f45bdf3b49
SHA512d5c753dfd73f3a0512246f2614f530b31990ccfd9a7fa27ccdfbc2ae055c9c4883cf0bbe7c942853e375c73b375d751dab3921d9bbb99307c12b92c78c7c575e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b