Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Internet E...rt.exe

windows10-2004-x64

1

Internet E...ms.dll

windows10-2004-x64

1

Internet E...pi.dll

windows10-2004-x64

1

Internet E...xe.dll

windows10-2004-x64

1

Internet E...xe.dll

windows10-2004-x64

1

Internet E...pi.dll

windows10-2004-x64

1

Internet E...md.exe

windows10-2004-x64

8

Internet E...al.exe

windows10-2004-x64

1

Internet E...il.exe

windows10-2004-x64

1

Internet E...re.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProgramFiles-InternetExplorer.zip

  • Size

    1.2MB

  • Sample

    240930-1t4lcaxbjk

  • MD5

    bdb68edbee363ba44a2bff282a460315

  • SHA1

    8ff6384b39eae49acfaaa1808bdfc3e848897f94

  • SHA256

    fcc272c17085628dc108426a9aeea8a55ecaf9a68c4756cbe7da7bbbda77aed9

  • SHA512

    3d12c884252f4c08b50ae706517e1c3c91f62df8e19dc8708204c82e3b854ca28576ab339b5d2fd5399b411e81b0bf499dd48bc8e6779e4463dba9ec9646ae99

  • SSDEEP

    24576:AcJwtxXGxlGQGEkkArYYNGSH5keTcjc9lY/3g0ld:tcxWdksYR5kvcXmld

Score
8/10
evasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      Internet Explorer/ExtExport.exe

    • Size

      76KB

    • MD5

      c4aa487da24bd163dc1334a84bfc3499

    • SHA1

      b29340084325335d73b772bcaf81ae76b647b55a

    • SHA256

      1fe38ea67210ae791c311f356c0e624c003ff8bb9c03a43493926063db68ea47

    • SHA512

      5eadcae6b8e00fc5b225f12c7192b11d11c67f436e84476bc5863160e397f86ae2ffc1de1781688efd868b963f6d319b6e0959a8aad8ee4283cefa90178ed9a7

    • SSDEEP

      1536:67lSsgcrAKzsVm9+RBb7Phz2Jh4Q4C5Mv3+3xbKZ/nMsQt1TZ/IIKoNKC:6BSsghm9oBb1Ab5Mv3+3xbKZ/nMsQt1d

    Score
    1/10
    behavioral1

    • Target

      Internet Explorer/IEShims.dll

    • Size

      404KB

    • MD5

      6cce317afc359b4f1ea6faf6e155942b

    • SHA1

      8661ac1abede81598a54ab68eb9b97122bf27a63

    • SHA256

      13d4104bf3b1dbaaa88b8f45dfcf654602bb832cc46d537ed81d0a5a19cb462c

    • SHA512

      47bef5854fc3b20d78c31985cc05386070552d94e851ca87fab4e21cdd1d3edd511dc474ade3493bf5eef35ecf671552d5e50214e91210ee64db1c4aa6f533a8

    • SSDEEP

      12288:L7//WVyo2/wU8F36nyUXG/9PJdToDbHoDynIx665vyhI/xnb5q:3/WVynXeXoHVIxsKV5q

    Score
    1/10
    behavioral2

    • Target

      Internet Explorer/en-US/hmmapi.dll.mui

    • Size

      2KB

    • MD5

      7dd2adbbab379d64472a66856d4b4603

    • SHA1

      0fdfc479ac805dd0188fab149e14117216b604ee

    • SHA256

      d69d564944a5bc327040c8b43c9346cbc4977da0aff53cdf341cc8c04f22cfde

    • SHA512

      c48256e777bea1490dd844670fb51dba7eba67cb193aa15de93facd21e222ae4e0227641aa9d374d114b3ddca371ce71c22020e6d43440f21ce6df11ffc59d72

    Score
    1/10
    behavioral3

    • Target

      Internet Explorer/en-US/ieinstal.exe.mui

    • Size

      2KB

    • MD5

      c9638bed3a75031437e54791e3a48ddc

    • SHA1

      553a5d955044dc08987132bb9c45f1d92c324c71

    • SHA256

      fbeb34c4c9871c0b91bc25fe7c219ab306dc478c2f8168601585e490df5987d9

    • SHA512

      3488cfe051d038442e84fab9c8b717d310359e7067f99087338ebb335b3556ae2d0ae3da5e4de476ddda5caf9c171eeb00de0e142a04325482a9e1b4ca4a8008

    Score
    1/10
    behavioral4

    • Target

      Internet Explorer/en-US/iexplore.exe.mui

    • Size

      5KB

    • MD5

      f4b963176178ffe320cf52ce654543b0

    • SHA1

      0cc8d10129e807ba1ed883fe56e93ae65d1ac31d

    • SHA256

      475b9371c25a90a079829ad19c140936c6a7b65e49d2c35483550f51ef9258c1

    • SHA512

      5a3e10293d0237d04eccff45057c9c40e2a707f9949b1dccbef215f08a1a9bc2469219e563881871c98b23ee71bf678a37059bc80a4b1feb11975c783e12e4ed

    • SSDEEP

      96:7+OvzvrZvX7vRvJvm2CPv535SvTvFtSZkSckbmg9A+z5EWzv3lbvvilWzvUJJivF:CoUTYSZkSckCg9AWaWJMWuA

    Score
    1/10
    behavioral5

    • Target

      Internet Explorer/hmmapi.dll

    • Size

      72KB

    • MD5

      a6791fce70861402b266f78d11cde1c4

    • SHA1

      b69aaeaa7c639fa4e1a70ef3439905b09c9398ce

    • SHA256

      d085a7af252c7c755c2420fa57cfdb0a8a5a8bbb86083824ad39658d3fc169c2

    • SHA512

      b66cbd58c99973c3af0c007ec27e783d99c956b0080ec51c4cbe346d34184f24f47a145c7f4fc583a0e769088db29baf38f9635d4bb09489508192376132a203

    • SSDEEP

      768:HNzxjGIvFzqZhPb4tVLbmAVcp+uWkCZJMj0O6LvOFKrdjciUw0n:BxVohPb4bmmcp+uWk1

    Score
    1/10
    behavioral6

    • Target

      Internet Explorer/iediagcmd.exe

    • Size

      528KB

    • MD5

      e7276e0f11dc763ee18dedfc7ee31b7c

    • SHA1

      da3e7ccf857aa0a19921b2f45d33269d41d7e513

    • SHA256

      0ec05d16b1ae0b2362e521902796c32ac9cd3cbbb05e56b564902229a32297a0

    • SHA512

      a028275679b84c886144640b7e6e35e3a0ec0d747995a002d3859938d2b37f16f86a36b621894be1376e77a6bf176828e0795c8f9e90d571866a868906bf74c7

    • SSDEEP

      6144:kkZIE1d78DBfKJcfh2mq1Zi2H2vAwP5gZpOZ1INeWe9Rlvm/JTIbvzKJcfh2m213:kk7ADBfpq1Zi2HOKOXIwgT8p21ZZ

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Drops file in System32 directory

    behavioral7

    • Target

      Internet Explorer/ieinstal.exe

    • Size

      312KB

    • MD5

      a668c9a57da75a0e7dc48469c43bc7bc

    • SHA1

      451d099f31cb05182c3c2420730c9a2589631830

    • SHA256

      9c8bd8f6df41ab822daf60a9c19b480a6f0658679fb2840add7ba848d0b09d77

    • SHA512

      8b99b903ce0890887c449dae1fe396a91f300d8d07aa1258c47fe02538b312482cf3dafad73f515e32cad957174aeee57fb57400fda144b51fd110afaea110f4

    • SSDEEP

      6144:RtmCQirKzRZieplF1XYw1rOt9pdYamXnrdbMKw:RtmZpZxlz5OLpdNIrd4D

    Score
    1/10
    behavioral8

    • Target

      Internet Explorer/ielowutil.exe

    • Size

      236KB

    • MD5

      345a3218f42c765156107c973fd3bcb6

    • SHA1

      7118553bbbfb3c6e63d5be8daa936c17fe2ebdbb

    • SHA256

      afe0c1ba99035a3e3645ccf581bbdc3e7faf050cabd2d6d52893162ae1d11da9

    • SHA512

      4c7a0130eb25b82959f1b139e431f2334a489d404d4dfda56acd27b00dec55f8ced37443601adcc5960f1b8212d57c101ee0489293d5288ec796222c04bde9ba

    • SSDEEP

      3072:sdstD7trOt9pfslMYO9mXn9H0LeinObM6gZy5ChoTiQ:sdw1rOt9pdYamXnrdbMKw

    Score
    1/10
    behavioral9

    • Target

      Internet Explorer/iexplore.exe

    • Size

      825KB

    • MD5

      73bd1403d5633a6017b911d8206fef6e

    • SHA1

      2f76a7b71ae4f5c7795b48416dd651d36243bbda

    • SHA256

      c7d4328a3de87b9001a1ca639b2da685824ece8d08d54a0f17a4321ee64cc7e0

    • SHA512

      5a0dee26efedfc9eff5ddc52c9b40f499f19cbe6828c856c7489b9188e1f85df0bb7f6f571c6b3c2d152a2b1f70e425f2ff0fd2dd45202851f3e227c86103cde

    • SSDEEP

      24576:cl4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVMI:cLMMHMMMvMMZMMMlmMMMiMMMYJMMHMMJ

    Score
    3/10
    evasiontrojan
    behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks