Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

1

https://www.uops-uet...

windows7-x64

1

https://www.uops-uet...

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2022, 17:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.uops-uetdniu.us

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.uops-uetdniu.us
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:952

Network

  • flag-us
    DNS
    www.uops-uetdniu.us
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.uops-uetdniu.us
    IN A
    Response
    www.uops-uetdniu.us
    IN A
    23.224.198.142
  • flag-us
    GET
    https://www.uops-uetdniu.us/
    IEXPLORE.EXE
    Remote address:
    23.224.198.142:443
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.uops-uetdniu.us
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 09 Sep 2022 17:02:20 GMT
    Server: Apache
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Set-Cookie: PHPSESSID=i1h4l14bd1hmko4nigjook5vp7; path=/
    Set-Cookie: _amkc=aec68a73-9aa6-4f98-ac38-8fdf9def790e; expires=Fri, 09-Sep-2022 17:27:20 GMT; Max-Age=1500; path=/; domain=www.uops-uetdniu.us
    Set-Cookie: 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Fri, 09-Sep-2022 17:27:20 GMT; Max-Age=1500; path=/; domain=www.uops-uetdniu.us
    Upgrade: h2
    Connection: Upgrade, close
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 603
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    https://www.uops-uetdniu.us/favicon.ico
    IEXPLORE.EXE
    Remote address:
    23.224.198.142:443
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.uops-uetdniu.us
    Connection: Keep-Alive
    Cookie: PHPSESSID=i1h4l14bd1hmko4nigjook5vp7
    Response
    HTTP/1.1 200 OK
    Date: Fri, 09 Sep 2022 17:02:21 GMT
    Server: Apache
    Upgrade: h2
    Connection: Upgrade, close
    Last-Modified: Thu, 28 Jul 2022 07:08:08 GMT
    ETag: "47e-5e4d832172600-gzip"
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 817
    Content-Type: image/x-icon
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.16.53.139
    a1952.dscq.akamai.net
    IN A
    96.16.53.134
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.16.53.139
    a1952.dscq.akamai.net
    IN A
    96.16.53.134
  • flag-nl
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.16.53.139:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    Strict-Transport-Security: max-age=15768000
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Content-Security-Policy: default-src 'self' *.identrust.com
    Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
    ETag: "37d-5e1e6e25c9800"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Fri, 09 Sep 2022 18:02:19 GMT
    Date: Fri, 09 Sep 2022 17:02:19 GMT
    Connection: keep-alive
  • flag-nl
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.16.53.139:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    Strict-Transport-Security: max-age=15768000
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Content-Security-Policy: default-src 'self' *.identrust.com
    Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
    ETag: "37d-5e1e6e25c9800"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Fri, 09 Sep 2022 18:02:19 GMT
    Date: Fri, 09 Sep 2022 17:02:19 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.85.1.163
  • flag-us
    DNS
    api.bing.com
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 23.224.198.142:443
    https://www.uops-uetdniu.us/
    tls, http
    IEXPLORE.EXE
    1.2kB
     6.5kB
     13
    13

    HTTP Request

    GET https://www.uops-uetdniu.us/

    HTTP Response

    200
  • 23.224.198.142:443
    https://www.uops-uetdniu.us/favicon.ico
    tls, http
    IEXPLORE.EXE
    1.2kB
     6.3kB
     13
    12

    HTTP Request

    GET https://www.uops-uetdniu.us/favicon.ico

    HTTP Response

    200
  • 96.16.53.139:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
     1.6kB
     5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 96.16.53.139:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
     1.6kB
     5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    707 B
     7.6kB
     8
    11
  • 8.8.8.8:53
    www.uops-uetdniu.us
    dns
    IEXPLORE.EXE
    65 B
     81 B
     1
    1

    DNS Request

    www.uops-uetdniu.us

    DNS Response

    23.224.198.142

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.16.53.139
    96.16.53.134

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.16.53.139
    96.16.53.134

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.85.1.163

  • 8.8.8.8:53
    api.bing.com
    dns
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    6c6a24456559f305308cb1fb6c5486b3

    SHA1

    3273ac27d78572f16c3316732b9756ebc22cb6ed

    SHA256

    efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

    SHA512

    587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8b060c0d93584361c81aaeafd1b0af2

    SHA1

    0bf496f44322886bf65eb0542f709ba0f69a1a36

    SHA256

    e4061a3394b14a2acca79f41ae3ea7147df00394a814a8633d4abb94e39582a0

    SHA512

    be77f02af9cb70b43ba3e4ccd88acb421100d7df9d3ee6a472bd9f7ca2fb1339e17f0282e8f2be48f49509a0903792a31662ed498bad2278ae5fa42766da974b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    cf2d1ee20794f9b552a6a514bd0fefba

    SHA1

    b0a7ebcbc4a6217b2744cf539cca8595dcb8b373

    SHA256

    2e3338ab6967029f17350e1b062176d44629a821e174e06ca7157600bde55a9b

    SHA512

    9e886531c3da37fbca3a592017f4df19fa944f74c52391d7f9147701d014ffda37cc365225a9393643a71c263a83bbd32e06ad4a5863bcc37027b72628b6681a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X2CPD4I6.txt
    Filesize

    606B

    MD5

    1366582dd2ce30e5cddc4f6388613896

    SHA1

    4ca7d535aefbad1ede1f5f60ef6cd4d1495098f3

    SHA256

    5b71ecc374028da4d6b91df9ad90b26a2fda98e8231fe39c3111b6cf4ea49f5a

    SHA512

    ff48e05c0bdfe3671b23ddcadf29b9316a0a32a857a1af42d39e781f759453eb5135273085d15d13059b182696b7d9aefcba7245fef07a599cfe290737d75df8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.