Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

http://www.linkpictu...

windows7-x64

1

http://www.linkpictu...

windows10-2004-x64

1

Analysis

  • max time kernel
    67s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2022, 08:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.linkpicture.com/q/leg_4.png

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.linkpicture.com/q/leg_4.png
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1212

Network

  • flag-us
    DNS
    www.linkpicture.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.linkpicture.com
    IN A
    Response
    www.linkpicture.com
    IN A
    104.21.235.182
    www.linkpicture.com
    IN A
    104.21.235.181
  • flag-us
    GET
    http://www.linkpicture.com/q/leg_4.png
    IEXPLORE.EXE
    Remote address:
    104.21.235.182:80
    Request
    GET /q/leg_4.png HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.linkpicture.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 20 Sep 2022 08:45:53 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://www.linkpicture.com/q/leg_4.png
    Cache-Control: max-age=31536000
    CF-Cache-Status: HIT
    Age: 1
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxfqLMOrkG%2FS%2FYm3lnZsT7wRmLAI%2BYd2sh%2B23CVDQ97Qt1QhvLSr7wTzC6zrUa6Pk6jUv8sNtRsnKhMFLuEopK%2FRWQPZnd0YcD9vHOQQJ56yCk6MdIFiAShHuR7iuISrIQuDzv%2Bp"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 74d949997afeb776-AMS
  • flag-us
    GET
    https://www.linkpicture.com/q/leg_4.png
    IEXPLORE.EXE
    Remote address:
    104.21.235.182:443
    Request
    GET /q/leg_4.png HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.linkpicture.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 20 Sep 2022 08:45:54 GMT
    Content-Type: image/png
    Content-Length: 26231
    Connection: keep-alive
    Last-Modified: Thu, 16 Jun 2022 06:51:29 GMT
    ETag: "62aad2f1-6677"
    X-Powered-By: PleskLin
    Cache-Control: max-age=31536000
    CF-Cache-Status: MISS
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3EJxOA1l%2BvgnoD4WwRppRFJMXAAed4EglF%2FxVNJJQpPXSfJu0LqZ9FFpTfszyKouaCpBaBd1LcL5SY8VEJbpHyiIj3zq74YDYYDbNomyABLHXArYTCeNXBBhzxaQcSB9BymydjYm"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 74d9499ebf32b902-AMS
  • flag-us
    GET
    https://www.linkpicture.com/favicon.ico
    IEXPLORE.EXE
    Remote address:
    104.21.235.182:443
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.linkpicture.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 20 Sep 2022 08:45:56 GMT
    Content-Type: image/x-icon
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Sun, 13 Feb 2022 14:01:55 GMT
    ETag: W/"62090f53-1bb33"
    X-Powered-By: PleskLin
    Cache-Control: max-age=31536000
    CF-Cache-Status: HIT
    Age: 3801
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1AHoySgBLDVOXt1mCw7UAD8mHqamUAyuuhG2DG2WeDds6MhX2LaROayCLdMroRuNPdl1C2pClTpayXxH%2BworNlzlMCMTF%2FrjyT0cft8C4firv%2Fop2%2Fx2PJNyatZJhLgWKPXECG2"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 74d949a8d9c6b902-AMS
    Content-Encoding: gzip
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.85.1.163
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.85.1.163
  • 104.21.235.182:80
    http://www.linkpicture.com/q/leg_4.png
    http
    IEXPLORE.EXE
    541 B
     1.0kB
     6
    5

    HTTP Request

    GET http://www.linkpicture.com/q/leg_4.png

    HTTP Response

    301
  • 104.21.235.182:80
    www.linkpicture.com
    IEXPLORE.EXE
    466 B
     92 B
     10
    2
  • 104.21.235.182:443
    https://www.linkpicture.com/favicon.ico
    tls, http
    IEXPLORE.EXE
    2.5kB
     54.9kB
     36
    58

    HTTP Request

    GET https://www.linkpicture.com/q/leg_4.png

    HTTP Response

    200

    HTTP Request

    GET https://www.linkpicture.com/favicon.ico

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    707 B
     7.6kB
     8
    11
  • 8.8.8.8:53
    www.linkpicture.com
    dns
    IEXPLORE.EXE
    65 B
     97 B
     1
    1

    DNS Request

    www.linkpicture.com

    DNS Response

    104.21.235.182
    104.21.235.181

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.85.1.163

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.85.1.163

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    e81e194020821c7d89fc797a341912b4

    SHA1

    c6c50830ff3910f5007327e9f190d5c323c0a425

    SHA256

    b9c30c24833efd0f6f0c207ef0b771690688d8dec47010415bd4fb67b2590ec1

    SHA512

    1fe8c21a61aef2cebd339c324cf772f9d53afa150b2a6c59d1e84b5f273d9029f166884dbb30080d0c733cff86eca84f3f27fcd0bf052169e56d6e6fc1d5250d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
    Filesize

    115KB

    MD5

    09db9b21c41eb0e8a9a64477c74859e5

    SHA1

    471408b5fd2f8359923b5c19a349dfa658a0c497

    SHA256

    cf2707e7a5971efe2ffb1f4a8be68e7d364f2bf90b455c04ca717fd2e28ca64a

    SHA512

    0590c7bb3188c521326aab808145bdfec2a947514786f7b090ac732ca16a24f27c29c0f988fe66151ca8bf0d19e5a69f88f8dc41650bfaf675d1be28bee95887

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XA6CA745.txt
    Filesize

    603B

    MD5

    3de63a19a5cd6dcf02f42de45c495836

    SHA1

    cbafb8877341f3f87eba8976a62920711df317dd

    SHA256

    4a180a67a61c422bbce3b96d5e7dfebe38231eae8af04c0ca7579c2ac72efd7b

    SHA512

    37861322e89d7a2d7a2a26eb350f2a79ea6c4b8647202d8e4f01ce51525e190e0138cbf281213d56bff0884e84069f4a2a9c1ede0f79180f8cba177f6c2af98c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.