Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

1

http://l.contentsqua...

windows7-x64

1

http://l.contentsqua...

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2022, 15:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://l.contentsquare.net

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://l.contentsquare.net
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4928

Network

  • flag-us
    DNS
    l.contentsquare.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    l.contentsquare.net
    IN A
    Response
    l.contentsquare.net
    IN A
    54.76.111.221
    l.contentsquare.net
    IN A
    52.19.244.129
    l.contentsquare.net
    IN A
    54.194.48.226
  • flag-ie
    GET
    http://l.contentsquare.net/
    IEXPLORE.EXE
    Remote address:
    54.76.111.221:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: l.contentsquare.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 07 Oct 2022 15:34:22 GMT
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 42
    Connection: keep-alive
  • 54.76.111.221:80
    http://l.contentsquare.net/
    http
    IEXPLORE.EXE
    542 B
     402 B
     6
    5

    HTTP Request

    GET http://l.contentsquare.net/

    HTTP Response

    404
  • 54.76.111.221:80
    l.contentsquare.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 13.69.239.74:443
    322 B
     7
  • 8.247.211.254:80
    322 B
     7
  • 8.247.211.254:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.247.211.254:80
    322 B
     7
  • 8.247.211.254:80
    322 B
     7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
     8.1kB
     15
    14
  • 8.8.8.8:53
    l.contentsquare.net
    dns
    IEXPLORE.EXE
    65 B
     113 B
     1
    1

    DNS Request

    l.contentsquare.net

    DNS Response

    54.76.111.221
    52.19.244.129
    54.194.48.226

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    50e10d0c1d47ed3dad34cfcd6a9d764c

    SHA1

    7ccc215400c6c89e794dcf3b8d7b7ed006e94fec

    SHA256

    4e194f75beef2d97e3b4e3fdf4a49b5ce0b5f7f112097d3093b33d257b2912a3

    SHA512

    7f67c1ac984e0f2de6cb3e12fe856a86a0e6f1d690ad668fa11c94932c5846f12008fc375187e0c93f40026613096184e36aa4804896f736aeb1bec27fb265aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    b647b8122ceda037de2a7e3d3fd1b3db

    SHA1

    e31d833c7062763fdc7d2b5720f349f056ce9ae2

    SHA256

    fdab599c42c0a74da322cc242272f41ff7c6f79c70f8575adbbef34b1b9cc597

    SHA512

    dedfed8a8903b93d455daebfeccf34a73d030be12731491c3f10af95a0745be18a56bfea76e85cced48194f6b3285d46bfce48e57aa11c1e4072dd9a2970b87e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.