Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

http://your.bestones...

windows7-x64

1

http://your.bestones...

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/12/2022, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://your.bestoneshark.one/41d1365540a389e.png

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://your.bestoneshark.one/41d1365540a389e.png
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2524

Network

  • flag-unknown
    DNS
    your.bestoneshark.one
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    your.bestoneshark.one
    IN A
    Response
    your.bestoneshark.one
    IN A
    178.17.170.110
  • flag-unknown
    GET
    http://your.bestoneshark.one/41d1365540a389e.png
    IEXPLORE.EXE
    Remote address:
    178.17.170.110:80
    Request
    GET /41d1365540a389e.png HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: your.bestoneshark.one
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 28 Dec 2022 14:38:14 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
    X-Powered-By: PHP/7.1.33
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: image/png
  • flag-unknown
    GET
    http://your.bestoneshark.one/favicon.ico
    IEXPLORE.EXE
    Remote address:
    178.17.170.110:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: your.bestoneshark.one
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 28 Dec 2022 14:38:17 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
    Last-Modified: Thu, 11 Aug 2016 03:38:52 GMT
    ETag: "2fe-539c3812a6b00"
    Accept-Ranges: bytes
    Content-Length: 766
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: image/vnd.microsoft.icon
  • 93.184.221.240:80
    260 B
     5
  • 93.184.220.29:80
    322 B
     7
  • 95.101.78.82:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 178.17.170.110:80
    http://your.bestoneshark.one/favicon.ico
    http
    IEXPLORE.EXE
    5.8kB
     145.4kB
     116
    108

    HTTP Request

    GET http://your.bestoneshark.one/41d1365540a389e.png

    HTTP Response

    200

    HTTP Request

    GET http://your.bestoneshark.one/favicon.ico

    HTTP Response

    200
  • 178.17.170.110:80
    your.bestoneshark.one
    IEXPLORE.EXE
    242 B
     184 B
     5
    4
  • 93.184.220.29:80
    iexplore.exe
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
     8.1kB
     15
    14
  • 8.8.8.8:53
    your.bestoneshark.one
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    your.bestoneshark.one

    DNS Response

    178.17.170.110

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
    Filesize

    892B

    MD5

    db4e47ca6cfebe78b0099fe77532ff18

    SHA1

    b6fd666ac7cd748396bb28bcdda61321f426cef4

    SHA256

    b12bfed07866d9585c7a45a60022701e02faaa82c487d12849e4e279746c010f

    SHA512

    a51979e9f7ae0002807ffe5948dd1c638da7cdd447f4b78daca85ade6bb566bd361066b34d60e9006b804fc6fb9a86530f1ce52c47ebb4ecc450aa9228633588

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.