Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

http://bit.ly/VCERem...

windows10-2004-x64

6

Analysis

  • max time kernel
    4s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2023, 12:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://bit.ly/VCERemastered

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://bit.ly/VCERemastered
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b6d9758,0x7ffb0b6d9768,0x7ffb0b6d9778
      2⤵
        PID:548
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:2
        2⤵
          PID:1336
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
          2⤵
            PID:1228
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
            2⤵
              PID:1724
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:1
              2⤵
                PID:4788
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:1
                2⤵
                  PID:2356
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                  2⤵
                    PID:4376
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4944 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                    2⤵
                      PID:740
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                      2⤵
                        PID:3724
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                        2⤵
                          PID:4740
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5444 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:1
                          2⤵
                            PID:3412
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                            2⤵
                              PID:2716
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:1
                              2⤵
                                PID:4304
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                                2⤵
                                  PID:1940
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                                  2⤵
                                    PID:4676
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                                    2⤵
                                      PID:4408
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1812,i,1680410617144627012,4838534494527321716,131072 /prefetch:8
                                      2⤵
                                        PID:4312
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:4392

                                      Network

                                      • flag-us
                                        DNS
                                        58.55.71.13.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        58.55.71.13.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        bit.ly
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        bit.ly
                                        IN A
                                        Response
                                        bit.ly
                                        IN A
                                        67.199.248.10
                                        bit.ly
                                        IN A
                                        67.199.248.11
                                      • flag-us
                                        GET
                                        http://bit.ly/VCERemastered
                                        chrome.exe
                                        Remote address:
                                        67.199.248.10:80
                                        Request
                                        GET /VCERemastered HTTP/1.1
                                        Host: bit.ly
                                        Connection: keep-alive
                                        Upgrade-Insecure-Requests: 1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Response
                                        HTTP/1.1 301 Moved Permanently
                                        Server: nginx
                                        Date: Tue, 07 Mar 2023 12:37:52 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Content-Length: 285
                                        Cache-Control: private, max-age=90
                                        Location: https://drive.google.com/u/0/uc?id=1Fkww3iSOS-U4ruThXj_AVjGOSwDx-6oK&export=download&confirm=t&uuid=cb6c95c5-23f2-41b5-96fa-c4021ac896ec&at=ALgDtsw6h72aezd6JOyaZRT3-6j1:1677969908829
                                        Set-Cookie: _bit=n27cBQ-966eec48ab37dd218b-00r; Domain=bit.ly; Expires=Sun, 03 Sep 2023 12:37:52 GMT
                                        Via: 1.1 google
                                      • flag-us
                                        DNS
                                        drive.google.com
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        drive.google.com
                                        IN A
                                        Response
                                        drive.google.com
                                        IN A
                                        142.251.36.46
                                      • flag-us
                                        DNS
                                        163.179.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        163.179.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        163.179.250.142.in-addr.arpa
                                        IN PTR
                                        ams15s41-in-f31e100net
                                      • flag-us
                                        DNS
                                        10.248.199.67.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        10.248.199.67.in-addr.arpa
                                        IN PTR
                                        Response
                                        10.248.199.67.in-addr.arpa
                                        IN PTR
                                        bitly
                                      • flag-us
                                        DNS
                                        46.36.251.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        46.36.251.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        46.36.251.142.in-addr.arpa
                                        IN PTR
                                        ams17s12-in-f141e100net
                                      • flag-us
                                        DNS
                                        doc-0s-18-docs.googleusercontent.com
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        doc-0s-18-docs.googleusercontent.com
                                        IN A
                                        Response
                                        doc-0s-18-docs.googleusercontent.com
                                        IN CNAME
                                        googlehosted.l.googleusercontent.com
                                        googlehosted.l.googleusercontent.com
                                        IN A
                                        142.250.179.193
                                      • flag-us
                                        DNS
                                        210.81.184.52.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        210.81.184.52.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        Remote address:
                                        8.8.8.8:53
                                        Response
                                        193.179.250.142.in-addr.arpa
                                        IN PTR
                                        ams15s42-in-f11e100net
                                      • flag-us
                                        DNS
                                        100.39.251.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        100.39.251.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        100.39.251.142.in-addr.arpa
                                        IN PTR
                                        ams15s48-in-f41e100net
                                      • flag-us
                                        DNS
                                        apis.google.com
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        apis.google.com
                                        IN A
                                        Response
                                        apis.google.com
                                        IN CNAME
                                        plus.l.google.com
                                        plus.l.google.com
                                        IN A
                                        172.217.168.206
                                      • flag-us
                                        DNS
                                        206.168.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        206.168.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        206.168.217.172.in-addr.arpa
                                        IN PTR
                                        ams16s32-in-f141e100net
                                      • 67.199.248.10:80
                                        http://bit.ly/VCERemastered
                                        http
                                        chrome.exe
                                        618 B
                                         913 B
                                         4
                                        3

                                        HTTP Request

                                        GET http://bit.ly/VCERemastered

                                        HTTP Response

                                        301
                                      • 67.199.248.10:80
                                        bit.ly
                                        chrome.exe
                                        98 B
                                         52 B
                                         2
                                        1
                                      • 142.251.36.46:443
                                        drive.google.com
                                        tls
                                        2.5kB
                                         10.4kB
                                         16
                                        21
                                      • 93.184.220.29:80
                                        276 B
                                         6
                                      • 93.184.220.29:80
                                        276 B
                                         6
                                      • 8.8.8.8:53
                                        58.55.71.13.in-addr.arpa
                                        dns
                                        70 B
                                         144 B
                                         1
                                        1

                                        DNS Request

                                        58.55.71.13.in-addr.arpa

                                      • 8.8.8.8:53
                                        bit.ly
                                        dns
                                        chrome.exe
                                        52 B
                                         84 B
                                         1
                                        1

                                        DNS Request

                                        bit.ly

                                        DNS Response

                                        67.199.248.10
                                        67.199.248.11

                                      • 8.8.8.8:53
                                        drive.google.com
                                        dns
                                        62 B
                                         78 B
                                         1
                                        1

                                        DNS Request

                                        drive.google.com

                                        DNS Response

                                        142.251.36.46

                                      • 142.251.36.46:443
                                        drive.google.com
                                        https
                                        2.9kB
                                         7.2kB
                                         6
                                        8
                                      • 8.8.8.8:53
                                        163.179.250.142.in-addr.arpa
                                        dns
                                        74 B
                                         112 B
                                         1
                                        1

                                        DNS Request

                                        163.179.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        10.248.199.67.in-addr.arpa
                                        dns
                                        72 B
                                         92 B
                                         1
                                        1

                                        DNS Request

                                        10.248.199.67.in-addr.arpa

                                      • 8.8.8.8:53
                                        46.36.251.142.in-addr.arpa
                                        dns
                                        72 B
                                         111 B
                                         1
                                        1

                                        DNS Request

                                        46.36.251.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        doc-0s-18-docs.googleusercontent.com
                                        dns
                                        82 B
                                         127 B
                                         1
                                        1

                                        DNS Request

                                        doc-0s-18-docs.googleusercontent.com

                                        DNS Response

                                        142.250.179.193

                                      • 142.250.179.193:443
                                        doc-0s-18-docs.googleusercontent.com
                                        https
                                        383.8kB
                                         37.0MB
                                         5480
                                        29185
                                      • 8.8.8.8:53
                                        210.81.184.52.in-addr.arpa
                                        dns
                                        72 B
                                         146 B
                                         1
                                        1

                                        DNS Request

                                        210.81.184.52.in-addr.arpa

                                      • 8.8.8.8:53
                                        dns
                                        112 B
                                         1
                                      • 224.0.0.251:5353
                                        136 B
                                         2
                                      • 8.8.8.8:53
                                        100.39.251.142.in-addr.arpa
                                        dns
                                        73 B
                                         111 B
                                         1
                                        1

                                        DNS Request

                                        100.39.251.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        apis.google.com
                                        dns
                                        61 B
                                         98 B
                                         1
                                        1

                                        DNS Request

                                        apis.google.com

                                        DNS Response

                                        172.217.168.206

                                      • 172.217.168.206:443
                                        apis.google.com
                                        https
                                        4.7kB
                                         47.8kB
                                         28
                                        42
                                      • 8.8.8.8:53
                                        206.168.217.172.in-addr.arpa
                                        dns
                                        74 B
                                         113 B
                                         1
                                        1

                                        DNS Request

                                        206.168.217.172.in-addr.arpa

                                      MITRE ATT&CK Enterprise v6

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        539B

                                        MD5

                                        6910a46cc5b46d9d9471a5eebca05013

                                        SHA1

                                        c8eb93671b311e2e8097b69d529e85bf8db5b918

                                        SHA256

                                        2f7ba30490d959c692f0c3d94e17cafc7d5a1e8f0baead922610f6e98b3efe1e

                                        SHA512

                                        b52766a77be2a0bf5cac1ce9ec5ede85f4382abd0324d328ff39585d4655685e0879a7ddeabb1382ba69081f06d06a8bcc04682b7ed91914cf06cd434cf4b789

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        80a9c038c9a4b010e8c48b393bcaa64f

                                        SHA1

                                        ce73296702a3ca7ea34487727cd3d04ed3c02140

                                        SHA256

                                        ddefb81557d7476a99fe6a544798e8e2764bb6afd9a4301cdf07333f006b0237

                                        SHA512

                                        b5a27272b83a0a6fbfe9f45d8d904bfaefa7732ddbe7322e2389179ee1717b52169e36b051db49012dbdaeb9444ff4f202242ef1d1df66be437e23e0313faf74

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        143KB

                                        MD5

                                        e9adccbc51ca4768ed6927d7ad30bd05

                                        SHA1

                                        2a233679223db911719e3259d3f090833456a0c0

                                        SHA256

                                        15b0a08df92de63206f77cd11cce3596b0d61e1b9a8600885720152d80dd11b7

                                        SHA512

                                        10c3da0dbe5a9070b39961093035d46a8ad443aadb2b821f1be08b3618ff984763a4b53311d8639843dd01b1db17e0f9de48c6ff8020107a113e9572f2f3b385

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit

                                      • C:\Users\Admin\Downloads\VCE Setup (x64).exe
                                        Filesize

                                        6.7MB

                                        MD5

                                        d412e3327b84ac68ae46fa630d5d8007

                                        SHA1

                                        08339516a2e5259d7980654a41ca24ee05e1e255

                                        SHA256

                                        7def8eda353da7150e935d8b1a57a2e8cbb6a4f458c1e773e1129c959e9a1f03

                                        SHA512

                                        5aefa4f2b25a8c15aa2d4c9986dbcd7759ce2bf28ec54dfa9f6a1213cf36474ed20fab889cee09f488181d2fe606033a3e78454b30f79ed821cd0afe387dd7c3

                                        Download Submit

                                      • memory/1336-137-0x00007FFB28EA0000-0x00007FFB28EA1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4312-201-0x00007FFB27BD0000-0x00007FFB27BD1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4408-203-0x00007FFB28230000-0x00007FFB28231000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      We care about your privacy.

                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.