Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://hommages-file...

windows10-1703-x64

1

Analysis

  • max time kernel
    71s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/04/2023, 18:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hommages-files.sos-ch-gva-2.exo.io/s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://hommages-files.sos-ch-gva-2.exo.io/s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2604

Network

  • flag-us
    DNS
    hommages-files.sos-ch-gva-2.exo.io
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    hommages-files.sos-ch-gva-2.exo.io
    IN A
    Response
    hommages-files.sos-ch-gva-2.exo.io
    IN CNAME
    lb-ch-gva-2.exo.io
    lb-ch-gva-2.exo.io
    IN A
    194.182.160.205
  • flag-ch
    GET
    http://hommages-files.sos-ch-gva-2.exo.io/s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg
    IEXPLORE.EXE
    Remote address:
    194.182.160.205:80
    Request
    GET /s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: hommages-files.sos-ch-gva-2.exo.io
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    server: nginx
    date: Mon, 24 Apr 2023 18:51:03 GMT
    content-type: image/jpeg
    content-length: 70259
    x-amzn-request-id: e5a32cd1-190e-4cde-ab6c-ca67928a6f45
    x-amz-bucket-region: ch-gva-2
    accept-ranges: bytes
    etag: "7fe96e0dd44aba5328142ed0f1abcd93"
    x-amz-request-id: e5a32cd1-190e-4cde-ab6c-ca67928a6f45
    last-modified: Fri, 21 Apr 2023 05:06:41 GMT
    x-amz-id-2: e5a32cd1-190e-4cde-ab6c-ca67928a6f45
  • flag-ch
    DNS
    IEXPLORE.EXE
    Remote address:
    194.182.160.205:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    DNS
    205.160.182.194.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.160.182.194.in-addr.arpa
    IN PTR
    Response
  • flag-ch
    GET
    http://hommages-files.sos-ch-gva-2.exo.io/favicon.ico
    iexplore.exe
    Remote address:
    194.182.160.205:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: hommages-files.sos-ch-gva-2.exo.io
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    server: nginx
    date: Mon, 24 Apr 2023 18:51:05 GMT
    content-type: application/xml
    transfer-encoding: chunked
    vary: Accept-Encoding
    x-amz-bucket-region: ch-gva-2
    x-amz-request-id: 64b72a01-39b9-42d8-a7b3-b4ac3cf8e1d4
    x-amzn-request-id: 64b72a01-39b9-42d8-a7b3-b4ac3cf8e1d4
    x-amz-id-2: 64b72a01-39b9-42d8-a7b3-b4ac3cf8e1d4
    content-encoding: gzip
  • flag-ch
    DNS
    iexplore.exe
    Remote address:
    194.182.160.205:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • GET
    https://ieonline.microsoft.com/ie/known_providers_download_v1.xml
    Request
    GET /ie/known_providers_download_v1.xml HTTP/2.0
    host: ieonline.microsoft.com
    accept: */*
    accept-language: en-US
    ua-cpu: AMD64
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    cookie: MUID=211C8C4A7B53625721209EF47A0463A8; _EDGE_V=1; MUIDB=211C8C4A7B53625721209EF47A0463A8
    Response
    HTTP/2.0 200
    cache-control: public, max-age=15552000
    content-length: 90518
    content-type: text/xml
    last-modified: Thu, 20 Feb 2020 01:30:24 GMT
    set-cookie: SUID=M; domain=.microsoft.com; expires=Tue, 25-Apr-2023 06:51:07 GMT; path=/; HttpOnly
    set-cookie: _EDGE_S=SID=29AA6DAD684F6833067A7F5069A2690F; domain=.microsoft.com; path=/; HttpOnly
    set-cookie: MUIDB=211C8C4A7B53625721209EF47A0463A8; expires=Sat, 18-May-2024 18:51:07 GMT; path=/; HttpOnly
    useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FB2ED5C1AF0B4861822E504EF3863547 Ref B: AMS04EDGE3420 Ref C: 2023-04-24T18:51:07Z
    date: Mon, 24 Apr 2023 18:51:07 GMT
  • flag-us
    DNS
    85.48.222.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.48.222.23.in-addr.arpa
    IN PTR
    Response
    85.48.222.23.in-addr.arpa
    IN PTR
    a23-222-48-85deploystaticakamaitechnologiescom
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    GET
    http://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    204.79.197.200:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.bing.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=15552000
    Content-Length: 4286
    Content-Type: image/x-icon
    Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
    X-Cache: TCP_HIT
    Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
    X-MSEdge-Ref: Ref A: CA2F465F6ABC43E5B28BCD4A33532947 Ref B: AMS04EDGE1717 Ref C: 2023-04-24T18:51:08Z
    Date: Mon, 24 Apr 2023 18:51:07 GMT
  • flag-us
    DNS
    200.232.18.117.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.232.18.117.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    62.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.85.1.163
  • flag-us
    DNS
    163.1.85.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.1.85.104.in-addr.arpa
    IN PTR
    Response
    163.1.85.104.in-addr.arpa
    IN PTR
    a104-85-1-163deploystaticakamaitechnologiescom
  • 194.182.160.205:80
    http://hommages-files.sos-ch-gva-2.exo.io/s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg
    http
    IEXPLORE.EXE
    3.3kB
     72.9kB
     64
    55

    HTTP Request

    GET http://hommages-files.sos-ch-gva-2.exo.io/s3fs-public/styles/scale_900h_img_fluid/public/pdf_archive/2023/04/BKC0663VID-A.pdf.jpeg

    HTTP Response

    200
  • 194.182.160.205:80
    hommages-files.sos-ch-gva-2.exo.io
    http
    IEXPLORE.EXE
    282 B
     365 B
     6
    3

    HTTP Response

    408
  • 194.182.160.205:80
    http://hommages-files.sos-ch-gva-2.exo.io/favicon.ico
    http
    iexplore.exe
    795 B
     631 B
     12
    3

    HTTP Request

    GET http://hommages-files.sos-ch-gva-2.exo.io/favicon.ico

    HTTP Response

    403
  • 194.182.160.205:80
    hommages-files.sos-ch-gva-2.exo.io
    http
    iexplore.exe
    282 B
     365 B
     6
    3

    HTTP Response

    408
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.3kB
     8.1kB
     17
    16
  • 204.79.197.200:80
    http://www.bing.com/favicon.ico
    http
    iexplore.exe
    543 B
     5.5kB
     7
    7

    HTTP Request

    GET http://www.bing.com/favicon.ico

    HTTP Response

    200
  • 204.79.197.200:80
    www.bing.com
    iexplore.exe
    144 B
     132 B
     3
    3
  • 51.11.192.49:443
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 8.8.8.8:53
    hommages-files.sos-ch-gva-2.exo.io
    dns
    iexplore.exe
    80 B
     122 B
     1
    1

    DNS Request

    hommages-files.sos-ch-gva-2.exo.io

    DNS Response

    194.182.160.205

  • 8.8.8.8:53
    205.160.182.194.in-addr.arpa
    dns
    74 B
     137 B
     1
    1

    DNS Request

    205.160.182.194.in-addr.arpa

  • 8.8.8.8:53
    85.48.222.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    85.48.222.23.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    200.232.18.117.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    200.232.18.117.in-addr.arpa

  • 8.8.8.8:53
    62.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    62.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.85.1.163

  • 8.8.8.8:53
    163.1.85.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    163.1.85.104.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    d6b67afeb31f0d9bfe232166e8b300c5

    SHA1

    6ba1a534d40fea9302591aaee8fb6969bfa28e4b

    SHA256

    ab4f8d3ad2a02ad67059703fcb9c7ecd397d9abfce4b4cacdf7ecc11b4e37520

    SHA512

    62c9fc6797c263bf33c8f52d5d41ce276b3df2aaed6433d582987a607ae508f5389f86d5d8a63cc5715964623f5be08d5741ddd70a0fe18f0140eb314815c272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    d4c396e89235c726b13393ee1d1e6799

    SHA1

    437c9c5584f5921f82e8905eec15df5c1f8f01a2

    SHA256

    5a751c4d2db18bf6c1c3f18c9fb2def4a0dbb013efcd12f3698778fc2fb0b026

    SHA512

    0d32a0020295766169de880c6540884f03bd172b94f74568a1b20a2baaa1ef673c22bca84435e2803019011a7006385707d0a43e1d2e1370749e345d8080f5ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\480JMPRZ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\172ZTC6I.cookie
    Filesize

    244B

    MD5

    deb0467d26713d3abeb55e55934c5ba6

    SHA1

    ab5bf88aeac9ef1796df6e1bbc50a543ee5dcbaf

    SHA256

    172b6256d1bec606ae3fd9d130eff78c5a65e67507bab5bb8dcd9320c2a95325

    SHA512

    ccd10add0704b1a2f12da11012735904589de7f7404bdd3bc3d6eb7ae4065028a511be0ee1eecb5e43e0c00e097070a13fd4613bc6f0f9cdce6666959e89de1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OO55KSCH.cookie
    Filesize

    615B

    MD5

    23ad0fcfe43e95daf226afbbfe399d95

    SHA1

    d3be382fcbf1ffeb72a677cf2e1c4419577478ff

    SHA256

    0166234d41a17a0b1aa23b4a215a3163c26b4ca3b023efcd56dc023fdb3f3902

    SHA512

    a0f72643e9cec51d18aadd8c2bd0115196352e139f9045229b8d792a2859e370b0f6e61d15268a7702d3dd556465761bd2f147e4fc99896ef2df54558f473431

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\KnoDAC5.tmp
    Filesize

    88KB

    MD5

    002d5646771d31d1e7c57990cc020150

    SHA1

    a28ec731f9106c252f313cca349a68ef94ee3de9

    SHA256

    1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

    SHA512

    689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.