Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://qtrtransport...

windows10-2004-x64

1

Analysis

  • max time kernel
    84s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2023, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://qtrtransport.co.nz/online/service/brief.html

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://qtrtransport.co.nz/online/service/brief.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3076 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4368
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3c2946f8,0x7ffe3c294708,0x7ffe3c294718
      2⤵
        PID:1432
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3500
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:1608
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
            2⤵
              PID:2112
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              2⤵
                PID:3332
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                2⤵
                  PID:3616
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4433705654732309065,14819566986314016144,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                  2⤵
                    PID:4004
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3748

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    c21444748ba8f51ef6ef531f3b4e2f68

                    SHA1

                    af1907ff43ab2c03e0c05044017533cb6eafff5a

                    SHA256

                    9d80886561b2301975168964509698c1f96e0ec7515a553a34b6a78690065563

                    SHA512

                    bbb8f887d412ca48ea707315135687e5948bfd3f666b046a13a392aca9edb146d85c99516c4f8985c94e8ba777ca1b09a4fbea5358da72041424ed6334d2ed5a

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    404B

                    MD5

                    5b67f045784067a8b59e0351e590bcbf

                    SHA1

                    4a8d0e3144ed2272ab8b1073d416b4807e9789f2

                    SHA256

                    b1cc57f0e3d5167809f9bc61b6d9d08ce1b8ad5049a3ed5300e2788d0224a214

                    SHA512

                    c21ad8a513ede4ce20a48fc41ce48e7346e3674ff011498557cb18659d250229521f97bcf452c512d94a062bdce271263b6ac0e4eb53b8be994aa75a05a20eb0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5b3c3eac-b2cb-48a2-9a54-46e5d3ef95d1.tmp
                    Filesize

                    12KB

                    MD5

                    190044f7b250f9a6732c6313beeb9f14

                    SHA1

                    331af125fb9ea4e1e1b8e569d095ac54ac0d9685

                    SHA256

                    cb863c0f0ee932e64a3c6932bf6997c2fef1e8e32b001bc97291f14e2f1fa7ac

                    SHA512

                    100750d7c4f1f4f889ebd05144ca361a4a477918ff99e698e1cd260fd8d5fa78ce14c86acbe06d449c1624d054b1902338593424087718a9a959737a0609c0fc

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    aaeb1f5e097ab38083674077b84b8ed6

                    SHA1

                    7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

                    SHA256

                    1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

                    SHA512

                    130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    1db53baf44edd6b1bc2b7576e2f01e12

                    SHA1

                    e35739fa87978775dcb3d8df5c8d2063631fa8df

                    SHA256

                    0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

                    SHA512

                    84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                    Filesize

                    70KB

                    MD5

                    e5e3377341056643b0494b6842c0b544

                    SHA1

                    d53fd8e256ec9d5cef8ef5387872e544a2df9108

                    SHA256

                    e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                    SHA512

                    83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    111B

                    MD5

                    285252a2f6327d41eab203dc2f402c67

                    SHA1

                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                    SHA256

                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                    SHA512

                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    4KB

                    MD5

                    7f944dac57557fe5867c6be79c1cc60f

                    SHA1

                    595a612bc6030e7bbff48b58347281d971d8b2c5

                    SHA256

                    daece078a6160511deb0675e754140535ad966bec7a110b55a49813839df8d2b

                    SHA512

                    04f78a4e87cab1a7f5436722f9d0af8203660028ac3719fba792893b70e0da63ef67488df4c2730077a7221c09e70a9b1a89b7dbd9c0143624e8e8e42936dc8c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    2d5a0dad2101921fc7c430aca142ae81

                    SHA1

                    9580761a1499456b6032a0daa055a272ebe7d035

                    SHA256

                    d1a94cc723e235b5fe9673d16076faef70357a3dc58928e9001538d54bcd1cc5

                    SHA512

                    414dc9465794c1285194bcee8cd857648bfb98779e1b371ffec7855a33a1dd6a08af2994071c9baf0a64da08764484f84da6f1876dc1c5fe09e66236d5469518

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    e4e52714ef3ba6c897d463b7a6025e7e

                    SHA1

                    c7f35e2d349cfcf8a71f29a330f203dfb6fec9f2

                    SHA256

                    ac6b1734026928b59724610ca66235e103d44dd19f8eede98bbb7640c3e6c1f4

                    SHA512

                    57bfba702577836354fca5f810ba2cdbf2eba5770c9bf2a8b634b12678b35de3493d83689e2c0a490a986c3ed28da64db8a2e1c9a271a6157e0e2764230eb422

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    47e94a96372e6f095b8a3fd7edc48ec0

                    SHA1

                    377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

                    SHA256

                    15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

                    SHA512

                    5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    24KB

                    MD5

                    3d874cbf2372e29aa7bde5be5e1db4b3

                    SHA1

                    a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

                    SHA256

                    84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

                    SHA512

                    8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                    Filesize

                    41B

                    MD5

                    5af87dfd673ba2115e2fcf5cfdb727ab

                    SHA1

                    d5b5bbf396dc291274584ef71f444f420b6056f1

                    SHA256

                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                    SHA512

                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                    Filesize

                    16B

                    MD5

                    46295cac801e5d4857d09837238a6394

                    SHA1

                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                    SHA256

                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                    SHA512

                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    9KB

                    MD5

                    a5ae8597637bf498992b761261cd759a

                    SHA1

                    956efbe416f782d5157c56c4a1fc507843a5a2a7

                    SHA256

                    d608c42c7fddd6f95c6723079e086b7be5df625a697d956e9b1bf09f02bd6bb1

                    SHA512

                    8343601bbdcbcaee87765ca19a42ccdefb2d7329a2e35ec12e8245ecc346a8e2a2db2c5d05cfe94c0b4c71cbc532cb082ec1873f5d74ac8037ce158fb8d56189

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
                    Filesize

                    4KB

                    MD5

                    c3e03820ce2ab32c03f80df90bbfd82f

                    SHA1

                    bbea090a15e82c8a9c15da0f6b9c86380c724615

                    SHA256

                    b566008c4e937441465c5bf43674f903bdfc3f65a6154e69ca3bfc6047890552

                    SHA512

                    21973d95a958b14db40df3ff0ae53b45c8d64aaffb75d45bcaa7c1843e1c071230794cae86e2d2ec22e465e0e59ce37cd16877de33c85eb333a1cab735ee5bb2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\favicon-150x150[1].png
                    Filesize

                    4KB

                    MD5

                    c8559e608d2c2e858d5120480279e6c3

                    SHA1

                    38d2add4b89eb9131f5c86e3d4831b10a26e17f3

                    SHA256

                    7f86baa4536715f7c0490c09aa674d6a933f7623028288c068354cf809529dfe

                    SHA512

                    8b4dc836fa4a77978367f66aadde23363b0482d60fcf626351aac24786c5c966afc67b7e7346dccddba2a6999e883dcb57f71c32d50cd31b63e2ecbd2ee6f6ff

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\suggestions[1].en-US
                    Filesize

                    17KB

                    MD5

                    5a34cb996293fde2cb7a4ac89587393a

                    SHA1

                    3c96c993500690d1a77873cd62bc639b3a10653f

                    SHA256

                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                    SHA512

                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\home[2].json
                    Filesize

                    57B

                    MD5

                    95a083bd5e22155781126aa1be794748

                    SHA1

                    9425fdfee3dc63c5f21ff3f614446d02a0b0c831

                    SHA256

                    5dd1d0a3f860d4070e9b4fd68bdf9fca073af0172cb6648a2879f8394d6ccfbb

                    SHA512

                    3ee0d8b441ff819f34ddb9ee1e74cc08706d5901556583342efca9e68c9602147d950b8fee0daf8f3e8382e06afe4e70115f8a097e573e611cebbf7c924057f5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
                    Filesize

                    2KB

                    MD5

                    3f6b77048f19624492463bbc92ea550c

                    SHA1

                    86059335ef23d9627f0f1a04c5180129f80df98d

                    SHA256

                    d39743eca7c2602aa9b23a97894ae4779302ea8d79f38a279481294fbc51af75

                    SHA512

                    669b85f3e3fdeb8d30a5b5e5372af8f52ece254c7f3029bed080c06ef3f14694800faa2cf2ad05e6fc78350edd06782a9248fc2bc64b2fd1c7d1fa423165739a

                    Download Submit