Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://cbjqbkacuxjw....

windows10-2004-x64

1

Analysis

  • max time kernel
    5s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 16:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://cbjqbkacuxjw.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cbjqbkacuxjw.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942869758,0x7ff942869768,0x7ff942869778
      2⤵
        PID:5088
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:2
        2⤵
          PID:768
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:8
          2⤵
            PID:3716
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:8
            2⤵
              PID:3672
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:1
              2⤵
                PID:2792
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:1
                2⤵
                  PID:4720
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:8
                  2⤵
                    PID:2820
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1984,i,9062433923050640647,1626494268004898885,131072 /prefetch:8
                    2⤵
                      PID:4388
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:5104

                    Network

                    • flag-us
                      DNS
                      8.8.8.8.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      8.8.8.8.in-addr.arpa
                      IN PTR
                      Response
                      8.8.8.8.in-addr.arpa
                      IN PTR
                      dnsgoogle
                    • flag-us
                      DNS
                      75.159.190.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      75.159.190.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      2.136.104.51.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      2.136.104.51.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      95.221.229.192.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      95.221.229.192.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      8.3.197.209.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      8.3.197.209.in-addr.arpa
                      IN PTR
                      Response
                      8.3.197.209.in-addr.arpa
                      IN PTR
                      vip0x008map2sslhwcdnnet
                    • flag-us
                      DNS
                      241.154.82.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      241.154.82.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      cbjqbkacuxjw.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      cbjqbkacuxjw.com
                      IN A
                      Response
                      cbjqbkacuxjw.com
                      IN A
                      216.21.13.14
                      cbjqbkacuxjw.com
                      IN A
                      216.21.13.15
                    • flag-us
                      GET
                      http://cbjqbkacuxjw.com/
                      chrome.exe
                      Remote address:
                      216.21.13.14:80
                      Request
                      GET / HTTP/1.1
                      Host: cbjqbkacuxjw.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Response
                      HTTP/1.1 200 OK
                      Connection: Keep-Alive
                      Keep-Alive: timeout=5, max=100
                      content-type: text/html; charset=UTF-8
                      content-length: 0
                      date: Tue, 03 Oct 2023 16:12:42 GMT
                    • flag-us
                      GET
                      http://cbjqbkacuxjw.com/favicon.ico
                      chrome.exe
                      Remote address:
                      216.21.13.14:80
                      Request
                      GET /favicon.ico HTTP/1.1
                      Host: cbjqbkacuxjw.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Referer: http://cbjqbkacuxjw.com/
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Response
                      HTTP/1.1 404 Not Found
                      Connection: Keep-Alive
                      Keep-Alive: timeout=5, max=100
                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                      pragma: no-cache
                      content-type: text/html
                      content-length: 708
                      date: Tue, 03 Oct 2023 16:12:42 GMT
                    • flag-us
                      DNS
                      234.168.217.172.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      234.168.217.172.in-addr.arpa
                      IN PTR
                      Response
                      234.168.217.172.in-addr.arpa
                      IN PTR
                      ams15s40-in-f101e100net
                    • flag-us
                      DNS
                      14.13.21.216.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      14.13.21.216.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      41.110.16.96.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      41.110.16.96.in-addr.arpa
                      IN PTR
                      Response
                      41.110.16.96.in-addr.arpa
                      IN PTR
                      a96-16-110-41deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      59.128.231.4.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      59.128.231.4.in-addr.arpa
                      IN PTR
                      Response
                    • 216.21.13.14:80
                      http://cbjqbkacuxjw.com/favicon.ico
                      http
                      chrome.exe
                      1.1kB
                       1.3kB
                       6
                      3

                      HTTP Request

                      GET http://cbjqbkacuxjw.com/

                      HTTP Response

                      200

                      HTTP Request

                      GET http://cbjqbkacuxjw.com/favicon.ico

                      HTTP Response

                      404
                    • 216.21.13.14:80
                      cbjqbkacuxjw.com
                      chrome.exe
                      98 B
                       52 B
                       2
                      1
                    • 8.8.8.8:53
                      8.8.8.8.in-addr.arpa
                      dns
                      66 B
                       90 B
                       1
                      1

                      DNS Request

                      8.8.8.8.in-addr.arpa

                    • 8.8.8.8:53
                      75.159.190.20.in-addr.arpa
                      dns
                      72 B
                       158 B
                       1
                      1

                      DNS Request

                      75.159.190.20.in-addr.arpa

                    • 8.8.8.8:53
                      2.136.104.51.in-addr.arpa
                      dns
                      71 B
                       157 B
                       1
                      1

                      DNS Request

                      2.136.104.51.in-addr.arpa

                    • 8.8.8.8:53
                      95.221.229.192.in-addr.arpa
                      dns
                      73 B
                       144 B
                       1
                      1

                      DNS Request

                      95.221.229.192.in-addr.arpa

                    • 8.8.8.8:53
                      8.3.197.209.in-addr.arpa
                      dns
                      70 B
                       111 B
                       1
                      1

                      DNS Request

                      8.3.197.209.in-addr.arpa

                    • 8.8.8.8:53
                      241.154.82.20.in-addr.arpa
                      dns
                      72 B
                       158 B
                       1
                      1

                      DNS Request

                      241.154.82.20.in-addr.arpa

                    • 8.8.8.8:53
                      cbjqbkacuxjw.com
                      dns
                      chrome.exe
                      62 B
                       94 B
                       1
                      1

                      DNS Request

                      cbjqbkacuxjw.com

                      DNS Response

                      216.21.13.14
                      216.21.13.15

                    • 8.8.8.8:53
                      234.168.217.172.in-addr.arpa
                      dns
                      74 B
                       113 B
                       1
                      1

                      DNS Request

                      234.168.217.172.in-addr.arpa

                    • 8.8.8.8:53
                      14.13.21.216.in-addr.arpa
                      dns
                      71 B
                       120 B
                       1
                      1

                      DNS Request

                      14.13.21.216.in-addr.arpa

                    • 8.8.8.8:53
                      41.110.16.96.in-addr.arpa
                      dns
                      71 B
                       135 B
                       1
                      1

                      DNS Request

                      41.110.16.96.in-addr.arpa

                    • 8.8.8.8:53
                      59.128.231.4.in-addr.arpa
                      dns
                      71 B
                       157 B
                       1
                      1

                      DNS Request

                      59.128.231.4.in-addr.arpa

                    • 224.0.0.251:5353
                      chrome.exe
                      136 B
                       2

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                      Download Submit

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.