Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://192.168.22.1...

windows10-2004-x64

1

Resubmissions

10/10/2023, 13:41 UTC

231010-qzd8jafg92 1

04/10/2023, 23:08 UTC

231004-24xq8ahe52 1

04/10/2023, 23:08 UTC

231004-24pqlsfe6z 1

03/10/2023, 20:52 UTC

231003-zn52jsfe8z 1

03/10/2023, 20:51 UTC

231003-zm5pdshd72 1

03/10/2023, 20:47 UTC

231003-zlc8rafe7w 1

01/10/2023, 23:38 UTC

231001-3m4zmsee4s 1

28/09/2023, 14:56 UTC

230928-saz5tacc3w 1

28/09/2023, 14:53 UTC

230928-r9sdkscc2t 1

Analysis

  • max time kernel
    1s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2023, 23:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://192.168.22.107/acc_MOG#/login

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://192.168.22.107/acc_MOG#/login
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3164
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2ef46f8,0x7ffec2ef4708,0x7ffec2ef4718
      2⤵
        PID:4344
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5112948687800792765,4247549587381956326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4296
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5112948687800792765,4247549587381956326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:1068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5112948687800792765,4247549587381956326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:4832
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5112948687800792765,4247549587381956326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
            2⤵
              PID:3044
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5112948687800792765,4247549587381956326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:4440
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:3840
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3004

                Network

                • flag-us
                  DNS
                  2.159.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.159.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  208.194.73.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  208.194.73.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  241.154.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  241.154.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  254.23.238.8.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  254.23.238.8.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  41.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  Response
                  41.110.16.96.in-addr.arpa
                  IN PTR
                  a96-16-110-41deploystaticakamaitechnologiescom
                • 192.168.22.107:443
                  msedge.exe
                  104 B
                   2
                • 192.168.22.107:443
                  104 B
                   2
                • 8.8.8.8:53
                  2.159.190.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  2.159.190.20.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  208.194.73.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  208.194.73.20.in-addr.arpa

                • 8.8.8.8:53
                  241.154.82.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  241.154.82.20.in-addr.arpa

                • 8.8.8.8:53
                  254.23.238.8.in-addr.arpa
                  dns
                  71 B
                   125 B
                   1
                  1

                  DNS Request

                  254.23.238.8.in-addr.arpa

                • 8.8.8.8:53
                  41.110.16.96.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  41.110.16.96.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  f95638730ec51abd55794c140ca826c9

                  SHA1

                  77c415e2599fbdfe16530c2ab533fd6b193e82ef

                  SHA256

                  106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

                  SHA512

                  0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  6465cdb8f8662460ab9be3d3317f5763

                  SHA1

                  380c48432aa114bdf6ad783ccbd1f56195b15788

                  SHA256

                  30b00c6adf93b16ef39118f5e0cf0233587643d1af9c62477d58a6751dacddff

                  SHA512

                  726432b045f7a2abaa47382ed3c7e93bf4c99024d223cc5af162eff08cbbf41c6d58b9cd3e9ca23ded99be549e126f159b865ea45c90b4a39591ca6eecbf5fdd

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.