Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

1d6acba448...7.html

windows7-x64

1

1d6acba448...7.html

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 00:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d6acba448d3fcd2f3187a611e149947.html

  • Size

    254B

  • MD5

    1d6acba448d3fcd2f3187a611e149947

  • SHA1

    c437425a74692a4f2bf3d7dd2931e5176c799682

  • SHA256

    6748d8ecd20cb131f3f647aa52e880f5d7340e0a8ec6915b7179998e77c3e024

  • SHA512

    b32623fd68cccf18a65ba0fd7e1cd60204d5a2a247f2fb6a98a1477a57768b1ea6548ebae9715fdc768a3939f8a37c62ed822be17c484c95926deadce873ab13

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1d6acba448d3fcd2f3187a611e149947.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4580 CREDAT:17410 /prefetch:2
      2⤵
        PID:2980

    Network

    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
      Response
      104.241.123.92.in-addr.arpa
      IN PTR
      a92-123-241-104deploystaticakamaitechnologiescom
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      174.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.178.17.96.in-addr.arpa
      IN PTR
      Response
      174.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-174deploystaticakamaitechnologiescom
    • flag-us
      DNS
      174.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.178.17.96.in-addr.arpa
      IN PTR
      Response
      174.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-174deploystaticakamaitechnologiescom
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      32.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      32.134.221.88.in-addr.arpa
      IN PTR
      Response
      32.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-32deploystaticakamaitechnologiescom
    • flag-us
      DNS
      32.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      32.134.221.88.in-addr.arpa
      IN PTR
      Response
      32.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-32deploystaticakamaitechnologiescom
    • 52.142.223.178:80
      156 B
       3
    • 204.79.197.200:443
      g.bing.com
      tls
      2.3kB
       11.7kB
       23
      20
    • 20.231.121.79:80
      52 B
       1
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      2.3kB
       28.6kB
       34
      33
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      1.2kB
       9.6kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.2kB
       8.3kB
       15
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      59.6kB
       1.7MB
       1234
      1229
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.3kB
       8.3kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.4kB
       8.2kB
       16
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.2kB
       8.3kB
       15
      14
    • 152.199.19.161:443
      138 B
       40 B
       3
      1
    • 152.199.19.161:443
      92 B
       40 B
       2
      1
    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      0.181.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      112 B
       158 B
       2
      1

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      41.110.16.96.in-addr.arpa

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      48.229.111.52.in-addr.arpa

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      104.241.123.92.in-addr.arpa
      dns
      292 B
       139 B
       4
      1

      DNS Request

      104.241.123.92.in-addr.arpa

      DNS Request

      104.241.123.92.in-addr.arpa

      DNS Request

      104.241.123.92.in-addr.arpa

      DNS Request

      104.241.123.92.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      144 B
       316 B
       2
      2

      DNS Request

      119.110.54.20.in-addr.arpa

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      174.178.17.96.in-addr.arpa
      dns
      144 B
       274 B
       2
      2

      DNS Request

      174.178.17.96.in-addr.arpa

      DNS Request

      174.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      142 B
       232 B
       2
      2

      DNS Request

      0.204.248.87.in-addr.arpa

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      32.134.221.88.in-addr.arpa
      dns
      144 B
       274 B
       2
      2

      DNS Request

      32.134.221.88.in-addr.arpa

      DNS Request

      32.134.221.88.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.