Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://www.wanthub.c...

windows10-1703-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    299s
  • platform
    windows10-1703_x64
  • resource
    win10-20231220-en
  • resource tags

    arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/01/2024, 15:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.wanthub.com/en/shared/images/logo/WantHub_Logo_Email.png

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wanthub.com/en/shared/images/logo/WantHub_Logo_Email.png
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4208 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:200

Network

  • flag-us
    DNS
    www.wanthub.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.wanthub.com
    IN A
    Response
    www.wanthub.com
    IN CNAME
    wanthub.com
    wanthub.com
    IN A
    79.110.224.181
  • flag-us
    GET
    http://www.wanthub.com/en/shared/images/logo/WantHub_Logo_Email.png
    IEXPLORE.EXE
    Remote address:
    79.110.224.181:80
    Request
    GET /en/shared/images/logo/WantHub_Logo_Email.png HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.wanthub.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/png
    Last-Modified: Wed, 18 Sep 2019 19:20:27 GMT
    Accept-Ranges: bytes
    ETag: "c3b91a21566ed51:0"
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Date: Tue, 23 Jan 2024 16:00:25 GMT
    Content-Length: 14481
  • flag-us
    GET
    http://www.wanthub.com/favicon.ico
    iexplore.exe
    Remote address:
    79.110.224.181:80
    Request
    GET /favicon.ico HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Host: www.wanthub.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/x-icon
    Last-Modified: Sun, 30 Dec 2018 20:13:50 GMT
    Accept-Ranges: bytes
    ETag: "7d7cf2e7ca0d41:0"
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Date: Tue, 23 Jan 2024 16:00:25 GMT
    Content-Length: 1150
  • flag-us
    DNS
    181.224.110.79.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.224.110.79.in-addr.arpa
    IN PTR
    Response
    181.224.110.79.in-addr.arpa
    IN PTR
    securec94ezhostingservercom
  • flag-us
    DNS
    161.19.199.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.19.199.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    24.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.179.17.96.in-addr.arpa
    IN PTR
    Response
    24.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    57.110.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.110.18.2.in-addr.arpa
    IN PTR
    Response
    57.110.18.2.in-addr.arpa
    IN PTR
    a2-18-110-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    www.microsoft.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.17.5.133
  • flag-us
    DNS
    133.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.5.17.2.in-addr.arpa
    IN PTR
    Response
    133.5.17.2.in-addr.arpa
    IN PTR
    a2-17-5-133deploystaticakamaitechnologiescom
  • flag-us
    DNS
    133.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.5.17.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    5.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    5.179.17.96.in-addr.arpa
    IN PTR
    Response
    5.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-5deploystaticakamaitechnologiescom
  • flag-us
    DNS
    12.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    12.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 79.110.224.181:80
    http://www.wanthub.com/en/shared/images/logo/WantHub_Logo_Email.png
    http
    IEXPLORE.EXE
    1.0kB
     15.3kB
     16
    13

    HTTP Request

    GET http://www.wanthub.com/en/shared/images/logo/WantHub_Logo_Email.png

    HTTP Response

    200
  • 79.110.224.181:80
    www.wanthub.com
    IEXPLORE.EXE
    144 B
     92 B
     3
    2
  • 79.110.224.181:80
    http://www.wanthub.com/favicon.ico
    http
    iexplore.exe
    546 B
     1.6kB
     7
    4

    HTTP Request

    GET http://www.wanthub.com/favicon.ico

    HTTP Response

    200
  • 79.110.224.181:80
    www.wanthub.com
    iexplore.exe
    144 B
     92 B
     3
    2
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
     8.1kB
     15
    15
  • 8.8.8.8:53
    www.wanthub.com
    dns
    iexplore.exe
    61 B
     91 B
     1
    1

    DNS Request

    www.wanthub.com

    DNS Response

    79.110.224.181

  • 8.8.8.8:53
    181.224.110.79.in-addr.arpa
    dns
    73 B
     116 B
     1
    1

    DNS Request

    181.224.110.79.in-addr.arpa

  • 8.8.8.8:53
    161.19.199.152.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    161.19.199.152.in-addr.arpa

  • 8.8.8.8:53
    24.179.17.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    24.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    57.110.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    57.110.18.2.in-addr.arpa

  • 8.8.8.8:53
    www.microsoft.com
    dns
    iexplore.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.17.5.133

  • 8.8.8.8:53
    133.5.17.2.in-addr.arpa
    dns
    138 B
     131 B
     2
    1

    DNS Request

    133.5.17.2.in-addr.arpa

    DNS Request

    133.5.17.2.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    5.179.17.96.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    5.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    12.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    12.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f3990afbcdf64f1f806d1b926cf35b3d

    SHA1

    da1297f9ac1e9e9e7e78b567006e9248bfc212f7

    SHA256

    48c214dd545cc2718f7e844d699efae28f80d683340959e000bb41ad75dd6386

    SHA512

    9b5bc750b2e1038c82a93d51efe0d7dcf951ca594a62a90bac0ca1019d232afd07f9630e1ba1b609e128a9ba9c23c1ea8f1badd9e6b25f3eb591a936c89ee939

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    5661ef4123a8168a39a4502cd75ddaf7

    SHA1

    18fae5f18cdb5d2397c2c3be2a4ec19a87e01c0f

    SHA256

    290a6b2cb6a77c97a6cfe863fbdf66156b4d9eb315ba6f181b34640a9ca067d1

    SHA512

    a0c26ac1d7656abcececcc67c9ce2e46f6635718e2ff26c619484f4a77b8f8683e3301e2848498ed03f5e7024229f7e2193e36da2e67e4be64841984483940b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    5283a41438c7108bf54c1a4ffcb4557c

    SHA1

    99a8c71071221b7978d29006da2e47c3c721dd98

    SHA256

    0fe346c390bca29d4bcdbdc8e359236f729399dca00238eebd12ff4855622e05

    SHA512

    7852a0955700c749e1337efaf9496da4889d5979dfa8a6be02be292f29267b51c9f19cd860b5ba48fccee8822b3cd1460e2d0dbf2e8366cfd1a640f5929a2f44

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE445.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A7JUO40W\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDF4RA7H\favicon[1].ico
    Filesize

    1KB

    MD5

    def3517bf21c8293b2eca0dc32a35490

    SHA1

    011ab7684d7e6d0f36a4e1e47999d215ee3f21d6

    SHA256

    06e3ee821b7e7e9091c8d2e3f76d2e25929d40d0d9704ce1691207864ceb1fc1

    SHA512

    40bf5f27c6e7a3ca77eaa59221f07080bc11a0b059e21dbb356c70737eb4cb521b39107841852651a26e5fc1cdf2f26bbb5b00cf7fffb57ab6787280fb59b83e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\L3LIQJSJ.cookie
    Filesize

    539B

    MD5

    e20151403419808fa11d01b6ce365cd8

    SHA1

    3e308c3b7136e4fa288a61646229e66719da5bd8

    SHA256

    4f48da9ef2c07c1b64d9bac4e4bf61f09223e018f1a3418c7b8dcec04b84eb04

    SHA512

    bad4cfaa26dea72bc9b02f499340aa019bd39fe5bbdafd615317666292cde6e9acc79aa54b4c75beab126a770cb861ea969ae7be204eb95c8174b08f5a62fac7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.