Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://trk.nice.com...

windows7-x64

1

https://trk.nice.com...

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 03:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://trk.nice.com/v/MDY5LUtWTS02NjYAAAGQ5RJbTyy3LzCU9j4JQ6x4bDUYvrgehq_i2sSlz7dClMvPlkOZ4dpfxrbbVS3to2risXPZ68w=

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.nice.com/v/MDY5LUtWTS02NjYAAAGQ5RJbTyy3LzCU9j4JQ6x4bDUYvrgehq_i2sSlz7dClMvPlkOZ4dpfxrbbVS3to2risXPZ68w=
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7069758,0x7fef7069768,0x7fef7069778
      2⤵
        PID:2088
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:2
        2⤵
          PID:2704
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:8
          2⤵
            PID:2620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:8
            2⤵
              PID:2752
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:1
              2⤵
                PID:2280
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:1
                2⤵
                  PID:2956
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:2
                  2⤵
                    PID:1948
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1284,i,2072795097878729123,1109696037691581118,131072 /prefetch:8
                    2⤵
                      PID:2360
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:892

                    Network

                    • flag-us
                      DNS
                      trk.nice.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      trk.nice.com
                      IN A
                      Response
                      trk.nice.com
                      IN CNAME
                      mkto-lon060131.com
                      mkto-lon060131.com
                      IN A
                      104.17.70.206
                      mkto-lon060131.com
                      IN A
                      104.17.73.206
                      mkto-lon060131.com
                      IN A
                      104.17.71.206
                      mkto-lon060131.com
                      IN A
                      104.17.72.206
                      mkto-lon060131.com
                      IN A
                      104.17.74.206
                    • flag-us
                      DNS
                      get.nice.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      get.nice.com
                      IN A
                      Response
                      get.nice.com
                      IN CNAME
                      nice3.mktoweb.com
                      nice3.mktoweb.com
                      IN CNAME
                      lon06.mktossl.com
                      lon06.mktossl.com
                      IN A
                      104.17.72.206
                      lon06.mktossl.com
                      IN A
                      104.17.74.206
                      lon06.mktossl.com
                      IN A
                      104.17.73.206
                      lon06.mktossl.com
                      IN A
                      104.17.71.206
                      lon06.mktossl.com
                      IN A
                      104.17.70.206
                    • flag-us
                      DNS
                      na-sjint.marketo.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      na-sjint.marketo.com
                      IN A
                      Response
                      na-sjint.marketo.com
                      IN CNAME
                      sjint.mkto-test.com
                      sjint.mkto-test.com
                      IN A
                      104.17.97.130
                      sjint.mkto-test.com
                      IN A
                      104.17.98.130
                      sjint.mkto-test.com
                      IN A
                      104.17.99.130
                      sjint.mkto-test.com
                      IN A
                      104.17.100.130
                      sjint.mkto-test.com
                      IN A
                      104.17.101.130
                    • flag-us
                      DNS
                      content-autofill.googleapis.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      content-autofill.googleapis.com
                      IN A
                      Response
                      content-autofill.googleapis.com
                      IN A
                      172.217.20.202
                      content-autofill.googleapis.com
                      IN A
                      216.58.215.42
                      content-autofill.googleapis.com
                      IN A
                      216.58.213.74
                      content-autofill.googleapis.com
                      IN A
                      142.250.179.74
                      content-autofill.googleapis.com
                      IN A
                      142.250.179.106
                      content-autofill.googleapis.com
                      IN A
                      142.250.178.138
                      content-autofill.googleapis.com
                      IN A
                      142.250.201.170
                      content-autofill.googleapis.com
                      IN A
                      216.58.214.74
                      content-autofill.googleapis.com
                      IN A
                      142.250.75.234
                      content-autofill.googleapis.com
                      IN A
                      216.58.214.170
                      content-autofill.googleapis.com
                      IN A
                      172.217.20.170
                    • flag-fr
                      GET
                      https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgnY5hPsebzAYBIFDdvUntESBQ05-Qn0EgUN7GU6GA==?alt=proto
                      chrome.exe
                      Remote address:
                      172.217.20.202:443
                      Request
                      GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgnY5hPsebzAYBIFDdvUntESBQ05-Qn0EgUN7GU6GA==?alt=proto HTTP/2.0
                      host: content-autofill.googleapis.com
                      x-goog-encode-response-if-executable: base64
                      x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                      x-client-data: CJmWywE=
                      sec-fetch-site: none
                      sec-fetch-mode: no-cors
                      sec-fetch-dest: empty
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                      accept-encoding: gzip, deflate, br
                      accept-language: en-US,en;q=0.9
                    • flag-us
                      DNS
                      niceincontact.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      niceincontact.com
                      IN A
                      Response
                      niceincontact.com
                      IN A
                      13.65.39.165
                    • 104.17.70.206:443
                      trk.nice.com
                      tls
                      chrome.exe
                      2.0kB
                       5.2kB
                       15
                      15
                    • 104.17.70.206:443
                      trk.nice.com
                      tls
                      chrome.exe
                      1.1kB
                       3.5kB
                       10
                      8
                    • 104.17.72.206:443
                      get.nice.com
                      tls
                      chrome.exe
                      8.5kB
                       184.2kB
                       115
                      185
                    • 104.17.72.206:443
                      get.nice.com
                      tls
                      chrome.exe
                      1.0kB
                       3.5kB
                       9
                      8
                    • 172.217.20.202:443
                      https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgnY5hPsebzAYBIFDdvUntESBQ05-Qn0EgUN7GU6GA==?alt=proto
                      tls, http2
                      chrome.exe
                      1.8kB
                       7.0kB
                       15
                      17

                      HTTP Request

                      GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgnY5hPsebzAYBIFDdvUntESBQ05-Qn0EgUN7GU6GA==?alt=proto
                    • 104.17.97.130:443
                      na-sjint.marketo.com
                      tls
                      chrome.exe
                      1.8kB
                       7.6kB
                       15
                      18
                    • 13.65.39.165:443
                      niceincontact.com
                      tls
                      chrome.exe
                      1.3kB
                       4.4kB
                       9
                      7
                    • 8.8.8.8:53
                      trk.nice.com
                      dns
                      chrome.exe
                      58 B
                       167 B
                       1
                      1

                      DNS Request

                      trk.nice.com

                      DNS Response

                      104.17.70.206
                      104.17.73.206
                      104.17.71.206
                      104.17.72.206
                      104.17.74.206

                    • 8.8.8.8:53
                      get.nice.com
                      dns
                      chrome.exe
                      58 B
                       194 B
                       1
                      1

                      DNS Request

                      get.nice.com

                      DNS Response

                      104.17.72.206
                      104.17.74.206
                      104.17.73.206
                      104.17.71.206
                      104.17.70.206

                    • 8.8.8.8:53
                      na-sjint.marketo.com
                      dns
                      chrome.exe
                      66 B
                       176 B
                       1
                      1

                      DNS Request

                      na-sjint.marketo.com

                      DNS Response

                      104.17.97.130
                      104.17.98.130
                      104.17.99.130
                      104.17.100.130
                      104.17.101.130

                    • 8.8.8.8:53
                      content-autofill.googleapis.com
                      dns
                      chrome.exe
                      77 B
                       253 B
                       1
                      1

                      DNS Request

                      content-autofill.googleapis.com

                      DNS Response

                      172.217.20.202
                      216.58.215.42
                      216.58.213.74
                      142.250.179.74
                      142.250.179.106
                      142.250.178.138
                      142.250.201.170
                      216.58.214.74
                      142.250.75.234
                      216.58.214.170
                      172.217.20.170

                    • 8.8.8.8:53
                      niceincontact.com
                      dns
                      chrome.exe
                      63 B
                       79 B
                       1
                      1

                      DNS Request

                      niceincontact.com

                      DNS Response

                      13.65.39.165

                    • 224.0.0.251:5353
                      chrome.exe
                      204 B
                       3

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                      Filesize

                      264KB

                      MD5

                      f50f89a0a91564d0b8a211f8921aa7de

                      SHA1

                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                      SHA256

                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                      SHA512

                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      e3d736ed669f08e3c906878bd75068ed

                      SHA1

                      0b896c7c2829894405757e5e6fe2a8f722a637ec

                      SHA256

                      b5856d9c91d983f968b28c2c9b2932fb4c277ffd66ce16e640cdfcd7a098bac1

                      SHA512

                      28ff5c726d9f080fce2998625c74d4598cb48edc0a97dacb4da3438e90b08ea918831e3098167c9ae4e4841d6ad65eb458fd78bacb3267c1396938dd6e87055a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      6b6ba415bed2987dca8e7c5b9117487d

                      SHA1

                      14a5bfc3fd895ad0b06c1b363b0ffdee2d402896

                      SHA256

                      da174a817b93c066f9ec44206c2285ec2be51628f3ccc5bfbda4fc99fdcadb50

                      SHA512

                      87d8df234f6a4be7bf8ce982df62cf9fb3c2c493c8dc90fad7038d3d881a2e569e33cd5965d3908688032d8bf9ab8aae98a53f7ad96ff3544cdfd7d69ea75662

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
                      Filesize

                      16B

                      MD5

                      18e723571b00fb1694a3bad6c78e4054

                      SHA1

                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                      SHA256

                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                      SHA512

                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Cab3C28.tmp
                      Filesize

                      65KB

                      MD5

                      ac05d27423a85adc1622c714f2cb6184

                      SHA1

                      b0fe2b1abddb97837ea0195be70ab2ff14d43198

                      SHA256

                      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                      SHA512

                      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Tar3C5A.tmp
                      Filesize

                      171KB

                      MD5

                      9c0c641c06238516f27941aa1166d427

                      SHA1

                      64cd549fb8cf014fcd9312aa7a5b023847b6c977

                      SHA256

                      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                      SHA512

                      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                      Download Submit

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.