Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

8f08cca428...f.html

windows7-x64

1

8f08cca428...f.html

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 11:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f08cca428b7d493469cc09983853a8f.html

  • Size

    2KB

  • MD5

    8f08cca428b7d493469cc09983853a8f

  • SHA1

    3a380cd6a3ac1b0dd7e2c282b76c07c80a6c5a52

  • SHA256

    f56fe6b2ef36f36b599931035b2dcfe691b1de306d3be38af9e8cfa767891913

  • SHA512

    a1e657589ac9a8675b2253fe6e24781cc5dfeea13a474a7ee6095472d576f6934232be34959f80bece25318c092773d4d61eddd715525b83e3281f2abd854213

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8f08cca428b7d493469cc09983853a8f.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4740 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1380

Network

  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    dsparking.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    dsparking.com
    IN A
    Response
    dsparking.com
    IN A
    66.81.203.136
    dsparking.com
    IN A
    66.81.203.11
    dsparking.com
    IN A
    66.81.203.201
  • flag-us
    GET
    http://dsparking.com/?epl=Hps18V1Yv_PpIrYdHqblv4BnwF4ISCicIrmL_7bIchVJDV39XP5R3txtN32eoChVTD5AGAcyc8UJM9Ab4oYFcxCJFEyPGLKgQULlKWOo0OFBR1ZNW5_Egg7njBW-ElltG54oCxh4CtKVBBKBXShN1JxVjXvPDXWQQ-FrK3LhH5hYGxI3kyuK5onoShHW1Kg0cqgbiVQjZLjOn9ED4QOxbmZ7hUj90uOSiFwWl7a3RSEYObh9PaSOu_NK8dSfiK9hg7oD-1IqrFa-TpCdo2fOB7w0r8nIxCB_Ehg1WDfAYIJVtaZWNOBL0iSqkt17AxKjqBqvtC17PfUWpm3HCESFUqwttMgJZYFLatKQ5J1-JyHmQdrk8w1eN2axXmhG4EGmefpFUHVjcJXX3gz1AOlRD2QAAJCRgbRJm-RJRjXQAECGDGgA5dE0DeWpfiT6ydRMUxFoNNGTCaNpaOppUJ7aEKOeRiYTbepJTxUmGgEw8P__v_D__7_y_wEAAECAXwwAAM-AvRBZUyZZQTE2aFpChgEAAPA
    IEXPLORE.EXE
    Remote address:
    66.81.203.136:80
    Request
    GET /?epl=Hps18V1Yv_PpIrYdHqblv4BnwF4ISCicIrmL_7bIchVJDV39XP5R3txtN32eoChVTD5AGAcyc8UJM9Ab4oYFcxCJFEyPGLKgQULlKWOo0OFBR1ZNW5_Egg7njBW-ElltG54oCxh4CtKVBBKBXShN1JxVjXvPDXWQQ-FrK3LhH5hYGxI3kyuK5onoShHW1Kg0cqgbiVQjZLjOn9ED4QOxbmZ7hUj90uOSiFwWl7a3RSEYObh9PaSOu_NK8dSfiK9hg7oD-1IqrFa-TpCdo2fOB7w0r8nIxCB_Ehg1WDfAYIJVtaZWNOBL0iSqkt17AxKjqBqvtC17PfUWpm3HCESFUqwttMgJZYFLatKQ5J1-JyHmQdrk8w1eN2axXmhG4EGmefpFUHVjcJXX3gz1AOlRD2QAAJCRgbRJm-RJRjXQAECGDGgA5dE0DeWpfiT6ydRMUxFoNNGTCaNpaOppUJ7aEKOeRiYTbepJTxUmGgEw8P__v_D__7_y_wEAAECAXwwAAM-AvRBZUyZZQTE2aFpChgEAAPA HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: dsparking.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.2
    Date: Sun, 04 Feb 2024 11:27:02 GMT
    Content-Type: text/html
    Last-Modified: Mon, 20 Feb 2023 14:02:33 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    ETag: W/"63f37d79-471"
    Content-Encoding: gzip
  • flag-us
    DNS
    cijkcplxelabn.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cijkcplxelabn.com
    IN A
    Response
  • flag-us
    DNS
    136.203.81.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.203.81.66.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.203.81.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.203.81.66.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.203.81.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.203.81.66.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    161.19.199.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.19.199.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.73.42.20.in-addr.arpa
    IN PTR
    Response
  • 66.81.203.136:80
    http://dsparking.com/?epl=Hps18V1Yv_PpIrYdHqblv4BnwF4ISCicIrmL_7bIchVJDV39XP5R3txtN32eoChVTD5AGAcyc8UJM9Ab4oYFcxCJFEyPGLKgQULlKWOo0OFBR1ZNW5_Egg7njBW-ElltG54oCxh4CtKVBBKBXShN1JxVjXvPDXWQQ-FrK3LhH5hYGxI3kyuK5onoShHW1Kg0cqgbiVQjZLjOn9ED4QOxbmZ7hUj90uOSiFwWl7a3RSEYObh9PaSOu_NK8dSfiK9hg7oD-1IqrFa-TpCdo2fOB7w0r8nIxCB_Ehg1WDfAYIJVtaZWNOBL0iSqkt17AxKjqBqvtC17PfUWpm3HCESFUqwttMgJZYFLatKQ5J1-JyHmQdrk8w1eN2axXmhG4EGmefpFUHVjcJXX3gz1AOlRD2QAAJCRgbRJm-RJRjXQAECGDGgA5dE0DeWpfiT6ydRMUxFoNNGTCaNpaOppUJ7aEKOeRiYTbepJTxUmGgEw8P__v_D__7_y_wEAAECAXwwAAM-AvRBZUyZZQTE2aFpChgEAAPA
    http
    IEXPLORE.EXE
    1.3kB
     1.0kB
     12
    4

    HTTP Request

    GET http://dsparking.com/?epl=Hps18V1Yv_PpIrYdHqblv4BnwF4ISCicIrmL_7bIchVJDV39XP5R3txtN32eoChVTD5AGAcyc8UJM9Ab4oYFcxCJFEyPGLKgQULlKWOo0OFBR1ZNW5_Egg7njBW-ElltG54oCxh4CtKVBBKBXShN1JxVjXvPDXWQQ-FrK3LhH5hYGxI3kyuK5onoShHW1Kg0cqgbiVQjZLjOn9ED4QOxbmZ7hUj90uOSiFwWl7a3RSEYObh9PaSOu_NK8dSfiK9hg7oD-1IqrFa-TpCdo2fOB7w0r8nIxCB_Ehg1WDfAYIJVtaZWNOBL0iSqkt17AxKjqBqvtC17PfUWpm3HCESFUqwttMgJZYFLatKQ5J1-JyHmQdrk8w1eN2axXmhG4EGmefpFUHVjcJXX3gz1AOlRD2QAAJCRgbRJm-RJRjXQAECGDGgA5dE0DeWpfiT6ydRMUxFoNNGTCaNpaOppUJ7aEKOeRiYTbepJTxUmGgEw8P__v_D__7_y_wEAAECAXwwAAM-AvRBZUyZZQTE2aFpChgEAAPA

    HTTP Response

    200
  • 66.81.203.136:80
    dsparking.com
    IEXPLORE.EXE
    466 B
     92 B
     10
    2
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
     8.1kB
     15
    14
  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    dsparking.com
    dns
    IEXPLORE.EXE
    59 B
     107 B
     1
    1

    DNS Request

    dsparking.com

    DNS Response

    66.81.203.136
    66.81.203.11
    66.81.203.201

  • 8.8.8.8:53
    cijkcplxelabn.com
    dns
    IEXPLORE.EXE
    63 B
     136 B
     1
    1

    DNS Request

    cijkcplxelabn.com

  • 8.8.8.8:53
    136.203.81.66.in-addr.arpa
    dns
    216 B
     216 B
     3
    3

    DNS Request

    136.203.81.66.in-addr.arpa

    DNS Request

    136.203.81.66.in-addr.arpa

    DNS Request

    136.203.81.66.in-addr.arpa

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    161.19.199.152.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    161.19.199.152.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    27.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    27.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    7bde92ff965b73dc76190e608c2fbb93

    SHA1

    95547789d183bbf9ea20ef6ba4c6b2f0249fb30d

    SHA256

    821420f187b512f853c8b73d9439e940e6e04c499532561343a739717a9a76ee

    SHA512

    21406b04613e8be9f2036f5057d6d3de568ec1aa4eb6471cd457e70e6ddadfc3b988d5f4c2d316e548b21b2850944a78d75a44ec3bf929e71fe61fb6b0de4ec6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    4f5a5be4211b0f337e0bd8cc9d0dc738

    SHA1

    ea364f609f7af34aca0749aa31367121c8334ab1

    SHA256

    995ee6cc42b81bca63e616f199ef9d5b076bb897ffabd067ced1a83fdb46f881

    SHA512

    39543cad8db560b268af818e6fc33e519433aae39cd81835fa2c68221bf244b3342b51cc8776bd2de78972aa09f374a6336b12748ea896c9343eb2713c4f8e4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH4I14XV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.