Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
374s -
max time network
598s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
07/03/2024, 15:49 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://e5-nttdata-eloit-kl-in.azurewebsites.net/Account/Login?ReturnUrl=https%3A%2F%2Fe5-nttdata-eloit-kl-in.azurewebsites.net%2F
Resource
win10-20240221-en
8 signatures
600 seconds
Behavioral task
behavioral2
Sample
https://e5-nttdata-eloit-kl-in.azurewebsites.net/Account/Login?ReturnUrl=https%3A%2F%2Fe5-nttdata-eloit-kl-in.azurewebsites.net%2F
Resource
android-x64-20240221-en
1 signatures
600 seconds
General
-
Target
https://e5-nttdata-eloit-kl-in.azurewebsites.net/Account/Login?ReturnUrl=https%3A%2F%2Fe5-nttdata-eloit-kl-in.azurewebsites.net%2F
Score
7/10
Malware Config
Signatures
-
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.android.chrome
Network
-
Remote address:1.1.1.1:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.251.168.84
-
Remote address:1.1.1.1:53Requeste5-nttdata-eloit-kl-in.azurewebsites.netIN AResponsee5-nttdata-eloit-kl-in.azurewebsites.netIN CNAMEwaws-prod-pn1-001.sip.azurewebsites.windows.netwaws-prod-pn1-001.sip.azurewebsites.windows.netIN CNAMEwaws-prod-pn1-001.centralindia.cloudapp.azure.comwaws-prod-pn1-001.centralindia.cloudapp.azure.comIN A104.211.97.138
-
Remote address:1.1.1.1:53Requestsafebrowsing.googleapis.comIN AResponsesafebrowsing.googleapis.comIN A142.250.178.10
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A172.217.169.72
-
Remote address:1.1.1.1:53Requestwww.google.comIN A
-
Remote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A216.58.204.68
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A216.58.212.195
-
Remote address:1.1.1.1:53RequesthoszmtnynlchhIN AResponse
-
Remote address:1.1.1.1:53RequestspmctwnvumlIN AResponse
-
Remote address:1.1.1.1:53RequestteuflekkopIN AResponse
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.180.14
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A142.250.200.35
-
2.0kB 7.4kB 17 16
-
2.3kB 7.0kB 12 9
-
3.2kB 9.7kB 15 13
-
2.2kB 6.5kB 14 13
-
128 B 40 B 2 1
-
2.4kB 11.7kB 21 25
-
857 B 40 B 1 1
-
8.4kB 10.7kB 28 33
-
520 B 10
-
431 B 40 B 2 1
-
9.0kB 10.4kB 34 35
-
135 B 40 B 2 1
-
128 B 40 B 2 1
-
6.8kB 11.8kB 29 34
-
520 B 10
-
3.7kB 11
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.251.168.84
-
86 B 223 B 1 1
DNS Request
e5-nttdata-eloit-kl-in.azurewebsites.net
DNS Response
104.211.97.138
-
73 B 89 B 1 1
DNS Request
safebrowsing.googleapis.com
DNS Response
142.250.178.10
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
172.217.169.72
-
60 B 1
DNS Request
www.google.com
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
216.58.204.68
-
67 B 83 B 1 1
DNS Request
update.googleapis.com
DNS Response
216.58.212.195
-
59 B 134 B 1 1
DNS Request
hoszmtnynlchh
-
57 B 132 B 1 1
DNS Request
spmctwnvuml
-
56 B 131 B 1 1
DNS Request
teuflekkop
-
138 B 109 B 2 1
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
DNS Response
142.250.180.14
-
67 B 83 B 1 1
DNS Request
update.googleapis.com
DNS Response
142.250.200.35