Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
27/05/2024, 13:48 UTC
General
-
Target
https://aru103941.page.link/RtQw
Score
7/10
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes
-
com.android.chrome1⤵
- Checks CPU information
- Checks memory information
Network
-
DNSwww.google.comRemote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.228 -
DNSaru103941.page.linkRemote address:1.1.1.1:53Requestaru103941.page.linkIN AResponsearu103941.page.linkIN A142.250.180.1
-
DNSsafebrowsing.googleapis.comRemote address:1.1.1.1:53Requestsafebrowsing.googleapis.comIN AResponsesafebrowsing.googleapis.comIN A172.217.16.234
-
DNSfattura-id.comRemote address:1.1.1.1:53Requestfattura-id.comIN AResponsefattura-id.comIN CNAMEpublic31.id6840651061.copublic31.id6840651061.coIN A160.165.146.197
-
DNSwww.google.comRemote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A172.217.169.36
-
DNSupdate.googleapis.comRemote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A172.217.16.227
-
POSThttps://update.googleapis.com/service/update2Remote address:172.217.16.227:443RequestPOST /service/update2 HTTP/1.1
Content-Length: 660
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-Ci0Ql7UWeDLA0xdXUwLqCQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 27 May 2024 13:48:55 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6356
X-Daystart: 24535
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
POSThttps://update.googleapis.com/service/update2Remote address:172.217.16.227:443RequestPOST /service/update2 HTTP/1.1
Content-Length: 654
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-J644DyE9sIDfCSPS4tI-Lw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 27 May 2024 13:48:55 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6356
X-Daystart: 24535
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
DNSdujvyiqpzrRemote address:1.1.1.1:53RequestdujvyiqpzrIN AResponse
-
DNSuwwogtbdpvmuposRemote address:1.1.1.1:53RequestuwwogtbdpvmuposIN AResponse
-
DNSgrffiblRemote address:1.1.1.1:53RequestgrffiblIN AResponse
-
DNSandroid.apis.google.comRemote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.179.238
-
172.217.169.14:443tls
-
142.250.187.228:443www.google.comtls
-
142.250.180.1:443aru103941.page.linktls
-
142.250.180.1:443aru103941.page.linktls
-
172.217.16.234:443safebrowsing.googleapis.comtls
-
160.165.146.197:443fattura-id.comtls -
142.250.178.3:443tls, https
-
172.217.169.36:443www.google.comtls
-
172.217.16.227:443https://update.googleapis.com/service/update2tls, http
HTTP Request
POST https://update.googleapis.com/service/update2HTTP Response
200HTTP Request
POST https://update.googleapis.com/service/update2HTTP Response
200 -
142.250.200.46:443tls, https
-
142.250.179.238:443android.apis.google.comtls
-
224.0.0.251:5353 -
1.1.1.1:53www.google.comdns
DNS Request
www.google.com
DNS Response
142.250.187.228
-
1.1.1.1:53aru103941.page.linkdns
DNS Request
aru103941.page.link
DNS Response
142.250.180.1
-
1.1.1.1:53safebrowsing.googleapis.comdns
DNS Request
safebrowsing.googleapis.com
DNS Response
172.217.16.234
-
1.1.1.1:53fattura-id.comdns
DNS Request
fattura-id.com
DNS Response
160.165.146.197
-
1.1.1.1:53www.google.comdns
DNS Request
www.google.com
DNS Response
172.217.169.36
-
1.1.1.1:53update.googleapis.comdns
DNS Request
update.googleapis.com
DNS Response
172.217.16.227
-
1.1.1.1:53dujvyiqpzrdns
DNS Request
dujvyiqpzr
-
1.1.1.1:53uwwogtbdpvmuposdns
DNS Request
uwwogtbdpvmupos
-
1.1.1.1:53grffibldns
DNS Request
grffibl
-
1.1.1.1:53android.apis.google.comdns
DNS Request
android.apis.google.com
DNS Response
142.250.179.238
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
268B
MD561968260c17d267207578b5c04975f42
SHA14efb64e87be3ff65b2ffecaa42a9571bb2c43fa9
SHA2562b38eacbd4bc14e7f36b0332b36b1ea0b835d4eaf45580e4af387ccfb94865b0
SHA512c2fbc0b6303d7a1ea93ddac88b05bbbc5eb52f0b51570ec551c68cb843d72e18309748b7fade103f9ba45a7a84be187267968735111d7e5bc2019a77b922e603