Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/10/2024, 21:38 UTC

241017-1hdksa1cml 3

03/09/2024, 13:46 UTC

240903-q3d2yazbmf 3

03/09/2024, 13:46 UTC

240903-q2zbgszblf 3

22/05/2024, 13:06 UTC

240522-qb91asce4s 3

08/05/2024, 20:44 UTC

240508-zh7m7aef4y 3

25/04/2024, 19:41 UTC

240425-yebkxadh96 8

24/04/2024, 20:10 UTC

240424-yx2j2sgg57 8

24/04/2024, 20:09 UTC

240424-yxmqwsgf71 3

24/04/2024, 20:03 UTC

240424-ysxejage8z 3

Analysis

  • max time kernel
    1517s
  • max time network
    1503s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17/10/2024, 21:38 UTC

General

  • Target

    Monoxide.aps

  • Size

    144KB

  • MD5

    f7d3cae315be90f7dbfdff123067b6ef

  • SHA1

    a565254c22714b5fa19f2a8e80f99a3e0dadeae1

  • SHA256

    84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3

  • SHA512

    cc1b98aa943dd9b90efb676d2c9b16a8c099959d8cc3da58da8da870557f3a624515fc88f4b8bbac6ff6b98bb2a0311d893a66c1347817a75196d370981be755

  • SSDEEP

    768:S5N5N5NSrpWeq6LOrrrzzzz7DDDHjjjIWbi9E3AAq/L9YO3Iz:S3336DWbi9E3AAqDI

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Monoxide.aps
    1⤵
    • Modifies registry class
    PID:3140
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4648

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    self.events.data.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdcus08.centralus.cloudapp.azure.com
    onedscolprdcus08.centralus.cloudapp.azure.com
    IN A
    104.208.16.88
  • flag-us
    DNS
    login.live.com
    Remote address:
    8.8.8.8:53
    Request
    login.live.com
    IN A
    Response
    login.live.com
    IN CNAME
    login.msa.msidentity.com
    login.msa.msidentity.com
    IN CNAME
    www.tm.lg.prod.aadmsa.trafficmanager.net
    www.tm.lg.prod.aadmsa.trafficmanager.net
    IN CNAME
    prdv4a.aadg.msidentity.com
    prdv4a.aadg.msidentity.com
    IN CNAME
    www.tm.v4.a.prd.aadg.trafficmanager.net
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.74
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.68
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.72
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.134
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.138
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    20.190.160.22
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    40.126.32.136
    www.tm.v4.a.prd.aadg.trafficmanager.net
    IN A
    20.190.160.14
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    arc.msn.com
    Remote address:
    8.8.8.8:53
    Request
    arc.msn.com
    IN A
    Response
    arc.msn.com
    IN CNAME
    arc.trafficmanager.net
    arc.trafficmanager.net
    IN CNAME
    iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
    iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
    IN A
    20.103.156.88
  • flag-us
    DNS
    ris.api.iris.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    ris.api.iris.microsoft.com
    IN A
    Response
    ris.api.iris.microsoft.com
    IN CNAME
    ris-prod.trafficmanager.net
    ris-prod.trafficmanager.net
    IN CNAME
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    IN A
    20.234.120.54
  • flag-us
    DNS
    54.120.234.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    54.120.234.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN CNAME
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.73
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.69
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.70
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.67
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.103
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    84.201.209.99
  • flag-us
    DNS
    73.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    arc.msn.com
    Remote address:
    8.8.8.8:53
    Request
    arc.msn.com
    IN A
    Response
    arc.msn.com
    IN CNAME
    arc.trafficmanager.net
    arc.trafficmanager.net
    IN CNAME
    iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
    iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
    IN A
    20.103.156.88
  • flag-us
    DNS
    arc.msn.com
    Remote address:
    8.8.8.8:53
    Request
    arc.msn.com
    IN A
    Response
    arc.msn.com
    IN CNAME
    arc.trafficmanager.net
    arc.trafficmanager.net
    IN CNAME
    iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
    iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
    IN A
    20.223.35.26
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls
    110.9kB
    3.2MB
    2322
    2317
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    478 B
    950 B
    7
    5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    104.208.16.88

    DNS Request

    login.live.com

    DNS Response

    40.126.32.74
    40.126.32.68
    40.126.32.72
    40.126.32.134
    40.126.32.138
    20.190.160.22
    40.126.32.136
    20.190.160.14

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Request

    74.32.126.40.in-addr.arpa

    DNS Request

    74.32.126.40.in-addr.arpa

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    210 B
    133 B
    3
    1

    DNS Request

    83.210.23.2.in-addr.arpa

    DNS Request

    83.210.23.2.in-addr.arpa

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    219 B
    144 B
    3
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    733 B
    2.0kB
    11
    11

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

    DNS Request

    88.156.103.20.in-addr.arpa

    DNS Request

    10.28.171.150.in-addr.arpa

    DNS Request

    arc.msn.com

    DNS Response

    20.103.156.88

    DNS Request

    ris.api.iris.microsoft.com

    DNS Response

    20.234.120.54

    DNS Request

    54.120.234.20.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    84.201.209.73
    84.201.209.69
    84.201.209.70
    84.201.209.67
    84.201.209.103
    84.201.209.99

    DNS Request

    73.209.201.84.in-addr.arpa

    DNS Request

    arc.msn.com

    DNS Response

    20.103.156.88

    DNS Request

    arc.msn.com

    DNS Response

    20.223.35.26

    DNS Request

    26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.