Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02/05/2022, 15:03 UTC
General
-
Target
993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
-
Size
651KB
-
MD5
7385a5ddf4b7801cfdf4b4a247ab7837
-
SHA1
bddc2c8163e976c01be0147f4d5bd32f6e344188
-
SHA256
993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391
-
SHA512
02cb71a1f06aeee9a1ef19261b85986bd1dccb29a224e38b26125c98f2adab05d75f17af28f97c98423178a950db23cd9a2530c75cfee2f87f04c0fad3993ec3
Score
8/10
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Drops desktop.ini file(s) 2 IoCs
-
Drops file in Windows directory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe"C:\Users\Admin\AppData\Local\Temp\993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
Network
-
DNSstoresdk.dsx.mp.microsoft.comRemote address:8.8.8.8:53Requeststoresdk.dsx.mp.microsoft.comIN AResponsestoresdk.dsx.mp.microsoft.comIN CNAMEstoresdk.xbetservices.akadns.netstoresdk.xbetservices.akadns.netIN CNAMEstoresdk.dsx.mp.microsoft.com.edgekey.netstoresdk.dsx.mp.microsoft.com.edgekey.netIN CNAMEe16646.g.akamaiedge.nete16646.g.akamaiedge.netIN A2.18.109.224 -
GEThttps://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId=Remote address:2.18.109.224:443RequestGET /v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId= HTTP/1.1
Accept-Encoding: gzip, deflate
MS-CV: yoiLx7lC5kOYL91Y.3.3.1.2
User-Agent: WindowsStoreSDK
Host: storesdk.dsx.mp.microsoft.com
Connection: Keep-Alive
Cookie: _EDGE_V=1; MUID=2EE81D958D766944205E0C138CB168D8
ResponseHTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 144
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-OSG-Served-By: WESTEUROPE_LEGACY00004R_1.0.0.0
MS-CV: yoiLx7lC5kOYL91Y.3.3.1.2.1
Date: Mon, 02 May 2022 15:48:33 GMT
Connection: keep-alive
-
GEThttps://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=Remote address:2.18.109.224:443RequestGET /v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId= HTTP/1.1
Accept-Encoding: gzip, deflate
MS-CV: yoiLx7lC5kOYL91Y.7.3.1.2
User-Agent: WindowsStoreSDK
Host: storesdk.dsx.mp.microsoft.com
Connection: Keep-Alive
Cookie: _EDGE_V=1; MUID=2EE81D958D766944205E0C138CB168D8
ResponseHTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 144
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-OSG-Served-By: WESTEUROPE_LEGACY00000P_1.0.0.0
MS-CV: yoiLx7lC5kOYL91Y.7.3.1.2.1
Date: Mon, 02 May 2022 15:48:35 GMT
Connection: keep-alive
-
20.190.160.67:443 -
104.97.14.81:80
-
20.50.201.200:443
-
20.54.110.249:443 -
87.248.202.1:80
-
87.248.202.1:80
-
2.18.109.224:443tls
-
2.18.109.224:443https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=tls, http
HTTP Request
GET https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId=HTTP Response
200HTTP Request
GET https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=HTTP Response
200
-
8.8.8.8:53storesdk.dsx.mp.microsoft.comdns
DNS Request
storesdk.dsx.mp.microsoft.com
DNS Response
2.18.109.224