Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
84s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
24/09/2022, 19:34 UTC
General
-
Target
SpyoSecure Ransomware Decryptors.exe
-
Size
235KB
-
MD5
6037c626f5e71622d27eb4a9edfc8db7
-
SHA1
0b9d328d9dbdff7c500a2bebde9f0489239b849b
-
SHA256
caf139324bf28f864292f679eec441f2477dba9e132c0cfe9547c0394a40ee05
-
SHA512
96c2460e6970fc73c81d75fdab38946af83ceffe202a528658feabf7cebb13c0ff5846024d83c8aa8c235fc3d88d8260fabf3f8184ce85f0b45d2bd8856792dd
-
SSDEEP
1536:O73/1F9WZqH3Rh5GoNjtrhJlCCj4nQcPd8jWuxSKTMINWmZNif7eSdiN00:O79yqHBh5GoX9J5v+xEjIv0
Score
1/10
Malware Config
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\SpyoSecure Ransomware Decryptors.exe"C:\Users\Admin\AppData\Local\Temp\SpyoSecure Ransomware Decryptors.exe"1⤵
Network
-
DNSsegments-s.msedge.netRemote address:8.8.8.8:53Requestsegments-s.msedge.netIN AResponsesegments-s.msedge.netIN CNAMEsegments.s-msedge.netsegments.s-msedge.netIN CNAMEEdge-Prod-AMS04r5b.env.segments.s-msedge.netEdge-Prod-AMS04r5b.env.segments.s-msedge.netIN CNAMEglobal.segments.s-msedge.netglobal.segments.s-msedge.netIN CNAMEsegments.s-9999.s-msedge.netsegments.s-9999.s-msedge.netIN CNAMEs-9999.s-msedge.nets-9999.s-msedge.netIN A13.107.3.254 -
GEThttps://segments-s.msedge.net/apc/trans.gif?025fbdeeb3d3f2ce8abffd84fc3a380fRemote address:13.107.3.254:443RequestGET /apc/trans.gif?025fbdeeb3d3f2ce8abffd84fc3a380f HTTP/2.0
host: segments-s.msedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif
last-modified: Tue, 13 Sep 2022 14:17:33 GMT
accept-ranges: bytes
etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
access-control-allow-origin: *
access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
timing-allow-origin: *
x-content-type-options: nosniff
x-endpoint: AMS04r5d
x-frontend: AFD
x-machinename: AMS04EDGE2812
x-userhostaddress: 154.61.71.0
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 015EE0F178AC4CE8BD8DD7A2DA4103AE Ref B: AMS04EDGE2812 Ref C: 2022-09-24T19:36:44Z
date: Sat, 24 Sep 2022 19:36:44 GMT
-
GEThttps://segments-s.msedge.net/apc/trans.gif?c37c401d928725560c4753f28a5d58e3Remote address:13.107.3.254:443RequestGET /apc/trans.gif?c37c401d928725560c4753f28a5d58e3 HTTP/2.0
host: segments-s.msedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif
last-modified: Tue, 13 Sep 2022 14:17:33 GMT
accept-ranges: bytes
etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
access-control-allow-origin: *
access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
timing-allow-origin: *
x-content-type-options: nosniff
x-endpoint: AMS04r5d
x-frontend: AFD
x-machinename: AMS04EDGE2812
x-userhostaddress: 154.61.71.0
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B6777528BECB4E20970A80B26B75027C Ref B: AMS04EDGE2812 Ref C: 2022-09-24T19:36:44Z
date: Sat, 24 Sep 2022 19:36:44 GMT
-
DNSfp-vp-nocache.azureedge.netRemote address:8.8.8.8:53Requestfp-vp-nocache.azureedge.netIN AResponsefp-vp-nocache.azureedge.netIN CNAMEfp-vp-nocache.ec.azureedge.netfp-vp-nocache.ec.azureedge.netIN CNAMEcs9.wpc.v0cdn.netcs9.wpc.v0cdn.netIN A72.21.81.200
-
GEThttps://fp-vp-nocache.azureedge.net/apc/trans.gif?af999370017b958a7996726ee76c03afRemote address:72.21.81.200:443RequestGET /apc/trans.gif?af999370017b958a7996726ee76c03af HTTP/2.0
host: fp-vp-nocache.azureedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: s-maxage=86400
content-md5: MlRyYBVx8x4b8AZ0w2jTNQ==
content-type: image/gif
date: Sat, 24 Sep 2022 19:36:44 GMT
etag: 0x8D57E3C9594BD94
last-modified: Tue, 27 Feb 2018 23:48:21 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-azure-ref: 0TVwvYwAAAADP8KttXhmfQq2mTJ62s/gjRVdSMzExMDAwMTEwMDMxADg0NTc1NjhlLWFmNGItNGZhMC04ZTcwLWZiNTFkMzVlY2I0Yg==
x-azure-ref-originshield: 0GsYuYwAAAABuCQxfNjiFTpvff9SR/cArRVdSMzBFREdFMDUxNQA4NDU3NTY4ZS1hZjRiLTRmYTAtOGU3MC1mYjUxZDM1ZWNiNGI=
x-cache: TCP_HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-meta-cbmodifiedtime: Mon, 08 Feb 2016 20:57:42 GMT
x-ms-request-id: 04390059-801e-0032-30a5-cf1fdd000000
x-ms-version: 2009-09-19
content-length: 43
-
GEThttps://fp-vp-nocache.azureedge.net/apc/trans.gif?d2ee7a48d56cc75a853ffa63d4d52854Remote address:72.21.81.200:443RequestGET /apc/trans.gif?d2ee7a48d56cc75a853ffa63d4d52854 HTTP/2.0
host: fp-vp-nocache.azureedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: s-maxage=86400
content-md5: MlRyYBVx8x4b8AZ0w2jTNQ==
content-type: image/gif
date: Sat, 24 Sep 2022 19:36:44 GMT
etag: 0x8D57E3C9594BD94
last-modified: Tue, 27 Feb 2018 23:48:21 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-azure-ref: 0TVwvYwAAAABPtDqg7asuRJ1seRc+nNabRVdSMzExMDAwMTA5MDExADg0NTc1NjhlLWFmNGItNGZhMC04ZTcwLWZiNTFkMzVlY2I0Yg==
x-azure-ref-originshield: 0M0MuYwAAAACfkq8vCDubTa3frHfbAc0rRVdSMzBFREdFMDYwOAA4NDU3NTY4ZS1hZjRiLTRmYTAtOGU3MC1mYjUxZDM1ZWNiNGI=
x-cache: TCP_HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-meta-cbmodifiedtime: Mon, 08 Feb 2016 20:57:42 GMT
x-ms-request-id: 04390059-801e-0032-30a5-cf1fdd000000
x-ms-version: 2009-09-19
content-length: 43
-
209.197.3.8:80
-
2.18.109.224:443 -
209.197.3.8:80
-
209.197.3.8:80
-
204.79.197.200:443www.bing.comtls, https
-
13.107.3.254:443https://segments-s.msedge.net/apc/trans.gif?c37c401d928725560c4753f28a5d58e3tls, http2
HTTP Request
GET https://segments-s.msedge.net/apc/trans.gif?025fbdeeb3d3f2ce8abffd84fc3a380fHTTP Response
200HTTP Request
GET https://segments-s.msedge.net/apc/trans.gif?c37c401d928725560c4753f28a5d58e3HTTP Response
200 -
72.21.81.200:443https://fp-vp-nocache.azureedge.net/apc/trans.gif?d2ee7a48d56cc75a853ffa63d4d52854tls, http2
HTTP Request
GET https://fp-vp-nocache.azureedge.net/apc/trans.gif?af999370017b958a7996726ee76c03afHTTP Response
200HTTP Request
GET https://fp-vp-nocache.azureedge.net/apc/trans.gif?d2ee7a48d56cc75a853ffa63d4d52854HTTP Response
200
-
8.8.8.8:53segments-s.msedge.netdns
DNS Request
segments-s.msedge.net
DNS Response
13.107.3.254
-
8.8.8.8:53fp-vp-nocache.azureedge.netdns
DNS Request
fp-vp-nocache.azureedge.net
DNS Response
72.21.81.200
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
324KB