Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

feb3460a4d...6a.exe

windows7-x64

1

feb3460a4d...6a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2023, 03:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feb3460a4d00b8021ff246d3eeb7dff211cf9f94b2d75920baac6c7524acfb6a.exe

  • Size

    14.4MB

  • MD5

    df65db2a28f0b900bb10e3baef7db3fd

  • SHA1

    fc00026476d44d8c14acbc55ea70a43bfc3f2ffc

  • SHA256

    feb3460a4d00b8021ff246d3eeb7dff211cf9f94b2d75920baac6c7524acfb6a

  • SHA512

    99214b6b19697bed0082e1bf4c7d2b62e9ab821a94e71bc556a3cb7b9becacbc26a70b9fca8717377930f604403de81d677efa59f1b6bc57829f8858b2b27c43

  • SSDEEP

    196608:HvdJArIJQBQf0UySzDwuKtMVIhHfKKY8dTTqCH2LY7ek/qwmZcwWTE6BBzS:lswQBtM4tMShU8tTqCUV8qP0DL

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\feb3460a4d00b8021ff246d3eeb7dff211cf9f94b2d75920baac6c7524acfb6a.exe
    "C:\Users\Admin\AppData\Local\Temp\feb3460a4d00b8021ff246d3eeb7dff211cf9f94b2d75920baac6c7524acfb6a.exe"
    1⤵
      PID:3164

    Network

    • flag-us
      DNS
      20.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      20.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      1.208.79.178.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.208.79.178.in-addr.arpa
      IN PTR
      Response
      1.208.79.178.in-addr.arpa
      IN PTR
      https-178-79-208-1amsllnwnet
    • flag-us
      DNS
      108.211.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      108.211.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0E1E5114778860282263428076486102; domain=.bing.com; expires=Wed, 16-Oct-2024 03:45:44 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B530EE7FEDB4435FA2231364E64D2CA4 Ref B: DUS30EDGE0316 Ref C: 2023-09-22T03:45:44Z
      date: Fri, 22 Sep 2023 03:45:44 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0E1E5114778860282263428076486102
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2C03C008940B4514A787249CE8FBE9B5 Ref B: DUS30EDGE0316 Ref C: 2023-09-22T03:45:44Z
      date: Fri, 22 Sep 2023 03:45:44 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0E1E5114778860282263428076486102
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CF583FA8B8CD414F94A90935D511EB2E Ref B: DUS30EDGE0316 Ref C: 2023-09-22T03:45:44Z
      date: Fri, 22 Sep 2023 03:45:44 GMT
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.3.197.209.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.3.197.209.in-addr.arpa
      IN PTR
      Response
      8.3.197.209.in-addr.arpa
      IN PTR
      vip0x008map2sslhwcdnnet
    • flag-us
      DNS
      233.141.123.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      233.141.123.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.73.50.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.73.50.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      tls, http2
      1.9kB
       9.3kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5527e4f5bca84454b9f9582fb206fb22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      20.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      20.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      1.208.79.178.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      1.208.79.178.in-addr.arpa

    • 8.8.8.8:53
      108.211.229.192.in-addr.arpa
      dns
      74 B
       145 B
       1
      1

      DNS Request

      108.211.229.192.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      8.3.197.209.in-addr.arpa
      dns
      70 B
       111 B
       1
      1

      DNS Request

      8.3.197.209.in-addr.arpa

    • 8.8.8.8:53
      233.141.123.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      233.141.123.20.in-addr.arpa

    • 8.8.8.8:53
      9.73.50.20.in-addr.arpa
      dns
      69 B
       155 B
       1
      1

      DNS Request

      9.73.50.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3164-1-0x0000000000400000-0x0000000001269000-memory.dmp

      Filesize

      14.4MB

      Download

    • memory/3164-0-0x0000000000400000-0x0000000001269000-memory.dmp

      Filesize

      14.4MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.