Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1670s -
max time network
1159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 00:11 UTC
Behavioral task
behavioral1
Sample
installer ransom.zip
Resource
win10v2004-20230915-en
Behavioral task
behavioral2
Sample
F5C67FE00B4CBEE07D5E394C87F0C6224BBD841A92151.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
installer.exe
Resource
win10v2004-20230915-en
General
-
Target
installer ransom.zip
-
Size
9.5MB
-
MD5
55b609f1b1e34ba7a15dc26230542c31
-
SHA1
bd207155a140ffe99b2590eb2e8299a43692d267
-
SHA256
c0de854beca2956dd746a30d6006e1f1796fd86ea3accc24710e968b19408b4e
-
SHA512
586584bbb016223b6bc5520ed918619c43d5d993a5f928e6118ce8a3ee90770bca5091a72f0fa5b846f29e027241f56d96d0b7d59cb0ebf014dd48a96d39e46f
-
SSDEEP
196608:e+nWPwWc5/7WOoLKp8XCy77nL18DjReaJ9kTpcyTT/97:fWPQ0ZLO4LSRr9ktcyTT/h
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request38.148.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request27.73.42.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request254.1.248.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.57.101.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 459022
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 39ADD0F4D5084FF490D1E0D6BD89590F Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:47Z
date: Thu, 12 Oct 2023 00:28:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 520001
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 435E0609437F4E91BA901905E825A3DD Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:47Z
date: Thu, 12 Oct 2023 00:28:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301270_109LLK49RPAQ4S26W&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301270_109LLK49RPAQ4S26W&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 350318
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F7EBF6FD2564EA9A685482206DCF3ED Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:47Z
date: Thu, 12 Oct 2023 00:28:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 373081
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0FA42C1DC0FF4280891CBD20D874901C Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:47Z
date: Thu, 12 Oct 2023 00:28:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301679_1Z16BCMU2PFLXXWGJ&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301679_1Z16BCMU2PFLXXWGJ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 464282
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38449CA496D145BDA27F938C215275C9 Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:47Z
date: Thu, 12 Oct 2023 00:28:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 404022
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FFB783FA4EC6480097A3295846EF7ACC Ref B: DUS30EDGE0318 Ref C: 2023-10-12T00:28:50Z
date: Thu, 12 Oct 2023 00:28:49 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request226.162.46.104.in-addr.arpaIN PTRResponse
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4tls, http2107.9kB 2.7MB 1948 1944
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301270_109LLK49RPAQ4S26W&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301679_1Z16BCMU2PFLXXWGJ&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4HTTP Response
200
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
38.148.119.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
27.73.42.20.in-addr.arpa
-
70 B 124 B 1 1
DNS Request
254.1.248.8.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.57.101.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
360 B 5
DNS Request
21.236.111.52.in-addr.arpa
DNS Request
21.236.111.52.in-addr.arpa
DNS Request
21.236.111.52.in-addr.arpa
DNS Request
21.236.111.52.in-addr.arpa
DNS Request
21.236.111.52.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
226.162.46.104.in-addr.arpa