Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

NEAS.39522...a0.exe

windows7-x64

3

NEAS.39522...a0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2023, 09:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.395221bae4a623c23642b9a5679fb3a0.exe

  • Size

    472KB

  • MD5

    395221bae4a623c23642b9a5679fb3a0

  • SHA1

    b2ccf43c7b0f0e921f5f26e6c55b7b133d990ef2

  • SHA256

    642d92707a17486cca27cb78148dc78352a4d975c52cea7455910f50aca8c3bd

  • SHA512

    3b4d2c9d0ea7aec504636154f0b03a4faff99094dbef0fb81d30175123f563f7a09760aacd493a1e3df98d79af23cf97b229ceeeac916a725a252ed49fb6ae65

  • SSDEEP

    3072:g8RinudiP52xx67lLdpiHDotAxUtB1XKhJ11upJvYGTQ3jmpdv2:FkgiPA6RHPtAxOahdOJvv0TaO

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.395221bae4a623c23642b9a5679fb3a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.395221bae4a623c23642b9a5679fb3a0.exe"
    1⤵
      PID:3500
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 224
        2⤵
        • Program crash
        PID:4848
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3500 -ip 3500
      1⤵
        PID:1816

      Network

      • flag-us
        DNS
        73.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        163.252.72.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        163.252.72.23.in-addr.arpa
        IN PTR
        Response
        163.252.72.23.in-addr.arpa
        IN PTR
        a23-72-252-163deploystaticakamaitechnologiescom
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.1.85.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.1.85.104.in-addr.arpa
        IN PTR
        Response
        198.1.85.104.in-addr.arpa
        IN PTR
        a104-85-1-198deploystaticakamaitechnologiescom
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        68.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        254.1.248.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        254.1.248.8.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 582460
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0200D4965CA44715815DB4771E2F7A56 Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:47 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 220516
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 745D4A71DFB34B058434BFB147D60AB4 Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:47 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 541836
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: B0F047D96EB4453C803FCE94A0C88714 Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:47 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 242979
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 03D029FBC62C478A99CCEF0C7793A9DA Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:47 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 563338
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 5251819A427D4A8789646118D49BA29D Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:47 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 463918
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 94828DB0CE3B441C9EB2A81923DFAF26 Ref B: BRU30EDGE0922 Ref C: 2023-11-12T09:57:48Z
        date: Sun, 12 Nov 2023 09:57:48 GMT
      • flag-us
        DNS
        104.193.132.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.193.132.51.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        104.1kB
         2.7MB
         1963
        1961

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 8.8.8.8:53
        73.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        73.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        163.252.72.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        163.252.72.23.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        198.1.85.104.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        198.1.85.104.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        68.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        68.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        254.1.248.8.in-addr.arpa
        dns
        70 B
         124 B
         1
        1

        DNS Request

        254.1.248.8.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        104.193.132.51.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        104.193.132.51.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3500-0-0x0000000000400000-0x0000000000476000-memory.dmp

        Filesize

        472KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.