Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Malware-da...00.exe

windows7-x64

Malware-da...00.exe

windows10-2004-x64

Malware-da...ws.exe

windows7-x64

6

Malware-da...ws.exe

windows10-2004-x64

6

Malware-da...as.exe

windows7-x64

1

Malware-da...as.exe

windows10-2004-x64

1

Malware-da...ck.exe

windows7-x64

1

Malware-da...ck.exe

windows10-2004-x64

1

Malware-da...V2.exe

windows7-x64

10

Malware-da...V2.exe

windows10-2004-x64

10

Malware-da...er.exe

windows7-x64

1

Malware-da...er.exe

windows10-2004-x64

1

Malware-da...ICENSE

windows7-x64

1

Malware-da...ICENSE

windows10-2004-x64

1

Malware-da...an.exe

windows7-x64

1

Malware-da...an.exe

windows10-2004-x64

1

Malware-da...up.exe

windows7-x64

1

Malware-da...up.exe

windows10-2004-x64

1

Malware-da...nt.exe

windows7-x64

Malware-da...nt.exe

windows10-2004-x64

Malware-da...DME.md

windows7-x64

3

Malware-da...DME.md

windows10-2004-x64

3

Malware-da...ye.exe

windows7-x64

Malware-da...ye.exe

windows10-2004-x64

Malware-da...ry.exe

windows7-x64

10

Malware-da...ry.exe

windows10-2004-x64

10

Malware-da...op.exe

windows7-x64

7

Malware-da...op.exe

windows10-2004-x64

7

Resubmissions

27/05/2024, 22:11 UTC

240527-14ae9ada43 10

27/05/2024, 21:15 UTC

240527-z3zhbabd59 10

13/02/2024, 12:11 UTC

240213-pcwzdshd2w 10

13/02/2024, 12:08 UTC

240213-pa6qtahc7y 10

18/12/2023, 08:13 UTC

231218-j4g2nabaf5 10

05/12/2023, 08:54 UTC

231205-kt32taae27 10

05/12/2023, 07:41 UTC

231205-jjdthahh6w 10

05/12/2023, 07:38 UTC

231205-jgmcvshh5x 10

26/11/2023, 09:39 UTC

231126-lmxf5agd87 10

Analysis

  • max time kernel
    116s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/12/2023, 08:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware-database-main/CookieClickerHack.exe

  • Size

    68KB

  • MD5

    bc1e7d033a999c4fd006109c24599f4d

  • SHA1

    b927f0fc4a4232a023312198b33272e1a6d79cec

  • SHA256

    13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

  • SHA512

    f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

  • SSDEEP

    768:bhU+D/no2u+6JaAcNRFJ67Pn975JqiG6BwUqdVBF+G2JOnCC6G2JOtCCm:bhjDIrU0h5Jqi7qzb2ICCb26CCm

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malware-database-main\CookieClickerHack.exe
    "C:\Users\Admin\AppData\Local\Temp\Malware-database-main\CookieClickerHack.exe"
    1⤵
      PID:4316

    Network

    • flag-us
      DNS
      6.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      6.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      175.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      175.178.17.96.in-addr.arpa
      IN PTR
      Response
      175.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-175deploystaticakamaitechnologiescom
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=06F7191E3F7361FB25BA0AF53E546022; domain=.bing.com; expires=Sat, 11-Jan-2025 08:14:33 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 81B7A9576C7849B3B42CFAE99891EF2C Ref B: LON04EDGE0610 Ref C: 2023-12-18T08:14:33Z
      date: Mon, 18 Dec 2023 08:14:32 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=06F7191E3F7361FB25BA0AF53E546022
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=JGFRnlp_4p21BN4DsedCrjaa-tK5bhMkgJZHVI96j74; domain=.bing.com; expires=Sat, 11-Jan-2025 08:14:33 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CEA3DE833E6944C69B34EFF4247FD0C2 Ref B: LON04EDGE0610 Ref C: 2023-12-18T08:14:33Z
      date: Mon, 18 Dec 2023 08:14:33 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=06F7191E3F7361FB25BA0AF53E546022; MSPTC=JGFRnlp_4p21BN4DsedCrjaa-tK5bhMkgJZHVI96j74
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 05FE4F8390304F6FBDBB885232176951 Ref B: LON04EDGE0610 Ref C: 2023-12-18T08:14:33Z
      date: Mon, 18 Dec 2023 08:14:33 GMT
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
      Response
      187.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-187deploystaticakamaitechnologiescom
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
      tls, http2
      2.0kB
       9.4kB
       21
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b45e64ad4d394364998f86e9be879dbf&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      6.181.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      6.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      175.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      175.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      41.110.16.96.in-addr.arpa

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      187.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      187.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4316-1-0x00007FFFAAE90000-0x00007FFFAB831000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4316-0-0x000000001B800000-0x000000001B8A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4316-2-0x000000001BD80000-0x000000001C24E000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/4316-3-0x000000001C3B0000-0x000000001C44C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4316-4-0x00007FFFAAE90000-0x00007FFFAB831000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4316-5-0x00000000010F0000-0x0000000001100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4316-7-0x000000001C510000-0x000000001C55C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4316-6-0x000000001C250000-0x000000001C258000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4316-8-0x00000000010F0000-0x0000000001100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4316-9-0x00007FFFAAE90000-0x00007FFFAB831000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4316-10-0x00007FFFAAE90000-0x00007FFFAB831000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4316-11-0x00000000010F0000-0x0000000001100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4316-12-0x00000000010F0000-0x0000000001100000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.