Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

191653fa2b...cf.exe

windows7-x64

3

191653fa2b...cf.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 23:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    191653fa2bf8eaf8e88065f6c0e01fcf.exe

  • Size

    202KB

  • MD5

    191653fa2bf8eaf8e88065f6c0e01fcf

  • SHA1

    a809bd060b5ad85d3fa080094c36b67da667a631

  • SHA256

    21fa73e927c871162b2b1cf5d4a5d431e3deff80dbd81d2b5c2243e485608f43

  • SHA512

    8fb0a4e8ab7c85a3c9f438a2a5ce11c9c75b188cbdb6b78be0c6ba5f8e301518a123e8ae123920569349bbd390a0b7764d99779e5aab5d5c3a5cd0cc8f018ab5

  • SSDEEP

    3072:BFaNOEksFuGj6YaFph/f2qHCpG/1WGK8OWQx2Hvag88Sx7NUMs8m0Jiu6/Ggv/a:qOEfum6/VcbR1mnu6/G8y

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191653fa2bf8eaf8e88065f6c0e01fcf.exe
    "C:\Users\Admin\AppData\Local\Temp\191653fa2bf8eaf8e88065f6c0e01fcf.exe"
    1⤵
      PID:3768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 344
        2⤵
        • Program crash
        PID:5032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3768 -ip 3768
      1⤵
        PID:1428

      Network

      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0AC4C99222006E0D2006DA6023E06F94; domain=.bing.com; expires=Sat, 18-Jan-2025 06:34:31 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DB7B51E67A7F4EBD896D36277FC0417D Ref B: LON04EDGE1122 Ref C: 2023-12-25T06:34:31Z
        date: Mon, 25 Dec 2023 06:34:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0AC4C99222006E0D2006DA6023E06F94
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=CKeryjN4bY_LSP1EGdqZ9fY1WFUKEtwIp463a0fAQE8; domain=.bing.com; expires=Sat, 18-Jan-2025 06:34:31 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 39337B0928B146E3B56A48B71CF061DB Ref B: LON04EDGE1122 Ref C: 2023-12-25T06:34:31Z
        date: Mon, 25 Dec 2023 06:34:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0AC4C99222006E0D2006DA6023E06F94; MSPTC=CKeryjN4bY_LSP1EGdqZ9fY1WFUKEtwIp463a0fAQE8
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DD3309EC342F4FBA809794DE587E3227 Ref B: LON04EDGE1122 Ref C: 2023-12-25T06:34:31Z
        date: Mon, 25 Dec 2023 06:34:31 GMT
      • flag-us
        DNS
        194.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        194.178.17.96.in-addr.arpa
        IN PTR
        Response
        194.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-194deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        tls, http2
        2.3kB
         10.4kB
         24
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=cffcf59a2dc94c879ace946295b83071&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204
      • 13.85.23.86:443
      • 96.16.110.41:443
      • 13.85.23.86:443
      • 4.231.128.59:443
      • 4.231.128.59:443
      • 4.231.128.59:443
      • 13.85.23.86:443
      • 13.85.23.86:443
      • 13.85.23.86:443
      • 13.85.23.86:443
      • 88.221.134.18:80
      • 92.123.241.104:80
      • 92.123.241.104:80
      • 20.54.110.119:443
      • 88.221.134.18:80
      • 88.221.134.18:80
      • 88.221.134.18:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 88.221.134.18:80
      • 88.221.135.217:80
      • 96.16.110.114:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 138.91.171.81:80
      • 88.221.135.217:80
      • 96.16.110.114:80
      • 88.221.135.217:80
      • 96.17.178.174:80
      • 88.221.135.217:80
      • 96.17.178.174:80
      • 138.91.171.81:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 93.184.221.240:80
        92 B
         40 B
         2
        1
      • 88.221.134.32:80
      • 88.221.135.217:80
      • 88.221.135.217:80
      • 96.17.178.174:80
      • 88.221.134.32:80
      • 96.17.178.174:80
      • 93.184.221.240:80
        92 B
         40 B
         2
        1
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 93.184.221.240:80
        92 B
         40 B
         2
        1
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 20.103.156.88:443
      • 88.221.134.32:80
      • 88.221.134.32:80
        308 B
         4.4kB
         6
        6
      • 88.221.134.32:80
        8.7kB
         220.8kB
         143
        159
      • 88.221.134.32:80
      • 88.221.134.32:80
      • 88.221.134.32:80
        7.6kB
         179.9kB
         115
        132
      • 138.91.171.81:80
      • 88.221.134.32:80
        92 B
         40 B
         2
        1
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 204.79.197.200:443
        g.bing.com
        tls
        547 B
         649 B
         6
        5
      • 204.79.197.200:443
        g.bing.com
        tls
        23.8kB
         649.4kB
         466
        469
      • 204.79.197.200:443
        g.bing.com
        tls
        547 B
         649 B
         6
        5
      • 204.79.197.200:443
        g.bing.com
        tls
        547 B
         649 B
         6
        5
      • 204.79.197.200:443
        g.bing.com
        tls
        547 B
         649 B
         6
        5
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.176:80
      • 88.221.134.18:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        194.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        194.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        21.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        21.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3768-0-0x0000000000B20000-0x0000000000B2A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3768-1-0x0000000000B20000-0x0000000000B2A000-memory.dmp

        Filesize

        40KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.