Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3e227c4f87...fd.exe

windows7-x64

7

3e227c4f87...fd.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 21:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e227c4f87cd87a8ce5f55aabf1be9fd.exe

  • Size

    316KB

  • MD5

    3e227c4f87cd87a8ce5f55aabf1be9fd

  • SHA1

    527cd2035b0c820906a38b5607939c9f3c8eaac5

  • SHA256

    16cfd24009facb5b042fdeb1729c528bd718224b2952aac4068e633eaf33015c

  • SHA512

    9d21b883febdb61dcf42e3c35cbefab9aec722a43a7a1f1069e32a3a748261631161cd128913c4638c52d7eebe59f7e498c09ea48a4869dde7968011914cf12e

  • SSDEEP

    6144:wRsZwBAllS+PuDsI+fwkaiCqtBrQcfUflEhOK9bx6r4JI0T:wRYBWsI+fva9qfrQCvOK9bxyuhT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e227c4f87cd87a8ce5f55aabf1be9fd.exe
    "C:\Users\Admin\AppData\Local\Temp\3e227c4f87cd87a8ce5f55aabf1be9fd.exe"
    1⤵
      PID:1396
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 600
        2⤵
        • Program crash
        PID:1704
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1396 -ip 1396
      1⤵
        PID:4132

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=04AF2405C4616771103737F3C5DA663A; domain=.bing.com; expires=Wed, 22-Jan-2025 14:45:06 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2620C4772F1B4086B6CA60F4034777C1 Ref B: LON04EDGE0810 Ref C: 2023-12-29T14:45:06Z
        date: Fri, 29 Dec 2023 14:45:05 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=04AF2405C4616771103737F3C5DA663A
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=faUV4Jchb3rj4_d3PZIWyVDkEMQGPj4ux1HeSvAL8Fo; domain=.bing.com; expires=Wed, 22-Jan-2025 14:45:06 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2DD3B11E74A94973A284FE99646144A9 Ref B: LON04EDGE0810 Ref C: 2023-12-29T14:45:06Z
        date: Fri, 29 Dec 2023 14:45:06 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=04AF2405C4616771103737F3C5DA663A; MSPTC=faUV4Jchb3rj4_d3PZIWyVDkEMQGPj4ux1HeSvAL8Fo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3FA0DE1D82B44E328742C99F7E5D0D96 Ref B: LON04EDGE0810 Ref C: 2023-12-29T14:45:06Z
        date: Fri, 29 Dec 2023 14:45:06 GMT
      • flag-us
        DNS
        2.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        179.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        179.178.17.96.in-addr.arpa
        IN PTR
        Response
        179.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-179deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        167.109.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        167.109.18.2.in-addr.arpa
        IN PTR
        Response
        167.109.18.2.in-addr.arpa
        IN PTR
        a2-18-109-167deploystaticakamaitechnologiescom
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        31.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.243.111.52.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        tls, http2
        2.0kB
         9.4kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ee06e6e39234f0fbe13aa8ee64564d2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204
      • 138.91.171.81:80
        46 B
         1
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        2.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        179.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        179.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        241.154.82.20.in-addr.arpa

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        205.47.74.20.in-addr.arpa

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        167.109.18.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        167.109.18.2.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        140 B
         144 B
         2
        1

        DNS Request

        18.31.95.13.in-addr.arpa

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        31.243.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        31.243.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1396-0-0x0000000000720000-0x0000000000721000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1396-1-0x0000000001000000-0x00000000010B7000-memory.dmp

        Filesize

        732KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.