Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2099f02c0b...0e0.js

windows7-x64

1

2099f02c0b...0e0.js

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 13:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2099f02c0b37b037a3ecda33493560e0.js

  • Size

    215KB

  • MD5

    2099f02c0b37b037a3ecda33493560e0

  • SHA1

    c477bb5c9571140b1145eb9fb6ff8e445c4b8a3e

  • SHA256

    0923d37616951390273b46df2ab7882ec7793000c525905a2aa9d7c0d7fe5cae

  • SHA512

    7554b5c5bf9aeb875eba75cac224651596811289610e1df1837ac7598eb5c32ea0c34209d9274502f7d6369951f08756364a3aeb8de13b6405ebc87ba0da2a71

  • SSDEEP

    3072:T93hMPk1/AwOT7XVAi2m2HLMCLSYBAhbC+7ynKe5:nM81/rO3XVAi24CLSX9N7ynD

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\2099f02c0b37b037a3ecda33493560e0.js
    1⤵
      PID:1428

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      148.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      148.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=372237F254CB6E8E1679240155EC6FC6; domain=.bing.com; expires=Sun, 19-Jan-2025 05:33:20 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 24BD710B05A94E5CA3FDB4B2FE24385E Ref B: LON04EDGE0713 Ref C: 2023-12-26T05:33:20Z
      date: Tue, 26 Dec 2023 05:33:19 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=372237F254CB6E8E1679240155EC6FC6
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=UwmORpW0yoxxpFqkzVDjaYgVtmbolNRfL-CIMu1Jg40; domain=.bing.com; expires=Sun, 19-Jan-2025 05:33:20 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 40644601BEA44269AB85F290F469C05F Ref B: LON04EDGE0713 Ref C: 2023-12-26T05:33:20Z
      date: Tue, 26 Dec 2023 05:33:20 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=372237F254CB6E8E1679240155EC6FC6; MSPTC=UwmORpW0yoxxpFqkzVDjaYgVtmbolNRfL-CIMu1Jg40
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E95A43496E1146BFB9395F97AD7B587F Ref B: LON04EDGE0713 Ref C: 2023-12-26T05:33:20Z
      date: Tue, 26 Dec 2023 05:33:20 GMT
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      79.121.231.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.121.231.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.1.37.23.in-addr.arpa
      IN PTR
      Response
      183.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-183deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      27.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      27.134.221.88.in-addr.arpa
      IN PTR
      Response
      27.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-27deploystaticakamaitechnologiescom
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
      tls, http2
      2.5kB
       9.4kB
       23
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=96e0f01cdf8449959bc5791f53cef8d7&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

      HTTP Response

      204
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 96.16.110.114:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.27:80
    • 88.221.134.18:80
    • 52.111.227.11:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
      g.bing.com
      35.1kB
       1.0MB
       722
      720
    • 204.79.197.200:443
      g.bing.com
      46 B
       1
    • 13.107.21.200:443
      g.bing.com
      46 B
       1
    • 13.107.21.200:443
      g.bing.com
      tls
      331 B
       2
    • 13.107.21.200:443
      g.bing.com
      tls
      224 B
       2
    • 8.8.8.8:53
      g.bing.com
      dns
      112 B
       158 B
       2
      1

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      148.177.190.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      148.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      79.121.231.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      79.121.231.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      219 B
       147 B
       3
      1

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      183.1.37.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      183.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      27.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      27.134.221.88.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.