Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 22:44 UTC
Static task
static1
Behavioral task
behavioral1
Sample
15e239ac4d2f21ee8257f791f3cafa53308aae9932876e7f053097e02b2cef09.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
15e239ac4d2f21ee8257f791f3cafa53308aae9932876e7f053097e02b2cef09.exe
Resource
win10v2004-20231215-en
General
-
Target
15e239ac4d2f21ee8257f791f3cafa53308aae9932876e7f053097e02b2cef09.exe
-
Size
212KB
-
MD5
f1853b1974c2992788f6d1ff2da255db
-
SHA1
9ef38aa5f64289043d32cea8ffb662d4e7a07bd2
-
SHA256
15e239ac4d2f21ee8257f791f3cafa53308aae9932876e7f053097e02b2cef09
-
SHA512
b3ba05d2e23d15c94b34c61f3e6d3fd3345c2039edaf7a86a4c19e1731e2b6c30a775ef089b53a7672cfd0749c0f744f827c5b8fd8f7140c659d5cd54066c5b9
-
SSDEEP
384:/TaIBq7xbYBNicP+E4D2gCl+4862IXkoXgaBaci+0nsFOscLlp+a7ePBq7xbYBNH:/+i0xRV2N38vIXkOganMsFOx7eZ0xR
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1756 15e239ac4d2f21ee8257f791f3cafa53308aae9932876e7f053097e02b2cef09.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=210D942D74EC6C1E3ABC87DB75CB6DC9; domain=.bing.com; expires=Wed, 22-Jan-2025 22:44:42 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DA6E0594B809485CBA791D20E4712E44 Ref B: LON04EDGE0606 Ref C: 2023-12-29T22:44:42Z
date: Fri, 29 Dec 2023 22:44:42 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=210D942D74EC6C1E3ABC87DB75CB6DC9
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=viuwliZ7Dv1xN_LiQ_DfpVBeAqEzopFQ2ZnmZYAIAlg; domain=.bing.com; expires=Wed, 22-Jan-2025 22:44:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6CE099E4C4E748FFA63E149CAECB7AFC Ref B: LON04EDGE0606 Ref C: 2023-12-29T22:44:43Z
date: Fri, 29 Dec 2023 22:44:43 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=210D942D74EC6C1E3ABC87DB75CB6DC9; MSPTC=viuwliZ7Dv1xN_LiQ_DfpVBeAqEzopFQ2ZnmZYAIAlg
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C5932E467BF4EFAADECBC52D7C92E31 Ref B: LON04EDGE0606 Ref C: 2023-12-29T22:44:43Z
date: Fri, 29 Dec 2023 22:44:43 GMT
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request208.194.73.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 476492
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 82F643A14351448FB496D993895C9741 Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:23Z
date: Fri, 29 Dec 2023 22:46:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301401_1XGW1M12B4WHFUL40&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301401_1XGW1M12B4WHFUL40&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 340835
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D650A06019D7499E90D1C131137ECB90 Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:23Z
date: Fri, 29 Dec 2023 22:46:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300968_1TBBEB34P4CM6N716&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300968_1TBBEB34P4CM6N716&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 405009
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 588B231D06C24C39B7683C0289870048 Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:23Z
date: Fri, 29 Dec 2023 22:46:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301083_1PXGY6POAOL5LWW3H&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301083_1PXGY6POAOL5LWW3H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 483654
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BB507E5A40B64C5CBCEFD2B0443675AB Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:23Z
date: Fri, 29 Dec 2023 22:46:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 354107
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7BAAB2575E7B4C65B6A1928EA6E2C009 Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:23Z
date: Fri, 29 Dec 2023 22:46:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301516_1PSF19EAOV9A2LZID&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301516_1PSF19EAOV9A2LZID&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 419216
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41CDE73B10B042499CF326B84870B901 Ref B: LON04EDGE1106 Ref C: 2023-12-29T22:46:25Z
date: Fri, 29 Dec 2023 22:46:24 GMT
-
Remote address:8.8.8.8:53Request8.173.189.20.in-addr.arpaIN PTRResponse
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=tls, http22.3kB 9.3kB 23 17
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f1b6e1b601ac4e9d8361b0a5bb9dd5df&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=HTTP Response
204 -
104 B 2
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301516_1PSF19EAOV9A2LZID&pid=21.2&w=1080&h=1920&c=4tls, http291.7kB 2.6MB 1901 1897
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301401_1XGW1M12B4WHFUL40&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300968_1TBBEB34P4CM6N716&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301083_1PXGY6POAOL5LWW3H&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301516_1PSF19EAOV9A2LZID&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.3kB 8.7kB 17 14
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
208.194.73.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
21.177.190.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
140 B 144 B 2 1
DNS Request
18.31.95.13.in-addr.arpa
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
213 B 116 B 3 1
DNS Request
0.204.248.87.in-addr.arpa
DNS Request
0.204.248.87.in-addr.arpa
DNS Request
0.204.248.87.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
71 B 157 B 1 1
DNS Request
8.173.189.20.in-addr.arpa